two external dns for private and public zones alb

[raghulkrishna]

What happened: i created two external dns config and deployment one with arg --aws-zone-type=public and other with --aws-zone-type=private. but when i mention private external dns in ingress creates records both in private and pulbic zone and vice versa. is this expected behaviour or any workaround for this?

Environment:

• External-DNS version (use external-dns --version):0.71
• DNS provider: Route53

*configuration helm install external-dns stevehipwell/external-dns \ --set provider=aws \ --set source=ingress \ --set policy=sync \ --set registry=txt \ --set txtOwnerId=my-hostedzone-identifier \ --set interval=30s \ --set aws-zone-type=private\ --set rbac.create=true \ --set rbac.serviceAccountName=external-dns \ --set rbac.serviceAccountAnnotations.eks.amazonaws.com/role-arn= helm install publicexternal-dns stevehipwell/external-dns \ --set provider=aws \ --set source=ingress \ --set policy=sync \ --set registry=txt \ --set txtOwnerId=my-hostedzone-identifier \ --set interval=30s \ --set --aws-zone-type=public\ --set rbac.create=true \ --set rbac.serviceAccountName=publicexternal-dns \ --set rbac.serviceAccountAnnotations.eks.amazonaws.com/role-arn=

[pitinga]

Hello...

Did you try to use the "domain-filter" option? https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md

The aws-zone-type=private will filter the domain "internal.company.com"

And the --aws-zone-type=public will filter the domain "company.com".

This way each External DNS would know which URL it will control.

[raghulkrishna]

@pitinga yes tried that doesn't seems to be working for the aws-zone-type both are same domain some needs to got to private zone and some to pulblic zone

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[ismferd]

Which is the status of this issue? I'm having exactly the same behaviour

[ismferd]

External DNS builds the ingress in both zones private and public. I have this kind of manifest, which creates entry in both zones:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig":
      { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:eu-central-1:xxxxx:certificate/xxxxx,
      arn:aws:acm:eu-central-1:xxxxxx:certificate/xxxxxxx
    alb.ingress.kubernetes.io/healthcheck-interval-seconds: "60"
    alb.ingress.kubernetes.io/healthcheck-path: /actuator/health
    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: "50"
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-group-attributes: deregistration_delay.timeout_seconds=10
    alb.ingress.kubernetes.io/unhealthy-threshold-count: "5"
    alb.ingress.kubernetes.io/waf-acl-id: xxxxxxx
    kubernetes.io/ingress.class: alb
  labels:
    project: test
  name: test-ing
  namespace: test
spec:
  rules:
  - host: my.host

We have 2 controllers of external dns, one for the public hosted zone and the other one for the private hosted zone:

    Args:
      --source=service
      --source=ingress
      --domain-filter=OURDNS
      --provider=aws
      --policy=upsert-only
      --registry=txt
      --aws-zone-type=private
      --annotation-filter=kubernetes.io/ingress.class=alb
      --txt-owner-id=OURPRIVATEID

    Args:
      --source=service
      --source=ingress
      --domain-filter=OURDNS
      --provider=aws
      --policy=upsert-only
      --annotation-filter=kubernetes.io/ingress.class=alb
      --aws-zone-type=public
      --registry=txt
      --txt-owner-id=OURPUBLICID

I would like to create a new entry on route53 depending on the ingress annotation alb.ingress.kubernetes.io/scheme:

[ismferd]

did you find anything @raghulkrishna ?

[ismferd]

Hi @raghulkrishna ,

I found my error, I had both controllers (public and private) with the filter: --annotation-filter=kubernetes.io/ingress.class=alb and each ingress with this annotation too. Modifying this annotation to --annotation-filter=kubernetes.io/ingress.class=internal-alb the problem was resolved.

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue.

In response to [this](https://github.com/kubernetes-sigs/external-dns/issues/2169#issuecomment-1019240837): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues and PRs according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue or PR with `/reopen` >- Mark this issue or PR as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.