Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow to override DNS record targets #1800

Open
illrill opened this issue Jan 10, 2025 · 1 comment
Open

Allow to override DNS record targets #1800

illrill opened this issue Jan 10, 2025 · 1 comment

Comments

@illrill
Copy link

illrill commented Jan 10, 2025

Description

K8GB assumes that the Ingress status.loadBalancer.ingress[].ip field(s) are always the desired target(s) for K8GB managed DNS records. This is not always the case, see below example scenarios.

Looking at External DNS, it has the capabilities to override the target of managed records, either globally or per Ingress:

  • The argument --default-targets allows users to globally set the default target for all DNS records that are under management of the External DNS controller. It supports both FQDNs (resulting in CNAMEs) and IPs (resulting in A records). This flag takes precedence over the status.loadBalancer.ingress[].ip field(s).
  • The Ingress annotation external-dns.alpha.kubernetes.io/target allows users to override the target for DNS records created for each of the Ingress' hosts. It supports both FQDNs (resulting in CNAMEs) and IPs (resulting in A records). This annotation takes precedence over both the --default-targets flag and the status.loadBalancer.ingress[].ip field(s).

I propose to add the equivalent capabilities to K8GB so that users can set the DNS record targets to any arbitrary IP or FQDN.

Scenarios

It's not uncommon to run the cluster ingress controller behind some other form of reverse proxy, in below example an Azure Application Gateway. In this case, the Azure Application Gateway's public IP should be the target of the foo.com and bar.com DNS records managed by K8GB.

flowchart TB

subgraph Azure
gateway-ip("Public IP")
gateway[Azure Application Gateway]
end

subgraph cluster[Cluster]
ingress-ip("LoadBalancer Service<br>Private IP")
ingress-controller[Ingress Controller]
ingress-controller --> ingress-x["Ingress<br>_Host: foo.com_"]
ingress-controller --> ingress-y["Ingress<br>_Host: bar.com_"]


subgraph ns-x[Namespace X]
ingress-x -.Routing rule.-> Service-X --> Pod-X
ingress-x -.Routing rule.-> Service-Y --> Pod-Y
end

subgraph ns-y[Namespace Y]
ingress-y -.Routing rule.-> Service-Z --> Pod-Z
end

end
gateway-ip --- gateway --> ingress-ip --- ingress-controller
client-a --bar.com--> gateway-ip
client-b --foo.com--> gateway-ip
Loading

In another case there might be an existing intermediate CNAME record managed by something else / someone else, that we'd want to use as the target for DNS records managed by K8GB.

flowchart TB

subgraph cluster[Cluster]
ingress-ip("LoadBalancer Service<br>Public IP")
ingress-controller[Ingress Controller]
ingress-controller --> ingress-x["Ingress<br>_Host: foo.com_"]
ingress-controller --> ingress-y["Ingress<br>_Host: bar.com_"]


subgraph ns-x[Namespace X]
ingress-x -.Routing rule.-> Service-X --> Pod-X
ingress-x -.Routing rule.-> Service-Y --> Pod-Y
end

subgraph ns-y[Namespace Y]
ingress-y -.Routing rule.-> Service-Z --> Pod-Z
end

end
cname(CNAME<br>cluster-domain.com) --> ingress-ip --- ingress-controller
client-a --bar.com--> cname
client-b --foo.com--> cname
Loading
@abaguas
Copy link
Collaborator

abaguas commented Jan 13, 2025

Thank you for creating an issue and for the detailed description. The first scenario, overriding the load-balancer's IP address, would be solved by #1710. We should be able to merge this week do a release before the end of the month.


The second one, publishing CNAMEs, is not supported. At the moment K8GB only holds A records, to make that happen we would have to also support CNAMEs. We would also have to rethink some failover algorithms. For example, we implement the roundrobin strategy by returning multiple A records, 1 per cluster. However, a domain cannot have multiple CNAME records.
Do you have this usecase or is it a setup that you have seen in the past? So that we can prioritize this feature request accordingly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants