search

kubernetes-sigs / aws-load-balancer-controller

A Kubernetes controller for Elastic Load Balancers
https://kubernetes-sigs.github.io/aws-load-balancer-controller/
Apache License 2.0
3.93k stars 1.46k forks source link

External DNS creates an entry in both zones private and public #2377

Closed ismferd closed 2 years ago

ismferd commented 2 years ago

Describe the bug External DNS builds the ingress in both zones private and public. I have this kind of manifest, which creates entry in both zones:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig":
      { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:eu-central-1:xxxxx:certificate/xxxxx,
      arn:aws:acm:eu-central-1:xxxxxx:certificate/xxxxxxx
    alb.ingress.kubernetes.io/healthcheck-interval-seconds: "60"
    alb.ingress.kubernetes.io/healthcheck-path: /actuator/health
    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: "50"
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-group-attributes: deregistration_delay.timeout_seconds=10
    alb.ingress.kubernetes.io/unhealthy-threshold-count: "5"
    alb.ingress.kubernetes.io/waf-acl-id: xxxxxxx
    kubernetes.io/ingress.class: alb
  labels:
    project: test
  name: test-ing
  namespace: test
spec:
  rules:
  - host: my.host

Steps to reproduce We have 2 controllers of external dns, one for the public hosted zone and the other one for the private hosted zone:

    Args:
      --source=service
      --source=ingress
      --domain-filter=OURDNS
      --provider=aws
      --policy=upsert-only
      --registry=txt
      --aws-zone-type=private
      --annotation-filter=kubernetes.io/ingress.class=alb
      --txt-owner-id=OURPRIVATEID
    Args:
      --source=service
      --source=ingress
      --domain-filter=OURDNS
      --provider=aws
      --policy=upsert-only
      --annotation-filter=kubernetes.io/ingress.class=alb
      --aws-zone-type=public
      --registry=txt
      --txt-owner-id=OURPUBLICID

Expected outcome I would like to create a new entry on route53 depending on the ingress annotation alb.ingress.kubernetes.io/scheme:

Environment

Additional Context:

tamirhad commented 2 years ago

@ismferd hey, What was the issue? Thinking about doing the same implementation

ismferd commented 2 years ago

@tamirhad Sorry for the delay. the thing this annotation: --annotation-filter=kubernetes.io/ingress.class=alb both controllers are listening this annotation, it means both will write an entry on route53. If you want to get different behaviors you have to change this annotation