search

kubernetes-sigs / external-dns

Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services
Apache License 2.0
7.75k stars 2.58k forks source link

failed to sync traefik.io/v1alpha1, Resource=ingressrouteudps: context deadline exceeded #4834

Open WowSuchRicky opened 1 month ago

WowSuchRicky commented 1 month ago

Hello, I've recently tried converting external-dns to use the Traefik CRD (IngressRoute) instead of Ingress as sources, and my pod is crashlooping as a result.

What happened:

time="2024-10-28T20:54:57Z" level=info msg="Instantiating new Kubernetes client"
time="2024-10-28T20:54:57Z" level=info msg="Using inCluster-config based on serviceaccount-token"
time="2024-10-28T20:54:57Z" level=info msg="Created Kubernetes client https://10.43.0.1:443"
time="2024-10-28T20:54:57Z" level=info msg="Using inCluster-config based on serviceaccount-token"
time="2024-10-28T20:54:57Z" level=info msg="Created Dynamic Kubernetes client https://10.43.0.1:443"
time="2024-10-28T20:55:57Z" level=fatal msg="failed to sync traefik.io/v1alpha1, Resource=ingressrouteudps: context deadline exceeded"

(Same crashloop can sometimes show Resource=ingressroute and Resource=ingressroutetcps depending on which one gets deadline exceeded first, presumably?)

What you expected to happen: I expected to receive a more meaningful error and/or what API or endpoint is being reached that is causing the deadline exceeded so I am able to debug the issue without bugging you all :)

How to reproduce it (as minimally and precisely as possible): values.yaml example:

provider: 
  name: cloudflare
policy: sync
env:
  - name: EXTERNAL_DNS_TRAEFIK_DISABLE_LEGACY
    value: "1"
  - name: CF_API_TOKEN
    valueFrom:
      secretKeyRef:
        name: cloudflare-api-key
        key: apiKey
extraArgs:
  - '--request-timeout=60s' # tried with and without this 
  - '--source=traefik-proxy'
  - '--traefik-disable-legacy' # https://github.com/kubernetes-sigs/external-dns/pull/3055#issuecomment-2356047170

(I tried without the Legacy flags / env var, but same result).

Other previous similar issues e.g. #2407 look like they could be related to RBAC or namespaces, but I believe everything on my end is in default, including all of the IngressRoutes.

Anything else we need to know?:

Environment:

WowSuchRicky commented 1 month ago

I fixed the issue shortly after posting this.

Turns out in the helm chart, it defaults to allowing services and ingresses to be sources: https://github.com/kubernetes-sigs/external-dns/blob/master/charts/external-dns/values.yaml#L203-L205 Since I was adding source as a flag, it wasn't overriding this.

Changed my values.yaml to include the following:

sources:
  - traefik-proxy

and we're good to go.

This seems semi-related to https://github.com/kubernetes-sigs/external-dns/issues/3169#issuecomment-2266793389 but not exactly, since my installation is NOT namespaced. This behavior is strange to me and I'll leave this open in the hopes that we can figure out if there's any work necessary to improve how this was discovered.