Adds cmd flag for controlling if authoritative dns servers are used to
check RR propagation or just normal resolvers.
This change is added so that constrained enviornments can control more
aspects of DNS queries performed.
- Applying PR feedback
Signed-off-by: Thomas Miller <thomas@tlm.id.au>
Improve logging in the case where the Service Account Secret is
loaded, but the Key is not found.
Previous behaviour was to fail without giving much help as to
why.
New behaviour confirms the key name and namespace/secret-name.
FIXES: 539
This implements ambient credential support for AWS, gated behind flags
for issuers and cluster issuers.
This adds the pair of flags discussed in
https://github.com/jetstack/cert-manager/issues/308.
It provides an implementation for those flag's effects for the route53
solver.
This change maintains backwards compatibility, but makes the `accessKeyID` and `secretAccessKeySecretRef` fields of the `route53` DNS provider optional.
If not provided, AWS credentials will be loaded from `AWS_*` environment variables or the EC2 metadata service.
This should also work for things that impersonate the EC2 metadata service, such as [kube2iam](https://github.com/jtblin/kube2iam) and [kail](https://github.com/uswitch/kiam).
Signed-off-by: Matt Moyer <moyer@heptio.com>
Previously, each provider's package-level 'New' function was being
called.
That made mocking it out for a different function that records data or
returns different output quite difficult.
This PR introduces an additional layer of abstraction in the form of
effectively a vtable struct for the dns providers. It's defaulted to the
same package-level constructors as before, but unit tests in the dns
package can easily override it.
A new test for the previously-introduced route53 trimming behavior is
also added.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Log potential errors while waiting for DNS record propagation
**What this PR does / why we need it**:
This helps debugging, e.g. if there are network problems.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
