-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: resolve dns targets in ingress based records to create A/AAAA instead of CNAME #4255
base: master
Are you sure you want to change the base?
feat: resolve dns targets in ingress based records to create A/AAAA instead of CNAME #4255
Conversation
Welcome @n-marton! |
Hi @n-marton. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
949bbf8
to
1f3c350
Compare
@n-marton: Cannot trigger testing until a trusted user reviews the PR and leaves an In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
1f3c350
to
404d3bc
Compare
sure thing: so in cases, where you have an ingress controller listening on proxy protocol, but you also have to reach said ingress controller from inside the cluster, you actually have to work around the fact, that if the LoadBalancer type service has an IP, the traffic will never leave the cluster, now this is easily fixable if your LoadBalancer solution supports FQDNs as LoadBalancer status lets say IP octets separated by dashes under some domain, now these FQDNs don't necessary have to exist, you might resolve them via a Lua script with an ease, but in this case authority can be a problem, so much easier to do A/AAAA records then CNAMEs. Added a line into the docs. |
/ok-to-test |
@n-marton why you do not use a similar setup as described in https://opensource.zalando.com/skipper/kubernetes/ingress-controller/#run-as-api-gateway-with-east-west-setup for cluster local traffic to the ingress controller? |
maybe I am missing something, but I don't get how this would solve the proxy protocol listening problem |
it was also referred here in the loadbalancer thread that it would also be needed to be done for ingresses |
@szuecs @mloiseleur anything else required on this? |
Signed-off-by: n-marton <[email protected]>
404d3bc
to
4129f3c
Compare
I'm not sure to totally follow your use case 🤔. Anyway, the code looks good and the feature is documented. |
/assign @Raffo |
any update here, anything we can help with to move this forward? |
/unassign @Raffo #4255 (comment) said use case is unclear, so I would say we do not accept this PR right now. For me it's more a feature request to your ingress controller that can orchestrate external-dns as they wish. |
@@ -46,3 +46,6 @@ the values from that. | |||
|
|||
2. Otherwise, iterates over the Ingress's `status.loadBalancer.ingress`, | |||
adding each non-empty `ip` and `hostname`. | |||
|
|||
In the case that `--resolve-ingress-target-hostname` set, it will resolve hostnames in the status to create | |||
A/AAAA records instead of CNAME. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would say this is a feature request to the controller that creates the status field.
even in the original PR #3554 that added the same functionality for Services types (and was also lgtm -ed by you), there was a discussion about doing the same for Ingresses in a second PR, that nobody followed up, if you are against this then could you please also leave a comment on that original PR that this feature is not encouraged anymore for ingresses, so no one else will waste time on it |
One more usecase: lets say you have an ingress object like this
if the loadbalancer backing the ingress controller next gets an fqdn instead of an IP and it will generate the following ingress
in this case, external-dns will error you because |
That's what I said: it's a bug in the ingress controller. |
One could argue that it is easier to solve it on external dns level, than get it into each ingress controller, just checking a few more popular ones:
However I get the feeling the this wont be ever merged as is, no matter the argument. Just to stop more running in circles, I would be also fine using CNAMEs, if external-dns would be able to handle the transition between A and CNAME records, if I would make a PR about that feature, would that be suppoted? |
/hold |
@szuecs could you please also answer to Marton so we can move this forward, one way or another? Thanks! |
@szuecs Could you help us out here and/or elaborate whether allowing transition between A and CNAME is ok here?
This is blocking a few things for us, please if we cannot proceed close this issue and let us know. |
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
Description
Similar feature to the one added in #3554 but for ingress based records.
Turned off by default, if the flag is set it will resolve the target dns record, and create A/AAAA instead of CNAME.
Checklist