search

borchero / switchboard

Kubernetes Operator for Automatically Issuing DNS Records and TLS Certificates for Traefik Ingress Routes.
MIT License
155 stars 15 forks source link

Override default ExternalDNS target #36

Open Elegant996 opened 2 years ago

Elegant996 commented 2 years ago

For our environment, we are always using a CNAME on the base domain instead of the status.loadbalancer.IP from the traefik service. Would it be possible to add an override for all ExternalDNS targets similar to how we must pick an Issuer for cert-manager when deploying switchboard?

borchero commented 1 year ago

Could you provide a more tangible example and maybe a sample of the resource that is currently created and how you want it to look like? :smile:

Elegant996 commented 1 year ago

Sure, see the ingress below:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test
  annotations:
    external-dns.alpha.kubernetes.io/target: example.com
spec:
  rules:
  - host: test.example.com
    http:
      paths:
      - path: /
        pathType: ImplementationSpecific
        backend:
          service:
            name: test
            port:
              name: https
  tls:
  - hosts:
    - test.example.net
    secretName: test-example-tls

ExternalDNS would generate a CNAME entry for test.example.com that points to example.com.

In our use case, all ingresses would use example.com as the target and never the loadbalancer IP since it is an internal address. Ideally, we would be able to define a default target similar to the certificate template but for DNS:

certificateTemplate:
  spec:
    issuerRef:
      name: letsencrypt-prod
      kind: ClusterIssuer

Thanks!

borchero commented 1 year ago

Would this use case be covered if integrations.externalDNS.targetIPs (or a similarly named option) would allow setting hostnames?

Elegant996 commented 1 year ago

Yes! That would do perfectly. Perhaps it may be more prudent to just call it integrations.externalDNS.target similar to ExternalDNS and just have that list support IP or hostnames?

borchero commented 1 year ago

@Elegant996 do you want to take a stab at that? :smile: might take me some time to find time for this otherwise πŸ‘€

Elegant996 commented 1 year ago

@borchero Actually, this might not be an issue if https://github.com/kubernetes-sigs/external-dns/pull/3055 is accepted. I'll leave this here for now but the PR may affect half of this project.

borchero commented 1 year ago

Oh nice, that would be cool πŸ˜„ historically, external-dns was rather reluctant to include support for anything ither than the native ingress but let’s see how it turns out this time πŸ˜„

beezel commented 1 year ago

Giving this a bump as being able to use our NLBs hostname for TargetIP would be an ideal solution for our environment.