Limit number of dns entries by external dns

lovedigit · November 17, 2019, 6:34am

Hello,

I am using external dns app on rancher 2.2.7 to resolve pods and services. I have set it up to sync dns entries to cloudflare to route traffic to correct pod corresponding to the queried domain.
However, I can’t seem to figure out how to limit the dns entries on cloudflare to one or two node ip address as A record. Right now, it populates the as many A records as there are worker nodes. So, if there are 7 worker nodes, I have 7 dns entries on cloudflare. Which is pretty redundant, specially when you’re using subdomain for each services, and cloudflare only allow 1000 entries per domain max.

Is there a way to specify a certain IP address as entrypoint that can be reflected on cloudflare, instead of having indefinite number of dns entries corresponding to the number of worker nodes?

Fraser_Goffin · November 19, 2019, 10:24pm

Why not use your external dns to point to a external load balancer using a wildcard A record and then handle all the routing via the IngressController and ingress objects within the cluster ?

lovedigit · November 20, 2019, 1:09am

Sorry, I am not sure what you mean.
Do you have any resources that I can refer to?
Thank you very much.

adampl · November 21, 2019, 10:21pm

What type is your service? If it’s a NodePort, then you also have to set externalTrafficPolicy: Local, otherwise each node will receive an A record regardless of pod location (which IMHO is stupid). But then make sure you understand the potential consequences of using this policy, depending on your cloud provider.

Here is the code fragment:

github.com

kubernetes-sigs/external-dns/blob/9418e3acd83db8066d07efb80131c9c3ede03f82/source/service.go#L467-L497


	switch svc.Spec.ExternalTrafficPolicy {
	case v1.ServiceExternalTrafficPolicyTypeLocal:
		labelSelector, err := metav1.ParseToLabelSelector(labels.Set(svc.Spec.Selector).AsSelectorPreValidated().String())
		if err != nil {
			return nil, err
		}
		selector, err := metav1.LabelSelectorAsSelector(labelSelector)
		if err != nil {
			return nil, err
		}
		pods, err := sc.podInformer.Lister().Pods(svc.Namespace).List(selector)
		if err != nil {
			return nil, err
		}


		for _, v := range pods {
			if v.Status.Phase == v1.PodRunning {
				node, err := sc.nodeInformer.Lister().Get(v.Spec.NodeName)
				if err != nil {
					log.Debugf("Unable to find node where Pod %s is running", v.Spec.Hostname)

This file has been truncated. show original

lovedigit · December 18, 2019, 6:01am

I did set externalTrafficPolicy to local. But it didn’t do anything.

Is there anything else I am missing? @adampl

Edit: I figured out that we can set the target IP address using the annotation in load balancer. But it is not feasible if nodes are dynamic.
external-dns.alpha.kubernetes.io/target: "IP Address"

I am still looking for more elegant solution.

adampl · December 18, 2019, 1:08pm

The screenshot you posted shows External DNS config, but the externalTrafficPolicy should be set in the Service object.

lovedigit · December 31, 2019, 9:04am

You mean, I should put service.externalTrafficPolicy instead?

adampl · December 31, 2019, 9:47am

No, I mean put it in each Service in your cluster that you want to be resolved by External DNS - the same objects that you annotate with external-dns.alpha.kubernetes.io/..., but this field should be set in the spec section instead, just like type: LoadBalancer.

lovedigit · December 31, 2019, 10:04am

Can you tell me in respect to the rancher UI?
Thank you. I really appreciate this.

adampl · December 31, 2019, 11:00am

Workloads > Service discovery > Edit (selected service) > Show advanced options > External Traffic Policy

But really, you better master the k8s basics and learn to do this with kubectl, because some things cannot be done in the UI.

lovedigit · January 7, 2020, 7:13am

Do you know if we can specify a specific IP address for all cloudflare dns entries?

lovedigit · January 7, 2020, 7:15am

Yes, I know. I am learning and doing my best. I am not just afraid to ask questions.

adampl · January 7, 2020, 10:50am

You can do this with a Service of type LoadBalancer but I don’t know if CloudFlare respects the loadBalancerIP field: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer

Topic		Replies	Views
Global DNS with Cloudflare - how to set other IP adress for dns records? Rancher 2.x	2	875	March 18, 2021
Ingresses, External DNS and fault tolerance Rancher 2.x	1	641	October 22, 2018
Loadbalancer entry point Rancher 1.x	5	1303	February 15, 2017
ExternalDNS: Record created in Cloudflare GUI but not on DNS servers Rancher 2.x	0	378	August 22, 2020
How to use External DNS Rancher 1.x	6	4024	March 23, 2016

Limit number of dns entries by external dns

Related Topics