Add gateway-gateway source to create DNS records from Gateway Listener hostnames #5764
Description
What would you like to be added:
Add a new --source=gateway-gateway option to external-dns that creates DNS records based on the hostname field defined in Gateway API Gateway Listeners. This source would read listeners[].hostname from Gateway resources and automatically manage corresponding DNS records.
The implementation should:
- Parse Gateway resources and extract hostname values from each Listener
- Support wildcard hostnames (e.g.,
*.example.com) - Create/update/delete DNS records based on Gateway lifecycle and status
- Work alongside existing sources like
--source=serviceand--source=ingress
Why is this needed:
Currently, external-dns lacks a "gateway-gateway source" that directly uses Gateway API's Gateway resources. This creates an operational gap for L4-only configurations (using TLS termination and TCPRoute without HTTPRoute), where there's no L7 route resource with hostnames that external-dns can use.
In Gateway API, Listeners can declare hostnames for TLS termination:
https://gateway-api.sigs.k8s.io/guides/tls/#wildcard-tls-listeners
listeners:
- name: foo-tls
protocol: TLS
port: 443
hostname: foo.example.com
tls:
mode: Terminate
certificateRefs:
- kind: Secret
group: ""
name: foo-example-com-cert
- name: wildcard-tls
protocol: TLS
port: 443
hostname: "*.example.com"
tls:
mode: Terminate
certificateRefs:
- kind: Secret
group: ""
name: wildcard-example-com-cert
- name: wildcard-tls-alt
protocol: TLS
port: 6443
hostname: "*.example.com"
tls:
mode: Terminate
certificateRefs:
- kind: Secret
group: ""
name: wildcard-example-com-certFor L4-only Gateway configurations:
- HTTPRoute source (
--source=gateway-httproute) cannot be used since no HTTPRoutes exist - Service/Ingress sources don't integrate with Gateway API
- Operators must manually manage DNS records, breaking the automation flow
This feature would enable more DNS automation for L4 Gateway configurations.