search

kubernetes-sigs / external-dns

Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services
Apache License 2.0
7.59k stars 2.55k forks source link

DNS records for service do not appear to be deleted #3438

Closed gtomilko closed 1 year ago

gtomilko commented 1 year ago

What happened: I have Headless service annotated with external-dns entries:

apiVersion: v1
kind: Service
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: host.domain.edu
    external-dns.alpha.kubernetes.io/ttl: "180"
  name: cplane-for-dns
  namespace: kube-system
spec:
  clusterIP: None
  clusterIPs:
  - None
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: api-port
    port: 6443
    protocol: TCP
    targetPort: 6443
  selector:
    component: kube-apiserver
  sessionAffinity: None
  type: ClusterIP

External-dns publishes all dns records for this service as it should: 

level=info msg="Adding RR: host.domain.edu 180 A 192.168.50.177"
level=info msg="Adding RR: host.domain.edu 180 A 192.168.50.202"
level=info msg="Adding RR: host.domain.edu 180 A 192.168.50.248"
level=info msg="Adding RR: host.domain.edu 0 TXT \"heritage=external-dns,external-dns/owner=default,external-dns/resource=service/kube-system/cplane-for-dns\""
level=info msg="Adding RR: a-host.domain.edu 0 TXT \"heritage=external-dns,external-dns/owner=default,external-dns/resource=service/kube-system/cplane-for-dns\""
level=info msg="Adding RR: host.domain.edu 180 A 192.168.50.177"
level=info msg="Adding RR: host.domain.edu 180 A 192.168.50.202"
level=info msg="Adding RR: host.domain.edu 180 A 192.168.50.248"
level=info msg="Adding RR: host.domain.edu 0 TXT \"heritage=external-dns,external-dns/owner=default,external-dns/resource=service/kube-system/cplane-for-dns\""
level=info msg="Adding RR: a-host.domain.edu 0 TXT \"heritage=external-dns,external-dns/owner=default,external-dns/resource=service/kube-system/cplane-for-dns\""

What you expected to happen:
As my nodes with this service get created and deleted I expect dns records to be created and removed. But records get created and never removed. Policy set to sync.

Here is external-dns config:

apiVersion: v1
kind: Pod
metadata:
  labels:
    app.kubernetes.io/instance: external-dns
    app.kubernetes.io/name: external-dns
    pod-template-hash: 664f757fc7
  name: external-dns-664f757fc7-6glvw
  namespace: external-dns
spec:
  containers:
  - args:
    - --log-level=info
    - --log-format=text
    - --interval=1m
    - --source=service
    - --source=ingress
    - --policy=sync
    - --registry=txt
    - --provider=rfc2136
    - --rfc2136-host=192.168.96.5
    - --rfc2136-port=53
    - --rfc2136-zone=domain.edu
    - --rfc2136-insecure
    image: my-internal-registry/internal-infrastructure/external-dns:v0.13.2
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 2
      httpGet:
        path: /healthz
        port: http
        scheme: HTTP
      initialDelaySeconds: 10
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 5
    name: external-dns
    ports:
    - containerPort: 7979
      name: http
      protocol: TCP
    readinessProbe:
      failureThreshold: 6
      httpGet:
        path: /healthz
        port: http
        scheme: HTTP
      initialDelaySeconds: 5
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 5
    resources: {}
    securityContext:
      capabilities:
        drop:
        - ALL
      readOnlyRootFilesystem: true
      runAsNonRoot: true
      runAsUser: 65534
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-dxpk2
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeName: gc-dev-dev-worker-81f8f675-ph82s
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext:
    fsGroup: 65534
  serviceAccount: external-dns
  serviceAccountName: external-dns
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: kube-api-access-dxpk2
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace

Kubernetes engine Rancher/RKE2
ExternalDns version: 0.13.2
DNS provider: rfc2136 , EfficientIP SOLIDserver/Bind

Please advise (((

gtomilko commented 1 year ago

Figured out, zone transfer was disabled on bind server