search

gardener / external-dns-management

Environment to manage external DNS entries for a kubernetes cluster
Apache License 2.0
81 stars 67 forks source link

Creating DNSEntry to create A record in Route53 Hosted Zone with 1 dnsname target. #371

Closed saifulhoque26 closed 2 months ago

saifulhoque26 commented 4 months ago

What would you like to be added: Creating A DNSRecord with DNSEntry with 1 target with DNSname.

Why is this needed:

If I understand it correctly, to create a A record in Route53 HostedZone, the DNSEntry needs to have IP as target

targets:
    - 192.0.2.1   # IP address for A record

or have multiple DNS name as target:

  targets:
  - haproxy-nlb-9k5-0.nlb.foo.bar.example.com
  - haproxy-nlb-h7s-0.nlb.foo.bar.example.com
  - haproxy-nlb-jwt-0.nlb.foo.bar.example.com

And to create a CNAME record, the DNSEntry must have a single DNS name is in the target.

  targets:
  - haproxy-nlb.nlb.dmi.foo.bar.example.com

Currently to force create an A record, we are adding a subdomain as target:

    targets:
    - haproxy-nlb.nlb.dmi.foo.bar.example.com
    - HDBAAS2-55989.haproxy-nlb.nlb.dmi.foo.bar.example.com

This creates an A record. But in the end we see 1 IP as target as expected.

[24/05/24 2:58:39] ➜  landscape git:(develop) ✗ k get dnsentries.dns.gardener.cloud -A              
NAMESPACE         NAME                  DNS                            TYPE          PROVIDER                                                                            STATUS   AGE     TARGETS              OWNERID
haproxy-ingress   haproxy-nlb-service   *.rs.dmi.foo.bar.example.com   aws-route53   remote: shoot--hc-dev--saiful-dmi/aws-route53-shoot-dns-service-orchestration-dns   Ready    2m25s   ["18.196.165.158"]

Is there any way to have 1 dnsname as target and create an A record? If its not possible, we would like to request a feature to enable us create an A record from DNSEntry with a single dnsname target.

MartinWeindel commented 4 months ago

Question 1: is there any way to have 1 dnsname as target and create an A record? If its not possible, is that in the roadmap?

If you are using a AWS Route 53 hosted zone and the target is a Amazon load balancer name, an ALIAS record is created instead the CNAME record automatically which is normally the same as a A record. In the general case, is it not possible and it is also not on the roadmap. Why do you want to have an A record here? Why is a CNAME record not good enough? The feature with multiple domain name targets is meant to help in situations where you cannot use a CNAME DNS record.

Do you think if we will face any issue with this approach to create an A record?

The dns-controller-manager must lookup the IP address of the targets periodically and updates the DNS record if needed. Therefore it is only best effort and not of on the same reliability level as a CNAME record. As it happens to be checked only every 10 mins by default, you may have observe service unavailability if the IP address changes. You may reduce this period by setting spec.cnameLookupInterval in the DNSEntry, but you can still have a short time with the outdated target IPs. Depending on the TTL of the record, the lookup on the upstream DNS server may return an outdated IP address for the TTL time period.

saifulhoque26 commented 4 months ago

If you are using a AWS Route 53 hosted zone and the target is a Amazon load balancer name, an ALIAS record is created instead the CNAME record automatically which is normally the same as a A record.

By Amazon load balancer name, do you mean the value of "dns.gardener.cloud/dnsnames:" key in the kubernetes Service resource? Or the value of statue.loadBalancer.ingress.hostname ?

We set the value of "dns.gardener.cloud/dnsnames:" in the target of DNSEntry. But it created a CNAME record.

We need to have an A record, because In our kubernetes cluster, we have external Routing enabled.

There is an external Routing from a CNAME record that targets the ´dnsName´of the DNSEntrywhich has also CNAME record. Therefore, we have CNAME cascading, which is not a recommended setup.

So, we need to create an A record.

MartinWeindel commented 4 months ago

If you are using a AWS Route 53 hosted zone and the target is a Amazon load balancer name, an ALIAS record is created instead the CNAME record automatically which is normally the same as a A record.

By Amazon load balancer name, do you mean the value of "dns.gardener.cloud/dnsnames:" key in the kubernetes Service resource? Or the value of statue.loadBalancer.ingress.hostname ?

All AWS application and classical load balancers with domains ending e.g. with us-east-2.elb.amazonaws.com (complete list here) are translated into A records automatically. But this happens in the AWS Route53 service itself. So it does no apply in your case.

We set the value of "dns.gardener.cloud/dnsnames:" in the target of DNSEntry. But it created a CNAME record. We need to have an A record, because In our kubernetes cluster, we have external Routing enabled.

Thanks for providing more details. But I think it is out of scope of the dns-controller-manager. As already mentioned the feature for multiple targets is only a work around as there is no DNS record like CNAMES where you can provide multiple target domains.

We can not give any guarantees about the IP lookup, especially which DNS servers are used. Only you in your application know, when the IP address behind the domain name may change and which DNS servers to use to get an immediate update.