Ingress: external-dns.alpha.kubernetes.io/hostname: force usage

[bitsofinfo]

Currently if I have an Ingress defined with annotation:

external-dns.alpha.kubernetes.io/hostname: my.domain1.com

The Ingress also has:

 ...
- host: my.domain1.com
   ...
- host: www.domain1.com
   ...

external-dns creates dns records for BOTH my.domain1.com and www.domain1.com

It would be great if an option or additional annotation could be added that could instruct external-dns to ONLY create entries for what is in external-dns.alpha.kubernetes.io/hostname and ignore whats in the Ingress - hosts stanzas.

I need this for situations where the service behind an ingress is accessed directly via certain names but can also accessed via other proxies in front of it. So it needs to be concerned with all possible Host: headers.... but I don't necessarily want to alter DNS for all of them if that makes sense.

[jhoos]

I have a similar situation that would benefit from this. We have a public-facing AWS ALB ingress that we place behind a CloudFront distribution. Ideally we'd like to be able to just have a single DNS record for that ALB, configured via external-dns.alpha.kubernetes.io/hostname or something similar, and then suppress the DNS entries for all of the host entries in the ingress so that we can have those DNS entries point to CloudFront instead (which would then be configured to pass the Host header through to the ALB for route selection).

[bmudda]

+1

[wallentx]

With external DNS creating records for entries in the ingress :

...

• host: my.domain1.com
  ...
• host: www.domain1.com
  ...

This conflicts with what I want to happen with ingress-nginx.
If in my ingress-nginx Ingress annotation I have:

external-dns.alpha.kubernetes.io/hostname: "*.my.domain1.com."

This will route all traffic that doesn't have a r53 entry to the ingress-nginx ALB. This is the intended effect. ingress-nginx sets up it's configuration by reading the ingress:

spec:
rules:
- host: my.domain1.com
http:
paths:
- path: /
backend:
serviceName: my-svc
servicePort: 80

As of at least the latest release, this is creating a r53 entry for my.domain1.com with an A record that resolves to the internal kubernetes cluster internal IP.

[morganchristiansson]

@wallentx Surely you mean ingress-nginx service annotation

Just set --source service and omit ingress and external-dns will create your wildcard dns for the ingress-nginx services and ignore all ingress hosts. This may work in your case but it ignores all ingress hostnames so may not work for everyone.

[morganchristiansson]

Per the code in github the annotation only adds names to the list. There is no way to remove or override hostnames. https://github.com/kubernetes-incubator/external-dns/blob/master/source/ingress.go#L270-L289

You can however use the TXT registry to stop external-dns from managing certain records and then take over management of those records.

This comment has more details #819 (comment)

[max-lobur]

Using TXT would force me to use A instead of CNAME because you can't have CNAME alongside TXT :(

However, not having a TXT at all, while having just a CNAME works:

Skipping endpoint test.domain 300 IN CNAME test.us-west-2.dev.domain [] because owner id does not match

Thankfully external DNS considers a missing txt an owner mismatch 🤞

Downside: this produces logs like these, and I need to ensure I have CNAME before I create ingress. Still would like to have a way to skip certain hostnames in ingress, or force annotation hostname like proposed in this issue.

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

[bitsofinfo]

not stale

[bitsofinfo]

/remove-lifecycle stale

[morganchristiansson]

@max-lobur Use the --txt-prefix option

[meshok0]

An option to force external-dns to ignore hostnames from ingress and create records for hostnames from external-dns.alpha.kubernetes.io/hostname only would be great.
This will help with scenarios where you want to put some proxy(WAF, for example) between clients and ALB.

[dansimone]

#1650 is a potential solution to this problem.

[seanmalloy]

/kind feature

[jxy859]

+1

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

[haslersn]

not stale

[bitsofinfo]

/remove-lifecycle stale

stale bots are so annoying

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

[haslersn]

/remove-lifecycle stale

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

[haslersn]

The specific use case described by the OP can be solved on the ingress controller side: kubernetes/ingress-nginx#6752

However, there might be other use cases where the feature requested here is required.

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[bitsofinfo]

/remove-lifecycle stale

[bitsofinfo]

/reopen

[k8s-ci-robot]

@bitsofinfo: Reopened this issue.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[bitsofinfo]

/remove-lifecycle rotten

[dudicoco]

This functionality was added in #1696

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.