Skip to content

fix(commons/external_dns): use only the crd source, drop unused gateway-httproute#423

Open
davidf-null wants to merge 1 commit into
mainfrom
feat/external-dns-crd-source-only
Open

fix(commons/external_dns): use only the crd source, drop unused gateway-httproute#423
davidf-null wants to merge 1 commit into
mainfrom
feat/external-dns-crd-source-only

Conversation

@davidf-null

@davidf-null davidf-null commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

What

Configures the commons/external_dns module to use only the crd source, removing the gateway-httproute source and every reference tied to it. This reverts the default introduced in #282.

Changes

  • variables.tf: sources default ["crd", "gateway-httproute"]["crd"].
  • locals.tf: remove the gateway.networking.k8s.io (gateways/httproutes) RBAC additionalPermissions block — it only existed to serve the gateway-httproute source. The externaldns.k8s.io/dnsendpoints RBAC is kept, since that is the CRD the crd source reads.
  • tests/external_dns_aws.tftest.hcl: two new runs locking in the new behavior — default_sources_is_crd_only and rbac_has_no_gateway_permissions.
  • README.md: documented default updated.

Verification

  • tofu fmt -check -recursive → clean
  • tofu validate → Success
  • tofu test48 passed, 0 failed (46 pre-existing + 2 new)
  • No remaining references to gateway/httproute in the module or tests.

Impact

No functional impact. No consumer relies on the gateway-httproute source, so no existing deployment changes behavior on the next apply. sources remains overridable for any future need. Not a breaking change.

Note: the AI_METADATA hash in the README is regenerated by the publish tooling; content was updated by hand.

🤖 Generated with Claude Code

…ay-httproute

external-dns is configured to consume only the crd source by default. The
gateway-httproute source and its associated RBAC (gateway.networking.k8s.io
gateways/httproutes) are removed, since they only served that source and no
consumer uses it. This reverts the default introduced in #282; the dnsendpoints
RBAC is kept because it is the CRD the crd source relies on.

- variables.tf: sources default ["crd", "gateway-httproute"] -> ["crd"]
- locals.tf: drop the gateway.networking.k8s.io RBAC additionalPermissions
- tests: lock in the crd-only default and the absence of gateway RBAC
- README.md: update documented default

No functional impact: no consumer relies on the gateway-httproute source, so
existing deployments are unaffected.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@davidf-null davidf-null force-pushed the feat/external-dns-crd-source-only branch from 5852d91 to e852136 Compare July 1, 2026 19:22
@davidf-null davidf-null changed the title feat(commons/external_dns)!: use only the crd source, drop gateway-httproute fix(commons/external_dns): use only the crd source, drop unused gateway-httproute Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant