What happened:
Having set up external-dns to use traefik-proxy, it did not create dns records with IngressRoute. It would only create the record with the external-dns.alpha.kubernetes.io/target annotation. This however failed if the target was another domain.
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: hops
annotations:
external-dns.alpha.kubernetes.io/target: traefik.example.com # nothing happens if this is missing
cert-manager.io/cluster-issuer: letsencrypt
spec:
entryPoints:
- foo
routes:
- kind: Rule
match: Host(`app.example.com`)
services:
- kind: Service
passHostHeader: true
scheme: https
name: hops
port: 9000
tls:
domains:
- main: app.example.com
secretName: app-tls
When setting external-dns.alpha.kubernetes.io/target: traefik.example.com the following error appears in external-dns's log.
{"level":"info","msg":"Add records: cname-app.example.com. TXT [\"heritage=external-dns,external-dns/owner=external-dns,external-dns/resource=ingressroute/default/app\"] 300","time":"2023-09-30T16:51:33Z"}
{"level":"info","msg":"Add records: app.example.com. CNAME [traefik.example.com.] 300","time":"2023-09-30T16:51:33Z"}
{"level":"info","msg":"Add records: app.example.com. TXT [\"heritage=external-dns,external-dns/owner=external-dns,external-dns/resource=ingressroute/default/app\"] 300","time":"2023-09-30T16:51:33Z"}
{"level":"fatal","msg":"googleapi: Error 400: The resource record set 'entity.change.additions[app.example.com.][CNAME]' is invalid because the DNS name 'app.example.com.' has a resource record set of the type 'TXT'. A DNS name may have either one CNAME resource record set or resource record sets of other types, but not both.\nMore details:\nReason: cnameResourceRecordSetConflict, Message: The resource record set 'entity.change.additions[app.example.com.][CNAME]' is invalid because the DNS name 'app.example.com.' has a resource record set of the type 'TXT'. A DNS name may have either one CNAME resource record set or resource record sets of other types, but not both.\nReason: cnameResourceRecordSetConflict, Message: The resource record set 'entity.change.additions[app.example.com.][TXT]' is invalid because the DNS name 'app.example.com.' has a resource record set of the type 'TXT'. A DNS name may have either one CNAME resource record set or resource record sets of other types, but not both.\n","time":"2023-09-30T16:51:33Z"}
What you expected to happen:
The domain app.example.com would have been created and correctly connected.
How to reproduce it (as minimally and precisely as possible):
Other than traefik and external-dns being set up, this is all you need.
Anything else we need to know?:
Environment:
- External-DNS version (use
external-dns --version): v0.13.6
- DNS provider: letsencrypt
- Others: traefik v2.10.4
What happened:
Having set up external-dns to use
traefik-proxy, it did not create dns records with IngressRoute. It would only create the record with theexternal-dns.alpha.kubernetes.io/targetannotation. This however failed if the target was another domain.When setting
external-dns.alpha.kubernetes.io/target: traefik.example.comthe following error appears in external-dns's log.What you expected to happen:
The domain
app.example.comwould have been created and correctly connected.How to reproduce it (as minimally and precisely as possible):
Other than traefik and external-dns being set up, this is all you need.
Anything else we need to know?:
Environment:
external-dns --version): v0.13.6