External-dns: DNS in ingress incorrectly(?) points to the node.

Created on 5 Jun 2017  路  7Comments  路  Source: kubernetes-sigs/external-dns

Hi, I have a nginx ingress controller deployed into k8s on AWS. I've deployed an echoserver as a test, with a service in front of the pod and a ingress in front of that. From a layer 7 point of view it all works as expected. I see my traffic in the nginx logs, I get responses from the echoserver.

The problem I'm seeing is when I try to add a DNS name to the ingress, external-dns spots the hostname in the manifest and adds the record to R53, however it is adding an A record to the IP of the actual node the ingress controller is running on, not (what I believe should happen) an ALIAS to the ELB the ingress controller created.

Example ingress:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: bar
  annotations:
    kubernetes.io/ingress.class: "nginx"
    external-dns.alpha.kubernetes.io/hostname: bar.example.com
spec:
  rules:
  - host: bar.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: echoserver
          servicePort: 80

Results in this DNS record being added (along with the associated TXT record):

bar.exmaple.com.    A    1.2.3.4

Am I misunderstanding how this should work or is this the expected behaviour?

kinsupport
Source
picture rk295

Most helpful comment

@rk295 AFAIK you can place a service with [type=LoadBalancer] and then pass it to nginx-controller via --publish-service flag. It should work as expected then, as service with get a correct DNS Name pointing to its ELB which would route the traffic to the nginx as expected

picture ideahitme on 5 Jun 2017
👍3

All 7 comments

@rk295 what is the output of kubectl get ingress bar -o yaml (namely the status field)?

External-dns will just use whatever hostname/IP that is defined in the status of the ingress, so I suspect the ingress controller is setting the node IP rather than the ELB hostname.

mikkeloscar picture mikkeloscar on 5 Jun 2017

I've ripped down my test rig, so you'll have to excuse the format of this (I copied from my terminal history): 

% kubectl get ing --namespace juice
NAME      HOSTS                                                ADDRESS        PORTS     AGE
bar       bar.example.com                                      1.2.3.4        80        1h

I think you are right, the ingres is reporting the node ip, which external-dns is then happily trusting.

So I guess my question is actually: how do I get the ingress or the ingress controller to report its ELB name, that would seem to be the most sensible thing to attach DNS records to.

rk295 picture rk295 on 5 Jun 2017

@rk295 AFAIK you can place a service with [type=LoadBalancer] and then pass it to nginx-controller via --publish-service flag. It should work as expected then, as service with get a correct DNS Name pointing to its ELB which would route the traffic to the nginx as expected

ideahitme picture ideahitme on 5 Jun 2017
👍3

@rk295 Have you checked our docs regarding nginx-ingress controller: https://github.com/kubernetes-incubator/external-dns/blob/master/docs/tutorials/nginx-ingress.md#with-a-separate-tcp-load-balancer?

Does using --publish-service work for you?

linki picture linki on 12 Jun 2017
👍1

Hi @linki @ideahitme apologies for the late reply, yes --publish-service works great once I realised it was only added in recent builds! I've now got kube-lego and external-dns playing nicely together, which was my goal. Thanks for the help.

rk295 picture rk295 on 12 Jun 2017
👍1

@rk295, could you share your setup? That would be awesome! I have the same environment: AWS, kops, ExternalDNS, nginx-ingress-controller, kube-lego. I'm having this error in ExternalDNS though:

Invalid Resource Record: FATAL problem: ARRDATAIllegalIPv4Address (Value is not a valid IPv4 address) encountered with 'xxxxxxxxxxxxxxx.eu-west-1.elb.amazonaws.com'.

I used following nginx ingress setup:
https://github.com/kubernetes/kops/tree/master/addons/ingress-nginx. As I understand it, it's taking the ELB hostname from the nginx service as ingress address. Then ExternalDNS takes that address and puts it into Route 53. Correct? Route 53 doesn't like that non-IP address however...

accnops picture accnops on 21 Nov 2017

Nevermind, I ended up ditching my own kubernetes config files, and used the official helm charts for ExternalDNS and nginx-ingress instead. Now ExternalDNS sees it's not an IP address, and creates and ALIAS instead.

Using the helm chart, I also had to set --publish-service to true.

accnops picture accnops on 22 Nov 2017
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dryewo picture dryewo  路  3Comments
nyetwurk picture nyetwurk  路  4Comments
wndhydrnt picture wndhydrnt  路  3Comments
placydo picture placydo  路  5Comments
ysoldak picture ysoldak  路  3Comments