search

kubernetes-sigs / external-dns

Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services
Apache License 2.0
7.74k stars 2.58k forks source link

NS record not being created via CRD #4831

Open drew-viles opened 3 weeks ago

drew-viles commented 3 weeks ago

What happened: I'm trying to create an NS record as advised via the docs here. Here is my resource (redacted of course):

apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
  name: infer-dns-ns
  namespace: infer-dns
spec:
  endpoints:
  - dnsName: some-domain.example.com
    recordTTL: 300
    recordType: NS
    targets:
    - ns1.delegation.example.com

When I deploy this, nothing happens. The logs state msg="All records are already up to date". I have the --source=crd set too which I have validated as working by adjusting my DNSEndpoint to test it - for example, this works:

apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
  name: infer-dns-ns
  namespace: infer-dns
spec:
  endpoints:
  - dnsName: some-domain.example.com
    recordTTL: 300
    recordType: A
    targets:
    - 0.0.0.0

What you expected to happen: The NS record should be created as per the docs.

How to reproduce it (as minimally and precisely as possible): Just deploy external dns via the helm chart with the following values:

releaseName: external-dns
values: |
  env:
    - name: "CF_API_TOKEN"
      valueFrom:
        secretKeyRef:
          key:  api-key
          name: cloudflare-api-key-secret
  txtOwnerId: mgmt
  txtPrefix: "mgmt-"
  domainFilters:
    - example.com
  sources:
    - service
    - ingress
    - crd
  extraArgs:
    - "--label-filter=external-dns-exclude notin (true)"
  provider: "cloudflare"
  policy: sync

Anything else we need to know?:

I've tried ensuring it isn't some bug around the --label-filter by removing it and also trying it with the label external-dns-exclude: "false" but again, same result of a noop.

Environment:

juan-vg commented 1 day ago

Hey @drew-viles, I discovered the fix:

  extraArgs:
    - ...
    - --managed-record-types=A
    - --managed-record-types=AAAA
    - --managed-record-types=CNAME
    - --managed-record-types=NS

By default the managed types are A, AAAA and CNAME, so any other type must be explicitly defined to be allowed. I believe the problem here are the docs, since for many providers this is not specified. I found the useful info at the PowerDNS docs, and that's not even mentioned for other providers like AWS or Cloudflare.

drew-viles commented 1 day ago

aaah nice spot. thanks for confirming and for raising the PR for the docs clarification.