Aws-load-balancer-controller: controller deletes route53 entries not created by ingress

Created on 18 Apr 2017  路  12Comments  路  Source: kubernetes-sigs/aws-load-balancer-controller

I currently have some route53 dns entries that are created using the classic elb (k8s service Type:LoadBalancer)

However, After deploying this controller, and creating an ingress object (hostname not taken) that uses the controller, I noticed that some of my original dns records (not associated with the ingress object) are automatically being deleted when the controller is creating a route53 entry for the ingress object

picture yawboateng

Most helpful comment

I've located the issue, it relates to when a record that is not of Type A exists in same hosted zone as your ingress resource's record. It'll be fixed tomorrow.

picture joshrosso on 19 Apr 2017
🎉2

All 12 comments

Hi @yawboateng

Could you give me an example of the pre-existing domain that is being deleted along with the desired domain you put in your ingress object?

joshrosso picture joshrosso on 19 Apr 2017

pre-existing domain = scrummaster.infra.sometest.com

ingress:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: "elasticsearch"
  namespace: "logging"
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2,subnet-3
    alb.ingress.kubernetes.io/security-groups: sg-1
    alb.ingress.kubernetes.io/certificate-arn: [cert_arn_link]
    kubernetes.io/ingress.class: "alb"

spec:
  rules:
  - host: elasticsearch.infra.sometest.com
    http:
      paths:
      - path: /
        backend:
          serviceName: "elasticsearch"
          servicePort: 9200
yawboateng picture yawboateng on 19 Apr 2017

anecdotally, I saw the same thing.

I had host rules in the ALB controller like servicename.namespace.domainx.com and saw several random r53 deletions right after I fired up the ALB controller to test it like jira.domainx.com, bamboo.domainx.com and (my kube cluster endpoint) api.clustername.domainx.com

treyhyde picture treyhyde on 19 Apr 2017

@yawboateng @treyhyde

Thanks. This should be sufficient to reproduce. I'll keep you updated.

joshrosso picture joshrosso on 19 Apr 2017

I've located the issue, it relates to when a record that is not of Type A exists in same hosted zone as your ingress resource's record. It'll be fixed tomorrow.

joshrosso picture joshrosso on 19 Apr 2017
🎉2

@yawboateng @treyhyde

Please note that quay.io/coreos/alb-ingress-controller:1adffb1d reflects this change. Please re-open this if the issue persists.

Thanks again for filing this.

joshrosso picture joshrosso on 19 Apr 2017
👍1

@joshrosso thanks for the quick fix,

using 1adffb1d, im getting a 504 Gateway Time-out and I noticed the target groups shows all the nodes as unhealthy with message:
None of these Availability Zones contains a healthy target. Requests are being routed to all targets.

services are exposed as NodePort and ingress uses the same configuration as one above

yawboateng picture yawboateng on 19 Apr 2017

nevermind. I had the wrong security group

yawboateng picture yawboateng on 19 Apr 2017

@yawboateng, great, yes sounded SG/Subnet related.

joshrosso picture joshrosso on 19 Apr 2017

yep. are there any plans to have the controller automatically create the appropriate security groups? and maybe also detect the right subnet?

yawboateng picture yawboateng on 19 Apr 2017

@yawboateng

There are, soon. We need to burn down some more stability fixes before we can tackle #6 and #7.

I could see them coming in roughly 1 week.

joshrosso picture joshrosso on 19 Apr 2017
🎉1

great! thanks @joshrosso

yawboateng picture yawboateng on 19 Apr 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

brylex418 picture brylex418  路  4Comments
khacminh picture khacminh  路  3Comments
ghostsquad picture ghostsquad  路  4Comments
amalagaura picture amalagaura  路  4Comments
ishaannarang picture ishaannarang  路  5Comments