External-dns: FR: Read hostnames from spec.tls.hosts for Ingress

Created on 21 Jun 2018  路  3Comments  路  Source: kubernetes-sigs/external-dns

On Ingress object "spec.rules" block is not strictly required for it to function.
"If unspecified, or no rule matches, all traffic is sent to the default backend",
see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#ingressspec-v1beta1-extensions

There is another place external-dns could learn hostnames from: "spec.tls.hosts".
Would be nice to have support for this so we can skip using annotation workaround on Ingress object, see https://github.com/kubernetes-incubator/external-dns/commit/c2751f81cf10666dccec13abccff9038c4aa161e

Examples:
This is how I want to have my Ingress object defined

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myingress
  annotations:
   ... # annotations for cert-manager omitted for clarity
spec:
  tls:
  - hosts:
    - myfoo.example.com
    secretName: external-ingress-tls
  backend:
    serviceName: fooservice
    servicePort: 80

This is how I have to define it now (with annotation workaround):

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myingress
  annotations:
   ... # annotations for cert-manager omitted for clarity
    external-dns.alpha.kubernetes.io/hostname: myfoo.example.com
spec:
  tls:
  - hosts:
    - myfoo.example.com
    secretName: external-ingress-tls
  backend:
    serviceName: fooservice
    servicePort: 80

Or, alternatively, more verbose with "spec.rules.hosts":

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myingress
  annotations:
   ... # annotations for cert-manager omitted for clarity
spec:
  tls:
  - hosts:
    - myfoo.example.com
    secretName: external-ingress-tls
  rules:
  - host: myfoo.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: fooservice
          servicePort: 80
picture ysoldak
👀1 😕1 👎1 👍1

Most helpful comment

this new behaviour breaks my setup so I cannot update to v0.5.4.
At the same time I need some features introduced in v0.5.5.
Could you please introduce some toggle to be able to retain old logic?

picture kostyrev on 3 Jul 2019
👍2

All 3 comments

Not opposed to this but it was a bit surprising to see this come up on a few Ingress resources we had previously deployed but conditionally exposed via Annotation.

In the future it would seem like a major version bump for fairly significant functional change that doesn't have a flag to turn off might be valuable.

That being said, thanks for contributing to the project!

jrnt30 picture jrnt30 on 7 Sep 2018

I like picking up the domain names from the Ingress rather than from the annotation. However, the behavior change appears to remove the choice about which Ingress' you wish external DNS to act on, as @jrnt30 discovered. I would prefer, just like cert-manager in your example, that some flag or annotation is required, so you can choose. Or at least the install option to regain control - is that still possible with this change?

whereisaaron picture whereisaaron on 11 Mar 2019
👍1

this new behaviour breaks my setup so I cannot update to v0.5.4.
At the same time I need some features introduced in v0.5.5.
Could you please introduce some toggle to be able to retain old logic?

kostyrev picture kostyrev on 3 Jul 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

placydo picture placydo  路  5Comments
Fettah picture Fettah  路  4Comments
neilhwatson picture neilhwatson  路  4Comments
grahamhayes picture grahamhayes  路  5Comments
bzon picture bzon  路  3Comments