Provide an annotation to disable appending private NLB IP address to service external IPs

[Matthew-Beckett]

Is this a BUG REPORT or FEATURE REQUEST?

Choose one: FEATURE REQUEST

When creating a Service of type LoadBalancer it's ExternalIPs value will be used by components such as external-dns to create A records for traffic routing, however, as the private internal IPv4 address of the NLB is appended to the Ingress IPs property of the LoadBalancerStatus returned to service and both the public IPv4 and private IPv4 are added to DNS.

It would be helpful to disable this functionality when external-dns, or other components which reference this property and expect only public IP addresses are deployed.

https://github.com/kubernetes-sigs/external-dns/issues/2810 - Issue discussing this in external-dns

[robert-heinzmann-logmein]

+1

Note: Workaround is to enforce the External-DNS record e.g. using kyverno policy and external-dns.alpha.kubernetes.io/target annotation injection based on status.loadBalancer.ingress[] field.

[milanof-huma]

Almost all cloud providers that we use support a way to create a LB with only public address or enforce it through flag. Please have a look if possible to implement such feature

[fdelucchijr]

I know this is only a work-around, but I solved my problem using kubernetes-sigs/external-dns/pull/2693, I left my values.yaml into kubernetes-sigs/external-dns/issues/2048#issuecomment-1227395102 for reference.

[Matthew-Beckett]

Workaround has been provided in external-dns to exclude address ranges such as RFC1918.

https://github.com/kubernetes-sigs/external-dns/pull/2693

I'm honestly disappointed on Oracle's behalf they had to patch something in for this...