gabeduke
commented
6 years ago Just a note: we've noticed that it can take up to 20 minutes for a new elb to register with route 53.
Closed jstrachan closed 5 years ago
gabeduke
commented
6 years ago Just a note: we've noticed that it can take up to 20 minutes for a new elb to register with route 53.
jstrachan
commented
6 years ago @gabeduke ah thanks!
Have you ever managed to setup a wildcard sub domains on an ELB host via route 53? Just wondering if its even possible really - maybe I just need to wait an hour or two ;). If so which permutation works - CNAME/A record and Alias Yes/No?
gabeduke
commented
6 years ago Yes a wild card subdomain with either alias or cname will work as long as it's not the Apex record. We generally use the dns name that's generated by the elb until the route53 dns starts resolving. Also our TTL is quite short (around 5 minutes) and it still takes a while to register. The other thing to note is this only is an issue on elb creation.
jstrachan
commented
6 years ago @gabeduke many thanks. I wonder what I'm doing wrong. I tried creating a CNAME alias for "*" and hours later it still doesn't resolve to a sub domain:
$ nslookup foo.ab3b4ed5d80e411e8875b06439f0e641-1796460012.us-west-2.elb.amazonaws.com
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find foo.ab3b4ed5d80e411e8875b06439f0e641-1796460012.us-west-2.elb.amazonaws.com: NXDOMAIN
$ dig ns foo.ab3b4ed5d80e411e8875b06439f0e641-1796460012.us-west-2.elb.amazonaws.com
; <<>> DiG 9.10.6 <<>> ns foo.ab3b4ed5d80e411e8875b06439f0e641-1796460012.us-west-2.elb.amazonaws.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63233
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;foo.ab3b4ed5d80e411e8875b06439f0e641-1796460012.us-west-2.elb.amazonaws.com. IN NS
;; AUTHORITY SECTION:
us-west-2.elb.amazonaws.com. 59 IN SOA ns-332.awsdns-41.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 60
;; Query time: 72 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jul 11 13:46:37 BST 2018
;; MSG SIZE rcvd: 182
@gabeduke you are using a Hosted zone to setup the route 53 CNAME alias right?
gabeduke
commented
6 years ago @jstrachan I think I know what the issue is. I don't know that it's possible to use the ELB DNS name as an actual route53 record, it would have to be the target. So in your Hosted zone you would point *.[zone name].com at the target ab3b4ed5d80e411e8875b06439f0e641-1796460012.us-west-2.elb.amazonaws.com. Let me know if that helps!
jstrachan
commented
6 years ago not sure what the [zone name] is as right now the zone domain name is the ELB domain name. Or do you mean we'd need to create a new hosted zone for a new DNS name? Basically am trying to do the smallest possible change to get Ingress working on AWS/EKS without requiring folks have a custom DNS name pre-registered with a registrar that they can use for ingress; was hoping to setup some kind of wildcard DNS with the existing ELB domain name.
gabeduke
commented
6 years ago I was misunderstanding what you are trying to do. As far as I know [zone name] would have to be a public DNS zone in order to access externally. Unfortunately, I don't think you would be able to modify records in the AWS provided zone.
fabiodouek
commented
6 years ago Hi @gabeduke , that's right, there is no way to add records for the out of the box ELB public DNS names. I agree with you, these names will need to be registered in Hosted Zone associated to the VPC. Would be great if there was an option to specify also a Route 53 Private Hosted Zone, as in some cases you might want to have a private cluster, with an internal Load Balancer rather than internet-facing.
jstrachan
commented
6 years ago OK another option to look at is can we use an NLB with the nginx-ingress controller https://aws.amazon.com/blogs/opensource/network-load-balancer-support-in-kubernetes-1-9/ then we'd get a static IP address for the NLB then we can use that as the domain and use nip.io for wildcard DNS on AWS/EKS
patrickleet
commented
6 years ago @jstrachan I saw this approach when I was trying to research yesterday as well. Saw this article but haven't gone through it yet, but maybe it's helpful: https://medium.com/ww-engineering/k8s-ws-aws-elb-nlb-5a23834d4f14
jstrachan
commented
6 years ago tried an NLB then used one of its IP addresses; seemed to work first time on kops but never worked on EKS. So its probably time to chuck in the towel and go back to using the ELB host name and relative paths on the Ingress instead
jstrachan
commented
6 years ago BTW the code should work right now for setting up the Route53 CNAME wildcard load balancer
thienlh
commented
6 years ago Do we have any update on this issue? Is there a way to config a DNS instead of using *.nip.io? This is a deal breaker for us really 😢
jstrachan
commented
6 years ago there's some docs here which we're hoping to publish on the AWS blog soon...
https://docs.google.com/document/d/1EgqGU3nrMTigPvfohNH7o0rHHZbGuoQbQ__KqhmQsUc/edit?usp=sharing
stormmore
commented
5 years ago I know I have mentioned this, I still believe that is wrong to have to give Jenkins X a full wildcard domain. Why isn't the choice to use something like external-dns to actually configure the required addresses inside the cloud provider's DNS (e.g. Route53, etc.). It is has a lot of the cloud provider dns options covered including Google, Azure and interestingly enough even CoreDNS.
jstrachan
commented
5 years ago external-dns sounds great to me - maybe we can create an addon for it?
stormmore
commented
5 years ago That would be awesome if it could do away with the need for providing a wildcard domain, it would be even better.
nia2k7
commented
5 years ago Can we have multiple Jenkins X environments in the one hosted zone?
e.g. two CNAME record sets 1: *.jenkins1.jenkins.jx.konsek.cloud > route to ELB 1
jenkins-x-bot
commented
5 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://jenkins-x.io/community.
/lifecycle stale
jenkins-x-bot
commented
5 years ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Provide feedback via https://jenkins-x.io/community.
/lifecycle rotten
jenkins-x-bot
commented
5 years ago Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Provide feedback via https://jenkins-x.io/community.
/close
jenkins-x-bot
commented
5 years ago @jenkins-x-bot: Closing this issue.
We're super close to great EKS support in Jenkins X but we're stuck right now on setting up wildcard DNS on an AWS ELB so that:
myapp.myns.elbid.us-west-2.elb.amazonaws.comcan map to the IP address ofdualstack.elbid.us-west-2.elb.amazonaws.comso that it can be served up by anIngressthat points to the ELB along these lines:So far I've tried creating an A or CNAME of
*on the ELB host name using AliasYes- then when that failed, withNoand could nevernslookup / digany wildcard DNS names (e.g. looking upfoo.elbid.us-west-2.elb.amazonaws.comorfoo.bar.elbid.us-west-2.elb.amazonaws.com)There must be some way to do this - anyone know how?
As a fallback we could switch to using path based ingress; so using host
elbid.us-west-2.elb.amazonaws.comand then specifying a path in eachIngressresource - the downside is this then means every microservice deployed in kubernetes typically needs custom configuration to specify the path its deployed within - which adds lots of complexity and generally breaks most apps OOTB without lots of manual tweaks which would make AWS a much worse place to develop on k8s than AKS / GKE