search

kubernetes-sigs / external-dns

Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services
Apache License 2.0
7.73k stars 2.57k forks source link

pdns provider seems not working anymore #2549

Closed gigi206 closed 2 years ago

gigi206 commented 2 years ago

What happened: I have tested a few weeks ago pdns provider with success :) But now I try to test again and it seems not working :(

What you expected to happen: I install pdns with this helm chart (ArgoCD with helm):

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: powerdns
  namespace: argo-cd
spec:
  destination:
    namespace: powerdns-system
    server: 'https://kubernetes.default.svc'
  project: default
  source:
    chart: powerdns
    repoURL: 'https://k8s-at-home.com/charts/'
    targetRevision: 4.0.0
    helm:
      parameters:
        - name: powerdns.domain
          value: gigix
        - name: powerdns.api_key
          value: oZpVJqrGQUx3ao3m0e4ixTGa
        - name: service.type
          value: LoadBalancer
        # - name: postgresql.persistence.enabled
        #  value: "true"
        # - name: replicaCount
        #  value: "2"
  syncPolicy:
    syncOptions:
      - CreateNamespace=true
      - PruneLast=true

And external-dns whith this:

#https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/pdns.md
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: external-dns
  namespace: argo-cd
spec:
  destination:
    namespace: external-dns-system
    server: 'https://kubernetes.default.svc'
  project: default
  source:
    chart: external-dns
    repoURL: 'https://kubernetes-sigs.github.io/external-dns'
    targetRevision: 1.7.1
    helm:
      parameters:
        - name: rbac.create
          value: "true"
        # - name: metrics.enabled
        #   value: "true"
        - name: sources[0]
          value: service
        - name: provider
          value: pdns
        - name: txtOwnerId
          value: external-dns
        - name: interval
          value: 15s
        - name: extraArgs[0]
          value: --pdns-server=http://powerdns-webserver.powerdns-system.svc.cluster.local:8081
        - name: extraArgs[1]
          value: --pdns-api-key=oZpVJqrGQUx3ao3m0e4ixTGa
  syncPolicy:
    syncOptions:
      - CreateNamespace=true
      - PruneLast=true
time="2022-01-27T12:55:45Z" level=info msg="config: {APIServerURL: KubeConfig: RequestTimeout:30s DefaultTargets:[] ContourLoadBalancerService:heptio-contour/contour GlooNamespace:gloo-system SkipperRouteGroupVersion:zalando.org/v1 Sources:[service] Namespace: AnnotationFilter: LabelFilter: FQDNTemplate: CombineFQDNAndAnnotation:false IgnoreHostnameAnnotation:false IgnoreIngressTLSSpec:false IgnoreIngressRulesSpec:false Compatibility: PublishInternal:false PublishHostIP:false AlwaysPublishNotReadyAddresses:false ConnectorSourceServer:localhost:8080 Provider:pdns GoogleProject: GoogleBatchChangeSize:1000 GoogleBatchChangeInterval:1s GoogleZoneVisibility: DomainFilter:[] ExcludeDomains:[] RegexDomainFilter: RegexDomainExclusion: ZoneNameFilter:[] ZoneIDFilter:[] AlibabaCloudConfigFile:/etc/kubernetes/alibaba-cloud.json AlibabaCloudZoneType: AWSZoneType: AWSZoneTagFilter:[] AWSAssumeRole: AWSBatchChangeSize:1000 AWSBatchChangeInterval:1s AWSEvaluateTargetHealth:true AWSAPIRetries:3 AWSPreferCNAME:false AWSZoneCacheDuration:0s AzureConfigFile:/etc/kubernetes/azure.json AzureResourceGroup: AzureSubscriptionID: AzureUserAssignedIdentityClientID: BluecatConfigFile:/etc/kubernetes/bluecat.json CloudflareProxied:false CloudflareZonesPerPage:50 CoreDNSPrefix:/skydns/ RcodezeroTXTEncrypt:false AkamaiServiceConsumerDomain: AkamaiClientToken: AkamaiClientSecret: AkamaiAccessToken: AkamaiEdgercPath: AkamaiEdgercSection: InfobloxGridHost: InfobloxWapiPort:443 InfobloxWapiUsername:admin InfobloxWapiPassword: InfobloxWapiVersion:2.3.1 InfobloxSSLVerify:true InfobloxView: InfobloxMaxResults:0 InfobloxFQDNRegEx: InfobloxCreatePTR:false DynCustomerName: DynUsername: DynPassword: DynMinTTLSeconds:0 OCIConfigFile:/etc/kubernetes/oci.yaml InMemoryZones:[] OVHEndpoint:ovh-eu OVHApiRateLimit:20 PDNSServer:http://powerdns-webserver.powerdns-system.svc.cluster.local:8081 PDNSAPIKey:****** PDNSTLSEnabled:false TLSCA: TLSClientCert: TLSClientCertKey: Policy:upsert-only Registry:txt TXTOwnerID:external-dns TXTPrefix: TXTSuffix: Interval:15s MinEventSyncInterval:5s Once:false DryRun:false UpdateEvents:false LogFormat:text MetricsAddress::7979 LogLevel:info TXTCacheInterval:0s TXTWildcardReplacement: ExoscaleEndpoint:https://api.exoscale.ch/dns ExoscaleAPIKey: ExoscaleAPISecret: CRDSourceAPIVersion:externaldns.k8s.io/v1alpha1 CRDSourceKind:DNSEndpoint ServiceTypeFilter:[] CFAPIEndpoint: CFUsername: CFPassword: RFC2136Host: RFC2136Port:0 RFC2136Zone: RFC2136Insecure:false RFC2136GSSTSIG:false RFC2136KerberosRealm: RFC2136KerberosUsername: RFC2136KerberosPassword: RFC2136TSIGKeyName: RFC2136TSIGSecret: RFC2136TSIGSecretAlg: RFC2136TAXFR:false RFC2136MinTTL:0s RFC2136BatchChangeSize:50 NS1Endpoint: NS1IgnoreSSL:false NS1MinTTLSeconds:0 TransIPAccountName: TransIPPrivateKeyFile: DigitalOceanAPIPageSize:50 ManagedDNSRecordTypes:[A CNAME] GoDaddyAPIKey: GoDaddySecretKey: GoDaddyTTL:0 GoDaddyOTE:false OCPRouterName:}"
time="2022-01-27T12:55:45Z" level=info msg="Instantiating new Kubernetes client"
time="2022-01-27T12:55:45Z" level=info msg="Using inCluster-config based on serviceaccount-token"
time="2022-01-27T12:55:45Z" level=info msg="Created Kubernetes client https://10.43.0.1:443"
time="2022-01-27T12:55:51Z" level=info msg="All records are already up to date"
time="2022-01-27T12:56:07Z" level=info msg="All records are already up to date"
time="2022-01-27T12:56:22Z" level=info msg="All records are already up to date"

And powerdns log:

psql: could not connect to server: Connection refused
    Is the server running on host "powerdns-postgresql" (10.43.86.121) and accepting
    TCP/IP connections on port 5432?
Waiting for database to come up
psql: could not connect to server: Connection refused
    Is the server running on host "powerdns-postgresql" (10.43.86.121) and accepting
    TCP/IP connections on port 5432?
Waiting for database to come up
psql: could not connect to server: Connection refused
    Is the server running on host "powerdns-postgresql" (10.43.86.121) and accepting
    TCP/IP connections on port 5432?
Waiting for database to come up
psql: could not connect to server: Connection refused
    Is the server running on host "powerdns-postgresql" (10.43.86.121) and accepting
    TCP/IP connections on port 5432?
Waiting for database to come up
psql: could not connect to server: Connection refused
    Is the server running on host "powerdns-postgresql" (10.43.86.121) and accepting
    TCP/IP connections on port 5432?
Waiting for database to come up
psql: could not connect to server: Connection refused
    Is the server running on host "powerdns-postgresql" (10.43.86.121) and accepting
    TCP/IP connections on port 5432?
Waiting for database to come up
psql: could not connect to server: Connection refused
    Is the server running on host "powerdns-postgresql" (10.43.86.121) and accepting
    TCP/IP connections on port 5432?
Waiting for database to come up
Initializing Database
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
INSERT 0 1
Initialized schema version to 4.3.0
Jan 27 12:54:42 Guardian is launching an instance
Jan 27 12:54:42 UDP server bound to 0.0.0.0:53
Jan 27 12:54:42 UDP server bound to [::]:53
Jan 27 12:54:42 TCP server bound to 0.0.0.0:53
Jan 27 12:54:42 TCP server bound to [::]:53
Jan 27 12:54:42 Creating backend connection for TCP

Then I create a service as explained like that:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: echo
spec:
  selector:
    matchLabels:
      app: echo
  template:
    metadata:
      labels:
        app: echo
    spec:
      containers:
      - image: hashicorp/http-echo
        name: echo
        ports:
        - containerPort: 5678
        args:
          - -text="Hello World"
---
apiVersion: v1
kind: Service
metadata:
  name: echo
  annotations:
    external-dns.alpha.kubernetes.io/hostname: example.gigix
spec:
  selector:
    app: echo
  type: LoadBalancer
  ports:
    - protocol: TCP
      port: 80
      targetPort: 5678

But example.gigix is never created, anything in log :(

Environment:

gigi206 commented 2 years ago

Hi @gigi206 Please check ingress kubectl get ing -A and see if ADDRESS now shows anything other than the IP you expect for DNS. I noticed this just broke on minikube with new nginx-ingress-controller from being passed this argument: --publish-status-address=localhost I was able to temp fix it by editing the controller and removing that line/arg, then scale down and up replicas: kubectl edit deploy -n ingress-nginx ingress-nginx-controller kubectl scale deploy -n ingress-nginx ingress-nginx-controller --replicas=0 kubectl scale deploy -n ingress-nginx ingress-nginx-controller --replicas=1

I try with the ingress-nginx provided by default with rancher rke2 (with daemonset by default). In this case ingress IP corresponding to local IPs of the daemonset servers. And I try with custom ingress-nginx (not the ingress-nginx provided by rke2) + metallb

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: ingress-nginx
  namespace: argo-cd
spec:
  destination:
    namespace: ingress-nginx
    server: 'https://kubernetes.default.svc'
  source:
    chart: ingress-nginx
    repoURL: 'https://kubernetes.github.io/ingress-nginx'
    targetRevision: '4.0.13'
    helm:
      parameters:
        # - name: controller.kind
        #   value: daemonset
        - name: controller.ingressClassResource.default
          value: "true"
        - name: defaultBackend.replicaCount
          value: "1"
        # - name: controller.metrics.enabled # Cf https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx#prometheus-metrics
        #   value: "true"
  project: default
  syncPolicy:
    syncOptions:
      - CreateNamespace=true
      - PruneLast=true

I have the same result in the 2 cases, it's not working

Below is the result of my second test with custom installation of ingress-nginx + metallb 192.168.122.200 is the IP provided by metallb

$ kubectl get ing -A
NAMESPACE      NAME                             CLASS   HOSTS                ADDRESS           PORTS     AGE
argo-cd        argo-cd-argocd-server            nginx   argocd.gigix         192.168.122.200   80, 443   44m
rancher-demo   rancher-demo-rancher-demo-helm   nginx   rancher-demo.gigix   192.168.122.200   80        6m43s

For me no issue there, but I don't understand why rancher-demo.gigix or argocd.gigix not shown in logs and it's not working :(

Adding the annotation ̀external-dns.alpha.kubernetes.io/hostname` on ingress or service seems to do nothing