External DNS is syncing all resources regardless of annotation.

[Kerwood]

I have recently setup external-dns in my k8s cluster. The issue is that it syncs all ingress hostnames and not only ingresses annotated with external-dns.alpha.kubernetes.io/hostname. Is this not the intention of this annotation? Filtering which resources to create DNS records for ?

External-dns is installed using the Helm chart. I am using the following configuration.

• --log-level=debug
• --log-format=json
• --interval=1m
• --source=ingress
• --policy=sync
• --registry=txt
• --txt-owner-id=my-cluster-id
• --txt-suffix=-xdns
• --domain-filter=test.example.org
• --provider=google
• --google-zone-visibility=public

Chart version: 1.10.1 App version: 0.12.2

Helm values

fullnameOverride: external-dns
serviceAccount:
  create: true
  annotations:
    iam.gke.io/gcp-service-account: <workload-identity>@<gcloud-project-id>.iam.gserviceaccount.com

logLevel: info
logFormat: json
interval: 1m
policy: sync

sources:
  - ingress

registry: txt
txtOwnerId: my-cluster-id
txtSuffix: "-xdns"
domainFilters:
  - test.example.org

provider: google
extraArgs:
  - --google-zone-visibility=public

[nerdingasnate]

it syncs all your resources, which you specified with --source=ingress

if you do not want specific resources synced you need to add annotation to those ingress resources external-dns.alpha.kubernetes.io/ingress-hostname-source: "annotation-only" which then will only sync them if they also have external-dns.alpha.kubernetes.io/hostname: xxx

[Kerwood]

Ok, so its working as intended ?

I have used label filter to enable/disable external-dns on specific ingress defs, to meet my needs.

[zbup]

I am running into this also. It would be nice if you could set it to a mode where it would not sync anything unless you added the annotation.

[Kerwood]

As I understand it, this behavior is intended. You can achieve what you want by adding a label filter.

Adding --label-filter=external-dns-create in (true) to your config will only create DNS records on objects with a external-dns-create: "true" label on it.

[snowzach]

I gotcha... I really ONLY wanted to create a DNS record when I specified the hostname manually... I finally got it to do what I wanted with a few options:

--annotation-filter=external-dns.alpha.kubernetes.io/hostname  # Only use the hostname annotation to enable
--ignore-ingress-rules-spec  # Ignore any hosts defined in the ingress rules
--ignore-ingress-tls-spec   # Ignore any hosts defined in the ingress tls section

Thanks for the pointers! That helped me figure it out!

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten