不会为入口资源创建DNS记录

Question

我的配置：

apiVersion: v1
kind: ServiceAccount
metadata:
  name: external-dns
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: external-dns
rules:
- apiGroups: [""]
  resources: ["services"]
  verbs: ["get","watch","list"]
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get","watch","list"]
- apiGroups: ["extensions"] 
  resources: ["ingresses"] 
  verbs: ["get","watch","list"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["list"]
- apiGroups: ["networking.istio.io"]
  resources: ["gateways"]
  verbs: ["get","watch","list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: external-dns-viewer
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: external-dns
subjects:
- kind: ServiceAccount
  name: external-dns
  namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: external-dns
  namespace: kube-system
spec:
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: external-dns
    spec:
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: registry.opensource.zalan.do/teapot/external-dns:latest
        args:
        - --source=ingress
        - --source=istio-gateway
        - --domain-filter=xxx
        - --policy=upsert-only
        - --provider=azure
        volumeMounts:
        - name: azure-config-file
          mountPath: /etc/kubernetes
          readOnly: true
      volumes:
      - name: azure-config-file
        secret:
          secretName: azuredns-config

Istio网关对象正在解析，DNS记录正在创建(这发生在一段时间之前，我现在在日志中看不到任何东西)。由于某种原因，入口记录不会被解析。我尝试用：external-dns.alpha.kubernetes.io/hostname: my.host.name添加--source=service和注解服务，也没有效果。

有什么想法吗？这看起来很好，但不知何故不起作用。入口工作，证书管理器创建证书，如果我手动创建DNS记录入口工作正常。

Answer 1

该问题是由于nginx-ingress未将其ip地址发布到ingress资源状态字段。GH问题：https://github.com/kubernetes-incubator/external-dns/issues/456

--log-level=debug

帮助确定问题所在。通过将此添加到nginx入口控制器部署修复：

- --publish-service=kube-system/nginx-ingress-controller
- --update-status

Answer 2

我建议使用合适的云提供商角色来运行https://github.com/kubernetes-incubator/external-dns，例如AWS中的IAM角色，它允许修改Route53记录。

对于Azure：https://github.com/kubernetes-incubator/external-dns/blob/master/docs/tutorials/azure.md

在运行它时，请确保启用了入口源：https://github.com/helm/charts/blob/master/stable/external-dns/values.yaml#L8-L12

它有调试日志，所以你可以精确地检查你的记录发生了什么。