You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thank you for the project! We use ExternalDNS to manage DNS for our Kubernetes clusters with Azure Private DNS. Here's our setup and example use case (with sensitive values replaced by placeholders):
Azure Private DNS zone: a single internal.example.com zone
Kubernetes clusters: cluster-1, cluster-2
Applications: service-a (deployed to cluster-1) and service-b (deployed to cluster-2)
The applications deployed to each cluster will have the following hosts in their Ingress object (following the $APP.$CLUSTER.internal.example.com convention):
service-a.cluster-1.internal.example.com
service-b.cluster-2.internal.example.com
Each cluster has a separate ExternalDNS controller.
Because each cluster is managed by a different team, we want to avoid accidental misconfiguration by specifying --domain-filter to limit the scope of ExternalDNS on each cluster to only Ingress hostnames with the $CLUSTER.internal.example.com suffix.
But when we add --domain-filter=$CLUSTER.internal.example.com, we get the following error:
Ignoring changes to 'service-a.cluster-1.internal.example.com' because a suitable Azure Private DNS zone was not found
(It does work without the --domain-filter flag)
After reading the code we noticed that --domain-filter actually filters the zone name, not the domain name in Ingress object, and the Azure DNS provider (--privider=azure) has an optional --zone-name-filter flag that changes the behaviour of --domain-filter to filter Ingress domains instead (implemented in #1060), but there's no implementation for that flag in the Azure Private DNS provider (--provider=azure-private-dns)
What you expected to happen:
Initially, I expected the --domain-filter flag to filter the hostnames in Ingress spec.rules.*.host, but seems like I misunderstood and it's a design decision.
If I understand correctly, the --zone-name-filter flag was added to Azure DNS to alter the behavior of --domain-filter to make it backward compatible and avoid breaking changes.
If that's the case, I expect Azure Private DNS to have the same consistent behaviour as Azure (public) DNS. I created a PR (#4346) to port the same feature to Azure Private DNS.
How to reproduce it (as minimally and precisely as possible):
I understand this frustration of different behavior between both Azure providers.
Nonetheless, this current behavior of changing one parameter behavior when a second one is set is bad UserXP.
After reading the code, we noticed that --domain-filter actually filters the zone name, not the domain name in Ingress object
A parameter named domain-filter should filter domain name, not zone name.
So if I follow you correctly, this is that behavior that should be changed and fixed, for both Azure providers.
What happened:
Thank you for the project! We use ExternalDNS to manage DNS for our Kubernetes clusters with Azure Private DNS. Here's our setup and example use case (with sensitive values replaced by placeholders):
internal.example.com
zonecluster-1
,cluster-2
service-a
(deployed tocluster-1
) andservice-b
(deployed tocluster-2
)The applications deployed to each cluster will have the following hosts in their Ingress object (following the
$APP.$CLUSTER.internal.example.com
convention):service-a.cluster-1.internal.example.com
service-b.cluster-2.internal.example.com
Each cluster has a separate ExternalDNS controller.
Because each cluster is managed by a different team, we want to avoid accidental misconfiguration by specifying
--domain-filter
to limit the scope of ExternalDNS on each cluster to only Ingress hostnames with the$CLUSTER.internal.example.com
suffix.But when we add
--domain-filter=$CLUSTER.internal.example.com
, we get the following error:(It does work without the
--domain-filter
flag)After reading the code we noticed that
--domain-filter
actually filters the zone name, not the domain name in Ingress object, and the Azure DNS provider (--privider=azure
) has an optional--zone-name-filter
flag that changes the behaviour of--domain-filter
to filter Ingress domains instead (implemented in #1060), but there's no implementation for that flag in the Azure Private DNS provider (--provider=azure-private-dns
)What you expected to happen:
Initially, I expected the
--domain-filter
flag to filter the hostnames in Ingressspec.rules.*.host
, but seems like I misunderstood and it's a design decision.If I understand correctly, the
--zone-name-filter
flag was added to Azure DNS to alter the behavior of--domain-filter
to make it backward compatible and avoid breaking changes.If that's the case, I expect Azure Private DNS to have the same consistent behaviour as Azure (public) DNS. I created a PR (#4346) to port the same feature to Azure Private DNS.
How to reproduce it (as minimally and precisely as possible):
Here's the relevant ExternalDNS configuration:
Cluster 1:
Cluster 2:
Anything else we need to know?:
Environment:
external-dns --version
): v0.14.1The text was updated successfully, but these errors were encountered: