Add cloudflare-proxied annotation to service

[chrxmvtik]

What would you like to be added:

Service object should have possibility to set external-dns.alpha.kubernetes.io/cloudflare-proxied flag.

Why is this needed:

The only way to enable cloudflare proxy is to set it up on the ingress configuration or specify it globally within deployment, however some services are not exposed by ingress whereas service is more than enough.

[lucasfcnunes]

It already works via annotations...

apiVersion:
kind: Service|Ingress|...
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: example.com
    external-dns.alpha.kubernetes.io/ttl: '120'
    external-dns.alpha.kubernetes.io/cloudflare-proxied: 'true'

Have you quoted the true value as above?

[chrxmvtik]

It already works via annotations...

apiVersion:
kind: Service|Ingress|...
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: example.com
    external-dns.alpha.kubernetes.io/ttl: '120'
    external-dns.alpha.kubernetes.io/cloudflare-proxied: 'true'

Have you quoted the true value as above?

Yes, of course I tried, as I mentioned above, it works for Ingress object, but not for Service object.

If that matters, I am using nginx-ingress controller (not ingress-nginx)

Here are some code snippets:

apiVersion: v1
kind: Service
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/hostname:  argocd.xxx.dev
    external-dns.alpha.kubernetes.io/endpoints-type: HostIP
    external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"

external-dns deployment flags:

  '--log-level=debug',
  '--source=service',
  '--source=ingress',
  '--request-timeout=60s',
  '--domain-filter=xxx.dev',
  '--zone-id-filter=0123456789',
  '--provider=cloudflare',

[lucasfcnunes]

It works for me. I'm using the latest version (external-dns/external-dns version=1.13.1, appVersion: 0.13.6).

Does it sync to the correct IP in cloudflare (kubectl get svc -o wide)?

[chrxmvtik]

It works for me. I'm using the latest version (external-dns/external-dns version=1.13.1, appVersion: 0.13.6).

Does it sync to the correct IP in cloudflare (kubectl get svc -o wide)?

Funny thing, I've been making some changes and figured out that:

1. Using --cloudflare-proxied flag within deployment + using cloudflare-proxied (true) annotation it will create/update records with proxy disabled - which is weird behaviour.

2. Using --cloudflare-proxied flag within deployment + using cloudflare-proxied (false) annotation it will create/update records with proxy disabled - OK.

3. Using --cloudflare-proxied flag within deployment without using any cloudflare-proxied annotation with values true or false will create/update - OK

I am also using external-dns v0.13.6

[lucasfcnunes]

Seems like a bug

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[lucasfcnunes]

/remove-lifecycle stale

[lucasfcnunes]

@chrxmvtik, did you find a solution or/and v0.14.0 fixed it for you?

[lucasfcnunes]

/remove-lifecycle rotten

[fingalickn]

Running into this issue as well now. Prs welcome?

[fingalickn]

Funny thing, I've been making some changes and figured out that:

Using --cloudflare-proxied flag within deployment + using cloudflare-proxied (true) annotation it will create/update records with proxy disabled - which is weird behaviour.

@chrxmvtik any chance you've checked the logs when this happens and found and error message like

	"Failed to parse annotation [external-dns.alpha.kubernetes.io/cloudflare-proxied]: ...",

[chrxmvtik]

Funny thing, I've been making some changes and figured out that: Using --cloudflare-proxied flag within deployment + using cloudflare-proxied (true) annotation it will create/update records with proxy disabled - which is weird behaviour.

@chrxmvtik any chance you've checked the logs when this happens and found and error message like

	"Failed to parse annotation [external-dns.alpha.kubernetes.io/cloudflare-proxied]: ...",

Sadly I don't remember this anymore. I moved to another project which didn't make use of cloudflare and didn't come back to it from then. :(

[szuecs]

not sure if it is a new feature or an old bug