External DNS Does not Create Route53 Records from Gateways

[amybachir]

Hi! My external-dns installation would not create records in Route53 unless I added the following annotation to all my Gateways:

external-dns.alpha.kubernetes.io/target: <elb's-dns-record>.elb.<aws-region>.amazonaws.com

I had to grab the DNS name for the nlb manually and add the annotation above. Did I miss something?

[soleares]

Are you referring to istio-ingressgateway or something else? The only external-dns annotation I can find in the repo is in the istio-ingressgateway config: https://github.com/argoflow/argoflow-aws/blob/master/distribution/istio/istio-spec.yaml#L54.

I did a recent install (3-4 days ago) and it created the entries in route53 based on the annotation.

Did the external-dns logs show any errors?

[amybachir]

@soleares Thanks for responding my inquiry. It seems there was an error "Unauthorized" in external-dns log. Restarting the pod just fixed. I don't understand what the issue was but it seems to be working as expected.

[soleares]

@amybachir Good to hear. Kind of sounds like an issue I had when the service account for the load balancer controller wasn't setup correctly - so it didn't assume the right IAM role and showed an unauthorized error. After I fixed it and restarting the pod it resolved it.

[EKami]

I guess that's the same issue I have here but adding external-dns.alpha.kubernetes.io/target: <elb's-dns-record>.elb.<aws-region>.amazonaws.com did not seem to work on my side :(

[EKami]

I think I know why it's happening. If you look at the logs of istio-operator pod it actually doesn't install istio correctly sometimes, I have to redeploy the argocd app twice. It's only when the istio-operator is deployed correctly that you have to delete the istio app for argocd to recreate it and deploy the dns to route53 (again you have to look at the logs of the istio-operator pod, sometimes it's stuck but the pod in argocd is marked as "healthy"). Hope it makes sense.