-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[external-dns] - Use IDs embedded in external_dns_route53_zone_arns
as zone-id-filter
#333
Comments
external_dns_route53_zone_arns
as zone-id-filter
external_dns_route53_zone_arns
as zone-id-filter
This issue has been automatically marked as stale because it has been open 30 days |
@egarbi you can configure this with the external-dns helm values either in terraform or using GitOps-bridge with ArgoCD like in https://github.com/aws-samples/eks-blueprints-add-ons/blob/main/argocd/bootstrap/control-plane/addons/aws/addons-aws-oss-external-dns-appset.yaml#L65 |
I know, but it would be more convenient if the module had this feature readily available without requiring any extra effort from the user. I am planning to create a PR to showcase my idea, and I believe it would be beneficial to implement it. Ultimately, the decision is for the team to make. |
Community Note
What is the outcome that you are trying to reach?
The current behaviour of
external-dns
presents challenges when working with AWS Route 53, especially when adding records to a few specific zones when you have lots of zones defined in your account. The default approach fetches all available zones, leading to:Multiple zones for the same domain cause "Access Denied" errors when adding records to a specific zone. (ie: example.com is defined both as private and public but you only need private)
Frequent calls to the AWS Route 53 API, despite only needing records for a subset of zones, result in rate-limiting issues.
Example:
Describe the solution you would like
Utilize the existing variable external_dns_route53_zone_arns to filter out unnecessary zones. The solution involves using the zone-id-filter as a switch for the container, as demonstrated below:
By parsing the zone IDs from
external_dns_route53_zone_arns
and passing them as zone-id-filters within the Helm values, we can optimize the module to allow only the necessary zone ARNs from IAM and at the same time haveexternal-dns
handling records exclusively within the specified zone.Extra benefits
Enhanced reliability when adding records to specific zones.
Prevention of "Access Denied" errors by aligning zone retrieval with the intended zone for record addition.
Reduction in AWS Route 53 API calls, minimizing the risk of rate-limiting.
Describe alternatives you have considered
Additional context
Achieving the same goal by passing arbitrary switches to the container (e.g., domain_filters, etc) is possible. However, this requires users to possess a thorough understanding and analysis of their particular use case. The proposed approach eliminates the need for user intervention, providing a more user-friendly solution that works for most, if not all, use cases.
The text was updated successfully, but these errors were encountered: