external-dns Encrypt TXT records

When a TXT record is created (registry txt option) by the external-dns controller it is stored in plaintext which can result in information leakage.

Example:

app.example.com. | TXT | "heritage=external-dns,external-dns/owner=default,external-dns/resource=ingress/default/app" | 300

Jan 16 '19 15:01 dklesev

I agree, this concerns me as well. Encrypting of the TXT would make using externalDNS a no brainer.

TXT record seems like a great solution, but it holds as a potential security issue, where any attacker would know that externalDNS is used, and by that, ingress, and K8S, and would know the internal ingress name.

Apr 20 '19 20:04 yardensachs

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale

Jul 19 '19 21:07 fejta-bot

unstale plz

Jul 20 '19 22:07 yardensachs

/remove-lifecycle stale

Jul 21 '19 18:07 dklesev

I agree. Depending on what you run in the cluster exposing namespaces and names of Ingresses and Services could indeed lead to some leakage of confidential data.

I have a work in progress for encrypting TXT values: https://github.com/kubernetes-incubator/external-dns/pull/1115. Let me know what you think.

Jul 23 '19 16:07 linki

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale

Oct 21 '19 17:10 fejta-bot

/remove-lifecycle stale

Oct 24 '19 12:10 Evesy

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale

Jan 22 '20 13:01 fejta-bot

/remove-lifecycle stale

Feb 20 '20 03:02 yardensachs

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale

May 20 '20 03:05 fejta-bot

/remove-lifecycle stale

Jun 02 '20 19:06 yardensachs

/kind feature

Aug 13 '20 13:08 seanmalloy

This almost happened, what is this missing to go into the controller?

Sep 21 '20 05:09 yardensachs

This almost happened, what is this missing to go into the controller?

We need someone to help review pull request https://github.com/kubernetes-sigs/external-dns/pull/1538

Sep 21 '20 19:09 seanmalloy

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale

Dec 20 '20 19:12 fejta-bot

/remove-lifecycle stale

Dec 22 '20 05:12 yardensachs

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale

Mar 22 '21 05:03 fejta-bot

/remove-lifecycle stale

Mar 23 '21 03:03 yardensachs

we must keep it alive everyone!

Mar 23 '21 03:03 yardensachs

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale

Jun 21 '21 04:06 fejta-bot

/remove-lifecycle stale

Jun 29 '21 04:06 yardensachs

It would be good let the fix be merged

Jun 30 '21 10:06 SCLogo

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue or PR as fresh with /remove-lifecycle stale
Mark this issue or PR as rotten with /lifecycle rotten
Close this issue or PR with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

Sep 28 '21 10:09 k8s-triage-robot

/remove-lifecycle stale

Oct 21 '21 11:10 SCLogo

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue or PR as fresh with /remove-lifecycle stale
Mark this issue or PR as rotten with /lifecycle rotten
Close this issue or PR with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

Jan 19 '22 12:01 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue or PR as fresh with /remove-lifecycle rotten
Close this issue or PR with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

Feb 18 '22 12:02 k8s-triage-robot

/remove-lifecycle rotten

Feb 18 '22 14:02 SCLogo

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue or PR as fresh with /remove-lifecycle stale
Mark this issue or PR as rotten with /lifecycle rotten
Close this issue or PR with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

May 19 '22 15:05 k8s-triage-robot

/remove-lifecycle stale

May 22 '22 19:05 Evesy

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue or PR as fresh with /remove-lifecycle stale
Mark this issue or PR as rotten with /lifecycle rotten
Close this issue or PR with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

Aug 20 '22 19:08 k8s-triage-robot

external-dns external-dns copied to clipboard

Encrypt TXT records

external-dns
external-dns copied to clipboard