I created an external-DNS on my cluster, but no records are getting created for alb endpoints. logs show "Skipping record because no hosted zone matching record DNS Name was detected All records are already up to date, there are no changes for the matching hosted zones"
Here is my external DNS manifest: I followed this [tutorial][1]
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
namespace: test
# If you're using Amazon EKS with IAM Roles for Service Accounts, specify the following annotation.
# Otherwise, you may safely omit it.
annotations:
# Substitute your account ID and IAM service role name below.
eks.amazonaws.com/role-arn: arn:aws:iam::XXXXXXXXX:role/ExternalDNSRole
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: external-dns
rules:
- apiGroups: [""]
resources: ["services", "endpoints", "pods"]
verbs: ["get", "watch", "list"]
- apiGroups: ["extensions", "networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
magento: test
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns
magento: test
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: external-dns
template:
metadata:
labels:
app: external-dns
spec:
serviceAccountName: external-dns
containers:
- name: external-dns
image: k8s.gcr.io/external-dns/external-dns:v0.7.3
args:
- --source=service
- --source=ingress
- --domain-filter=test.cloud
- --provider=aws
- --aws-prefer-cname
# - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
- --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
- --registry=txt
- --txt-owner-id=XXXXX
- --txt-prefix={{ test-frontend. }}
- --log-level=debug
resources:
limits:
cpu: 10m
memory: 128Mi
requests:
cpu: 10m
memory: 128Mi
securityContext:
fsGroup: 65534 # For ExternalDNS to be able to read Kubernetes and AWS token files
[1]: http://%20https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md)
Following is service manifest:
apiVersion: v1
kind: Service
metadata:
name: "test-web"
namespace: magento
annotations:
external-dns.alpha.kubernetes.io/hostname: test-frontend.test.cloud
labels:
app: test-web
k8s-app: test
spec:
ports:
- name: "http"
port: 80
protocol: TCP
targetPort: 80
type: NodePort
selector:
app: test-web
And this is my ingress manifest:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: main
namespace: magento
annotations:
kubernetes.io/ingress.class: alb
external-dns.alpha.kubernetes.io/hostname: test.cloud
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:eu-west-2:342366666223132:certificate/aac2312b13231213a03-a2d3123123b-433312312324f-b2f9-058ca1213951f30
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": {"Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/scheme: internet-facing
labels:
app: test-web
spec:
rules:
- host: test-frontend.test.cloud
- http:
paths:
- path: /*
backend:
serviceName: magento-web
servicePort: 80