New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP Always create AAAA alias records in route53 #3605
base: master
Are you sure you want to change the base?
Conversation
d453731
to
620ab61
Compare
@johngmyers this will 1) change default to use dualstack and therefore 2) roughly double requests to AWS route53 with its "nice" API rate limits (see also #3402). |
One should not have to opt-in to expected, correct behavior. #3402 should address rate limiting, especially if it defaults to enabled. At worst, this should be opt-out, though that will further increase complexity and the number of needed test cases. |
620ab61
to
b3c998e
Compare
Also, why does a mere factor of 1.5 deserve such complexity? |
@johngmyers in general I agree with you! |
/ok-to-test |
I'm going to experiment with implementing this using |
b3c998e
to
12e27c8
Compare
The I don't think registries should be creating ownership records for endpoints that were added by I'm also thinking of writing a dynamodb registry. |
To avoid creating ownership records for the AAAA alias records, we could:
This wouldn't handle the case where the A record is deleted but the AAAA and TXT were not. To handle that case, the new interface method would have to take and endpointName, type, and possibly labels and return a set of additional endpointNames and types that the labels would apply to. |
/ok-to-test |
12e27c8
to
e553562
Compare
@johngmyers I've deployed 4dcce15 to a cluster on AWS and I'm seeing the following behavior: When I add a new hostname to a service's
When I subsequently remove the same hostname from the service's annotation, it only deletes:
When I added the hostname back to the service, it created those same three records and left the AAAA-related records alone. As I was testing the behavior of moving the hostname back and forth between two different services, I got the following panic during the reconciliation loop:
As far as I could tell, this may have been persisting until I deleted the 5 records associated with that external name in the zone. Not every move of the name seemed to cause this state. I feel like I saw other moves where the external name simply wasn't updated, and other moves where only the A record was updated. The deployment itself has the following settings:
as well as a number of On the other hand, the initial deployment of this, when there were no existing matching records in the zone it was targeting and it created new records for a newly created Service went really well and seemed to work great. |
I suspect this is the issue that #3724 is attempting to fix. |
/hold for #3724 |
/hold cancel |
/assign @mloiseleur |
/test pull-external-dns-lint |
/retest |
I think this is ready to go in. |
I have tested it with a build of this PR that I published here.
time="2023-08-14T15:01:37Z" level=info msg="Applying provider record filter for domains: [example.com. .example.com.]"
time="2023-08-14T15:01:37Z" level=info msg="Desired change: DELETE _extdns.cname-test2.example.com TXT"
time="2023-08-14T15:01:37Z" level=info msg="Desired change: DELETE _extdns.test2.example.com TXT "
time="2023-08-14T15:01:37Z" level=info msg="Desired change: DELETE test2.example.com A"
time="2023-08-14T15:01:37Z" level=info msg="Desired change: CREATE _extdns.aaaa-test3.example.com TXT"
time="2023-08-14T15:01:37Z" level=info msg="Desired change: CREATE _extdns.cname-test3.example.com TXT"
time="2023-08-14T15:01:37Z" level=info msg="Desired change: CREATE _extdns.test3.example.com TXT"
time="2023-08-14T15:01:37Z" level=info msg="Desired change: CREATE test3.example.com A"
time="2023-08-14T15:01:37Z" level=info msg="Desired change: CREATE test3.example.com AAAA" |
Blocked by #3910 |
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Any news on this PR? |
Any status updates? |
I'm sorry to bump this one more time. It's a super important feature to us. Here in Norway, all public services must, by law, be announced with IPv6 support. Anything we can contribute with to get this feature merged faster? |
It is open source. |
not everyone can do this and fix the problem but still need the fix for their systems. So +1 from my site, I also need it. |
@johngmyers: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
Description
Always creates both A and AAAA alias records in Route53.
When a Route53 AAAA alias record points to an IPv4-only resource, AAAA DNS queries return zero records. This is the same behavior as when there is no AAAA alias record but is an A alias record. For this reason, there is no rational reason to not also create the AAAA alias record.
Adds logic for reconciling discrepancies between the A and AAAA alias records, including when only one of the two is present. In some situations, this reconciliation will take two iterations of the reconciliation algorithm to converge, as the Route53 provider does not store all information about the AAAA record with the discrepancy in the Endpoint. Encoding this information in the provider-specific annotations would result in a lot of complicated code for a rare edge case. An alternative would be to add an opaque provider-specific
interface{}
toEndpoint
so that the Route53 provider could store theResourceRecordSet
directly.This PR is an alternative to #2050.
Fixes #3707
Checklist