external-dns icon indicating copy to clipboard operation
external-dns copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

External-DNS add unwanted/all running nodes as 1 record to AWS Route53

Open yunxi-zhang opened this issue 2 years ago • 5 comments

What happened: I've got an AWS EKS (V1.22) with Fargate and used external DNS to dynamically add pod/node ips to AWS route53. I'm using a K8S service file to define host names (i.e. external-dns.alpha.kubernetes.io/hostname: issuer-service.eks.acapy.demo.local) After running external-dns, it accidentally added all running nodes' IPs to route53 in 1 A record (see below screenshot). image

All these pods are running in my EKS as shown in below screenshot. image

What you expected to happen: I only want 2 specific pods/nodes' IPs to be added to the Route53 record.

How to reproduce it (as minimally and precisely as possible): Step 1: Set up an AWS EKS with Fargate. Step 2: Set up a Fargate profile. Step 3: Set up 2 different pods from 2 pod/deployment files, each run as a different application. Step 4: Set up external DNS for AWS Route53 following the tutorial.

Anything else we need to know?: Not sure if this feature has been provided by external-dns already, but I can't find any useful information anywhere.

Environment:

  • External-DNS version (use external-dns --version): v0.11.0
  • DNS provider: AWS Route53
  • Others:

yunxi-zhang avatar May 02 '22 21:05 yunxi-zhang

Hey @yunxi-zhang What Kubernetes Service.Type are you using? For Type == NodePort - Kubernetes will open a Port on each Node in your cluster and external-dns may hook them to R53

voro015 avatar May 06 '22 00:05 voro015

@voro015, yes, the type I've used is NodePort. If I use LoadBalancer , EKS will create a load balancer and random EC2 instances not needed and direct all traffic to these EC2. Wonder if external-dns could add a new feature such that we can specify which relevant nodes' IPs we want to be added to DNS records.

yunxi-zhang avatar May 06 '22 08:05 yunxi-zhang

I'm not sure if it's possible with Fargate EKS, but in theory you should be able to create AWS ALB with kubernetes Ingress resource(required controller), with target annotation ip. That ALB will target only Pods.

If you dont need any ALB, then you could try to use Service Type ClusterIP.

For Type NodePort, IMO, external-dns correctly created single record with targets on each node and it's not a bug.

voro015 avatar May 09 '22 21:05 voro015

@voro015, the external-dns does add all Pods' nodes' ips to the record. Think my ticket is about a new feature, for instance, can external-dns be configured to selectively add pods' nodes' ips filtered by e.g. namespace instead of all pods' nodes' ips. If such as a feature is not available, I can close this ticket and recreate a new one for a feature.

yunxi-zhang avatar May 10 '22 16:05 yunxi-zhang

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Aug 08 '22 17:08 k8s-triage-robot