Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support overriding the target of endpoints per-address family #4747

Open
starcraft66 opened this issue Sep 17, 2024 · 0 comments
Open

Support overriding the target of endpoints per-address family #4747

starcraft66 opened this issue Sep 17, 2024 · 0 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@starcraft66
Copy link

What would you like to be added: Support for defining the target ip address of a certain address family while using the discovered ip address of the other family.

Why is this needed:

My dual-stack kubernetes cluster (and I suspect many others) is located behind an IPv4 NAT, but has native IPv6 access. This means that services of type LoadBalancer are assigned ExtenalIPs (by cilium lb-ipam in my case) in both the IPv4 RFC1918 range and a GUA address pool dedicated to my cluster.

External IPv4 connections are NATed on a router in front of the kubernetes cluster and kubernetes has no idea what the outside address of this NAT is, but I can manually specify it via the external-dns.alpha.kubernetes.io/target annotation. The problem is that if I do this, the discovered IPv6 record will not be published because I just overrode it with only an IPv4 address.

This leaves me in 3 situations, not of them being optimal IMO:

  1. I don't use any annotation, resulting in external-dns publishing my service's RFC1918 address in the A record and the IPv6 GUA address in the AAAA record. Result: IPv6 connectivity theoretically works fine but IPv4 connectivity will resolve to an address people outside the LAN can't reach.

  2. I use the external-dns.alpha.kubernetes.io/target annotation set to an IPv4 address to publish an A record with the external IP of my NAT. Result: IPv4 connectivity works fine but no AAAA record will be published so IPv6 is broken.

  3. I use the external-dns.alpha.kubernetes.io/target to set both and IPv4 and IPv6 address, comma-separated. Result: IPv4 and IPv6 connectivity work fine, but I have to manually define the ExternalIP on my services to avoid desyncs and I lose the niceties of having IP addresses dynamically allocated by my k8s loadbalancer.

It would be nice to either have extra annotations to support this use case or a cli flag that would allow you to keep discovering addresses of a different family if external-dns.alpha.kubernetes.io/target only contains addresses of a certain family.
@starcraft66 starcraft66 added the kind/feature Categorizes issue or PR as related to a new feature. label Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@starcraft66