cloudflare-tunnel-ingress-controller
cloudflare-tunnel-ingress-controller copied to clipboard
STRRL
Long tunnel names cause errors when creating DNS records
summary
If the tunnel name is long, the length of the comment in the DNS record exceeds the limit of 100 characters. In that case, it seems that DNS records cannot be registered.
Therefore, it is necessary to ensure that the comment length does not exceed 100 characters.
Details
When I created the Ingress resource, I received the following error.
2024/10/23 12:04:14 controller-runtime: "caller"={"file"="controller.go" "line"=316} "msg"="Reconciler error" "error"="put exposures: update DNS CNAME record: update DNS CNAME record for zone [example.com]: create DNS record for zone example.com, hostname test-svc.example.com: DNS record comment exceeds the maximum length of 100 characters. (9313)" "controller"="ingress" "controllerGroup"="networking.k8s.io" "controllerKind"="Ingress" "Ingress"={"name"="test-ingress" "namespace"="default"} "namespace"="default" "name"="test-ingress" "reconcileID"="45ab836b-e535-42bd-94a9-68147dee1792"
The following code was temporarily changed for debugging purposes. https://github.com/STRRL/cloudflare-tunnel-ingress-controller/blob/master/pkg/cloudflare-controller/tunnel-client.go#L150
return errors.Wrapf(err, "create DNS record for zone %s, hostname %s, comment {{{%s}}}", zone.Name, item.Hostname, item.Comment)
Here is the controller's log afterwards.
2024/10/23 12:50:46 controller-runtime: "caller"={"file"="controller.go" "line"=316} "msg"="Reconciler error" "error"="put exposures: update DNS CNAME record: update DNS CNAME record for zone [example.com]: create DNS record for zone example.com, hostname test-svc.example.com, comment {{{managed by strrl.dev/cloudflare-tunnel-ingress-controller, tunnel [cloudflare-ingress-controller-test-tunnel]}}}: DNS record comment exceeds the maximum length of 100 characters. (9313)" "controller"="ingress" "controllerGroup"="networking.k8s.io" "controllerKind"="Ingress" "Ingress"={"name"="test-ingress" "namespace"="default"} "namespace"="default" "name"="test-ingress" "reconcileID"="6e11491d-e1b7-4dc8-ab1c-380eff44c80c"
There are 110 characters in the COMMENT string
managed by strrl.dev/cloudflare-tunnel-ingress-controller, tunnel [cloudflare-ingress-controller-test-tunnel]
Thanks for your contribution for reporting this issue! 🚀
Get that, using DNS record comments for annotating metadata(this DNS Record is controlled by which operator) is NOT good. Maybe we could use TXT record as instead.
What do you think about that? Do you have any suggestions? ❤️
Thank you for your response.
I think using a TXT record is not good for security, because information about the connection is visible to the outside world.
How about not including the tunnel name as connection information?
Specifically, the comment in the DNS record should be as follows
managed by strrl.dev/cloudflare-tunnel-ingress-controller
I think it's fine because you can check the tunnel name from the Cloudflare Dashboard without including it. What do you think?
How about limiting the length of tunnel names and displaying an error message if the limit is exceeded when the controller is started, so that it will not start?
Example
Due to the comment length limit of Cloudflare's DNS records, the tunnel name must be 31 characters or less.
Or, how about cutting off the excess part if the total length exceeds 100 characters? Example
managed by strrl.dev/cloudflare-tunnel-ingress-controller, tunnel [cloudflare-ingress-controller...