Only create DNS records for services explicitly annotated

[chancez]

I would like to only have explicitly annotated services to have DNS records associated with their load balancer, but if zalando.org/dnsname is not set, it will fallback to --kubernetes-format. I would prefer to have an configuration option which let's me disable this by requiring mate to only create DNS for services I explicitly tell it to.

Perhaps a flag for an annotation to use as an indicator could be used. Ex you could have an annotation zolando.org/dns.class which has a value of mate by default. This would be similar to ingress-class for the nginx ingress, which allows running multiple ingress controllers. https://github.com/kubernetes/ingress/tree/master/controllers/nginx#running-multiple-ingress-controllers

When configured, mate would only look at services with zolando.org/dns.class=mate, where mate could be something the user specifies on the controller (via a flag or env var) and on the annotation. This feature would allow for running multiple instances of mate in a single cluster, and also allows the admin to disable mate (by not setting the zolando.org/dns.class annotation) for particular services.

[linki]

Hi @chancez,

we recently implemented this feature and it's part of mate v0.6.1 but undocumented :(

Have a look at this PR: https://github.com/zalando-incubator/mate/pull/84

In a nutshell, you can configure mate to ignore all services and ingresses that are not tagged with a particular annotation and value, basically allowing exactly what you want by using

./mate ... --kubernetes-filter=zalando.org/dns.class=mate

[chancez]

Great, that would do what I want I believe then.

[ideahitme]

In all fairness, --kubernetes-filter is mentioned in the release logs of v0.6.0, however it is worth mentioning in the README as well :)

[linki]

I created an issue for the missing docs: https://github.com/zalando-incubator/mate/issues/91

@chancez let us know if usage of the flag solved your issue.

[linki]

docs for the flag https://github.com/zalando-incubator/mate/pull/92

[snoby]

I tried this functionality and my kuberntes deployment looks like this:

Args:
--producer=kubernetes
--kubernetes-format={{.Namespace}}-{{.Name}}c.tropo.com
--consumer=aws
--kubernetes-filter external-dns.alpha.kubernetes.io/controller=mate
--aws-record-group-id=mate-managed

however immediately the container goes into a back off crash loop and the only logs I get out are: 2017-03-14T19:12:49.284776893Z mate: error: unknown long flag '--kubernetes-filter external-dns.alpha.kubernetes.io/controller', try --help

Where did I screw up? I'm using release v0.6.1

[ideahitme]

missing = sign ?

[snoby]

I just double checked the Args look EXACTLY like they do in my original post.

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: mate
  namespace: kube-system
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: mate
      annotations:
        iam.amazonaws.com/role: mate-route53-role
    spec:
      containers:
      - name: mate
        image: registry.opensource.zalan.do/teapot/mate:v0.6.1
        env:
        - name: AWS_REGION
          value: us-west-2
        args:
        - --producer=kubernetes
        - --kubernetes-format={{.Namespace}}-{{.Name}}c.tropo.com
        - --consumer=aws
        - --kubernetes-filter external-dns.alpha.kubernetes.io/controller=mate
        - --aws-record-group-id=mate-managed

[ideahitme]

I meant have u tried - --kubernetes-filter="external-dns.alpha.kubernetes.io/controller=mate" ?

[snoby]

AH HA! That's what it was. I was hoping that this could help my rate limiting problem but doesn't seem too. I continually get lots that show mate is querying DNS and attempting to change records to zones that it has not business in... I'll open another bug. thanks!