Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ELB Cname alias not picked up #865

Closed
alexnederlof opened this issue Jan 23, 2019 · 4 comments
Closed

ELB Cname alias not picked up #865

alexnederlof opened this issue Jan 23, 2019 · 4 comments

Comments

@alexnederlof
Copy link
Contributor

alexnederlof commented Jan 23, 2019

Not sure if this Is a bug or just not implemented.

Using version 0.5, and amazon Route 53, when I create an nginx-ingress (using helm stable/nginx-ingress), it creates a service that gets the external IP <some-hash>.elb.eu-west-1.amazonaws.com.

NAME                                          TYPE           CLUSTER-IP       EXTERNAL-IP                                                                     PORT(S)                      AGE   SELECTOR
default-nginx-nginx-ingress-controller        LoadBalancer   10.x.x.x   <some-hash>.elb.eu-west-1.amazonaws.com   80:30447/TCP,443:31025/TCP   26m   app=nginx-ingress,component=controller,release=defa

When I configured the ingress like so:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    external-dns.alpha.kubernetes.io/alias: "true"
  name: hello-a-ingress
  namespace: default
spec:
  rules:
    - host: hello.my.domain

I expected external-dns, to pick up the CNAME, and put that as an alias. However, it sets some IP address in Route 53 (which does not work, because that IP address accepts no traffic).

To fix it, I need to explicitly wait for the ingress to come online, manually grab the CNAME, and then apply the annotation external-dns.alpha.kubernetes.io/target: <some-hash>.elb.eu-west-1.amazonaws.com.

Is this intended behaviour? If so, is it possible to automate it?

@linki
Copy link
Member

linki commented Jan 24, 2019

Your expectation is correct but you're locking at the wrong place. The used ALIAS target will be in your hello-a-ingress Ingress object (not in default-nginx-nginx-ingress-controller). There, under the .status section you'll probably see the IP you're refering to which is set by nginx ingress controller.

Please make sure you're using the --publish-service flag on your ingress controller and point it to default-nginx-nginx-ingress-controller, see https://github.com/kubernetes-incubator/external-dns/blob/master/docs/tutorials/nginx-ingress.md#with-a-separate-tcp-load-balancer.

@alexnederlof
Copy link
Contributor Author

Thanks! I'll try that!

@frankgu968
Copy link

@alexnederlof did it work for you?

@linki I tried adding the publish-service flag and it didn't work... It's still fetching the IP addresses of the ELB.

@alexnederlof
Copy link
Contributor Author

Yes, worked like a charm!

xianlubird added a commit to xianlubird/external-dns that referenced this issue Apr 14, 2019
* Add github.com/miekg/dns to dependencies

* Change RFC2136 default port to zero

* Add small comment to push CLA check

* Updating CHANGELOG.md to v0.5.6

* Moving methods around

This is an update to the order in which we have the new mock methods.

Removed comment and added comment to exported mock helper.

* Fix handling of custom TTL values with Google DNS.

* chore: replace glog with a noop logger

* Continue even if node listing fails

* Add couple of tests for RFC2136 provider

* Fix interface export issue

* Fix TLS issue with OpenStack auth (Designate)

* fix: pass all relevant CLI flags to AWS provider (kubernetes-sigs#719)

* fix(aws): correctly populate target health check on existing records

* Don't erase endpoints labels (kubernetes-sigs#713)

* docs: document how to use a different security context

* Matching entire string for wildcard in txt records with prefixes

* Added linode to support cloud providers

* Fixed tests store records with escaped wildcard. Added test to verify wildcard record with prefix.

* Small style fix after code review

* docs: update changelog to v0.5.8

* docs: fix wrong entry in changelog

* fix domain filter match logic to not match similar domain names

* Fix nil map access of endpoint labels

* Add missing rfc2136 enum value to provider flag

* Switch to using nobody instead.

* Add TestNewDesignateProvider test func

* Add alias annotation for ingress

* Add small Readme for RFC2136 provider

* Format changes

* allow hostname annotations to be ignored

* MAINTAINER is deprecated - using LABEL instead

https://docs.docker.com/engine/reference/builder/#maintainer-deprecated

* pdns: Add DomainFilter support

* Update Azure documentation

* Update dyn.go

* Update CoreDNS provider to use etcd v3 client

* Update Gopkg.* vendor management files for github.com/coreos/etcd

* Tiny clarification about two available deployment methods.

* Oracle doc fix (add "key:" to secret) (kubernetes-sigs#750)

* fix domain filter match logic to not match similar domain names

* MAINTAINER is deprecated - using LABEL instead

https://docs.docker.com/engine/reference/builder/#maintainer-deprecated

* Fix to documentation for Oracle to include `key:`

* Add Traefik to the supported list of ingress controllers.

* Fix Multiple subdomains bug

* Remove unnecessary slashes

* Change log level

* Add docs for alias annotation

* Fix typos: sychronized->synchronized, resouce->resource, sepecified->specified (kubernetes-sigs#769)

Signed-off-by: mooncake <xcoder@tenxcloud.com>

* Remove dupplicated words:have,aliyun (kubernetes-sigs#768)

Signed-off-by: mooncake <xcoder@tenxcloud.com>

* adding kubernetes adder

* adding kubernetes adder

* Allow setting Cloudflare proxying by annotation

* Change default apiversion of crd

- Change default apiversion of DNSEndpoint
- Add error to output CRDClient

* panic: assignment to entry in nil map

* Remove trim suffix

* adjust gometalinter timeout by setting env var

* Remove sorting of rrdatas

* update dep dependencies

* chore: remove unused import (kubernetes-sigs#781)

* chore: update delivery.yaml to new format

* Changelog v0.5.9

* Improve errors in Records() of infoblox provider

* Updating Azure tutorial

* update README to include Linode on the 0.5 roadmap (kubernetes-sigs#787)

Notes that Linode support was added in 0.5.5

* add tutorial for coredns (kubernetes-sigs#791)

There is no coredns tutorial for externalDNS. This pull request makes
coredns based on minikube for working with externalDNS.

* fix(infoblox): don't import logrus twice

* feat(controller): expose managed resources and records as metrics

* update the FAQ list of supported DNS providers (kubernetes-sigs#796)

* adding config for bind for tsig (kubernetes-sigs#790)

* adding config for bind for tsig

* add indentation as requested

* Use SOAP API to retrieve all records with 1 request

* fix json syntax error - typing error (kubernetes-sigs#765)

there was an unexpected comma in json used as custom configuration file

* 2 issues: - coredns support more than 1 targets
          - delete with prefix to make sure the record is cleaned

* Add zone tag filter for AWS

* Removed extractTarget

* Update coredns tutorial with RBAC manifest (see kubernetes-sigs#791)

* avoid unnecessary updating for CRD resource
with test updated

* fix commands to cleanup

* Update coredns.md

Make the DNS service IP consistent with `my-coredns-coredns` in example

* Add metrics info to FAQ

* Update cloudflare.md

* docs(azure): better security granuality concerning external dns service principal

* Implement Stringer for planTableRow

Makes for clearer log messages.

* Normalize DNS names during planning

Ensure that we don't consider names with and without a trailing dot
differently at this stage.

* RFC2136 seems to require one IP Target per RRSET instead of multiple IPs per RRSET.

* Fix typos in rfc2136 provider

The rfc2136Actions interface was misspelled.

Signed-off-by: Lachlan Cooper <lachlancooper@gmail.com>

* Fix dry-run mode in rfc2136 provider

In dry-run mode we need to return early to avoid sending messages.

Fixes kubernetes-sigs#816.

Signed-off-by: Lachlan Cooper <lachlancooper@gmail.com>

* Change default AWSBatchChangeSize to 1000

AWS API ChangeResourceRecordSets method only allows 1000 ResourceRecord
elements in one call, so the previous value was not very useful.

* Correct Google Cloud DNS (ref: https://cloud.google.com/dns/) naming in docs

* add security file

Signed-off-by: Nick Jüttner <nick@zalando.de>

* Add support for eu-north-1

* Clarify registry error info

* Fix private zone dns record does not work

* Add apiVersion to ingress.yaml, and Delete the duplicated line in dnstools

* Support updating ProviderSpecific property.

* Make awscli commands use JSON output

This way the use of `jq`, and the output in this document would make sense.

* Cloudflare pagination for zones

* Adds a new flag `--aws-api-retries` which allows overriding the
number of retries that API calls will attempt before giving up.

This somewhat mitigates the issues discussed in kubernetes-sigs#484 by allowing
the current sync attempt to complete vs. failing and starting anew.

Defaults to 3, which is what the aws-sdk-go defaults to where not
specified.

Signed-off-by: Joe Hohertz <joe@viafoura.com>

* fix gofmt issue

* Add questions from slack to the faq

* Update Gopkg.toml

* Update Gopkg.toml

* Cloudflare pagination for zones

* Improve documentation regarding Alias

I got stuck here and opened kubernetes-sigs#865 because I thought it was a bug. I hope this will help others set it up correctly the first time.

* Remove linki from SECURITY_CONTACTS

As per responsibilities of a security contact: https://github.com/kubernetes/sig-release/blob/master/security-release-process-documentation/security-release-process.md#responsibilities

* Update cloudflare.go

* chore: update changelog for v0.5.10

* Fixes some style in the faq.md file

* fix: reduce number of API requests by caching a bit

* only compare provider-specific annotations when they exist in the provider, skip target-health annotation

* fix test of ProviderSpecific comparison

Signed-off-by: Joe Hohertz <joe@viafoura.com>

* Fixed typo in debug output

* fix broken test after merge

* Fixed PowerDNS Domain Filter Bug

* When using Domain Filters with PowerDNS provider and providing
  no domain filter, the provider ignores all zones instead of
  including all zones which is the default behaviour
* Added test cases for PartitionZones function of PDNSClient

* Add RcodeZero Anycast DNS provider

* Apply doc review changes

* Fix formating

Fix linter issues

* Run gofmt on main

* Trigger travis

* Added description for multiple dns name

This PR is a comment about "Multiple DNS names per Service" setting.

* Document make dep step which may be needed to run make build

* Turns out sudo is not necessary

* Clarify that hosted zone identifier is to be used

* Use k8s informer cache instead of active API server calls in ingress and service sources.

* Changelog for v0.5.11

* Update README.md

Added a reference to a blogpost which uses ExternalDNS in a CI/CD setup.

* Dropping owners

* Fix rcodezero txt encrypt flag parameter

Add rcodezero txt encrypt parameter tests

* Make view configurable for infoblox provider

* Add infoblox view flag to tests

* Correct default of infoblox-view parameter

* Add support for multiple Istio Ingress Gateways
The --istio-ingress-gateway flag may now be specified multiple times.

* set log level to debug when axfr is disabled

* Added stability matrix and minor improvements to README

* Bumping istio to 1.1.0, updating fake GatewayConfigStore Get method to work with 1.1.0

* Release v0.5.12

* Release v0.5.12

* Reduce verbosity of infoblox provider logs

* remove unnecessary parameter check when started with insecure flag

* Remove passwords from config output based on tag

* Remove superfluous trailing period from hostname

Tutorial specifies version >0.4 which also removed the requirement for a trailing period.  New users could misunderstand the trailing dot as a significant syntax.  Removing the dot simplifies the configuration of the annotation.

* describe how to check if your cluster has a RBAC

* aws-r53: adding china ELB endpoints and hosted zone id's

* aws-r53: adding china ELB endpoints and hosted zone id's. fixed spacing

* aws-r53: adding china ELB endpoints and hosted zone id's. corrected formatting

* aws-r53: adding china ELB endpoints and hosted zone id's. fixed typo when reformatting

* Streamline AWS ApplyChanges

- collect the zones and records once

* fix wrong arg 'alibaba-cloud-zone' -> 'alibaba-cloud-zone-type'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants