New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Creating dns records for apex / root domains #449
Comments
I'm seeing something similar with the CloudFlare provider. I have an ingress defined with two rule sets, like this: apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
external-dns.alpha.kubernetes.io/hostname: ignota.media
name: rupertsberg
namespace: prod-green
spec:
rules:
- host: ignota.media
http:
paths:
- backend:
serviceName: rupertsberg
servicePort: http
- host: www.ignota.media
http:
paths:
- backend:
serviceName: rupertsberg
servicePort: http
tls:
- secretName: ignota-media-ssl
hosts:
- ignota.media
- www.ignota.media ...and it looks like the External DNS watcher detects them both, based on a dry debug run:
In CloudFlare, however, only the Adding the apex domain manually isn't the worst thing, but it'd be great if you folks had any suggestions! 😬 |
With SimpleDNS we register
|
GKE k8s Noticed the same in Google CloudDNS! Apex domains are not auto set up. apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
certmanager.k8s.io/acme-challenge-type: dns01
certmanager.k8s.io/acme-dns01-provider: clouddns
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: nginx
labels:
app: website
chart: static-website-0.1.0
heritage: Tiller
release: website
name: website
namespace: default
spec:
rules:
- host: 0x.se
http:
paths:
- backend:
serviceName: website
servicePort: 80
path: /
- host: www.0x.se
http:
paths:
- backend:
serviceName: website
servicePort: 80
path: /
tls:
- hosts:
- 0x.se
- www.0x.se
secretName: website-prod
:( |
Same on AWS with |
On a whim, I tried setting the apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
# No bueno.
external-dns.alpha.kubernetes.io/hostname: '@' |
ran into the same issue. with the log entries:
env:
|
I have the same issue - trying to write to my root domain pfefferundfrost.com with DNSimple provider -resulting in a strange error:
How to fix this? |
Not sure when this landed---there's nothing of note in the CHANGELOG---but this appears to be fixed as of An ingress that looks like this will now correctly assign a record to the apex in CloudFlare: apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: site
spec:
rules:
- host: site.tld
http:
paths:
- backend:
serviceName: site
servicePort: http
- host: www.site.tld
http:
paths:
- backend:
serviceName: site
servicePort: http |
It is indeed fixed as @phyllisstein said but it raises another issue : apex are usually associated with a lot of TXT records (google verification, spf, and other stuff) which seem to prevent external-dns to create its own entries :
|
It is working with |
Same here for DNSimple with: external-dns.alpha.kubernetes.io/hostname: .example.nl.,www.example.nl.,.example.be.,www.example.be. |
Any update here ? This is really an issue to not being able to set our domain apex along with other entries because of Kind of really busy but if I can help on something to make this go forward, let me know. |
Tested this again today on Route53 using external-dns v0.5.12 and it works 🎉! Edit: Only if there is no other TXT record on the apex domain (in my case I have some Google site verification records): |
Creation of records for root/apex works fine for us, but we're running into the same issue others are reporting re: managing |
We solved our issue by using the prefix option. We added it to the values file of the Helm chart as such: This would generate |
I'm still having the problem on
Any help would be highly appreciated :) |
@elafarge that error happens when
If you look at one of the other records that Hopefully that made sense. |
@echoboomer We're probably going to do the same. Did you run into any gotcha's with having the TXT prefix being a subzone? (Right now it's just a prefix in the same zone). I can't think of anything that would be an issue but you never know |
We ran into the issue @joekohlsdorf describes: Having external-dns manage an apex record is no issue in itself. Just on AWS / Route53 you may not simply add another TXT record if one (like one for DKIM / SPF) exists, but apparently you have to "add" yourself to the existing record: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html#TXTFormat |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
have you had any luck with deleting records created this way? It's not finding the owner for me. I changed my prefix to not have anything resulting in a trailing dash like you had suggested.
So for something like
but then when I delete the resource that caused these records to show up, the log on the delete says:
Which makes me think it probably wouldn't update a record that change either. I'm not sure this has anything to do with the apex stuff, just how it's finding the owner when you have a prefix. |
I hadn't noticed that, but we haven't deleted services in a long time. Would be a separate bug I suppose. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
/remove-lifecycle rotten |
If you specify the annotation for hostname and ingress-hostname-source you can avoid the APEX records trying to create:
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
Hello, Using the AWS/Route53 plugin, we're facing the same problem for APEX domains. Whatever we're trying to do, ExternalDNS keep complaining
Our external DNS configuration is a follows :
We tried to create the TXT records with the expected value as follows :
Both resolves publicly correctly, with the expected TXT value, with no more success. Is there a way to retrieve which DNS record is exactly requested by ExternalDNS ? |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
I am using helm to deploy external-dns and this did it for me:
|
We are using v0.13.4 with Azure DNS. We have existing TXT records for the apex and we still have the external-dns creating apex A record for our K8S ingress. |
Not sure if this is a bug or just not possible by design or other limitations.
I am trying to automatically create a dns record for the apex / root domain. Unfortunately, those records are not being created. Manually, it's possible to point the apex to a AWS ELB. I also do not get any feedback from the ExternalDNS pod except:
time="2018-01-26T09:07:31Z" level=info msg="All records are already up to date"
.Can you clarify how I could achieve this? I also have not seen any examples where the apex is being set through ExternalDNS.
The text was updated successfully, but these errors were encountered: