Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

k8gb incorrectly updates Nameserver A record TTL when multiple GSLB objects exist with different TTLs #1837

Open
steemax opened this issue Feb 27, 2025 · 1 comment
Open

k8gb incorrectly updates Nameserver A record TTL when multiple GSLB objects exist with different TTLs #1837

steemax opened this issue Feb 27, 2025 · 1 comment
Labels
bug Something isn't working

Comments

@steemax
Copy link

steemax commented Feb 27, 2025

Description

When multiple GSLB objects exist in the cluster with different dnsTtlSeconds values, the k8gb controller incorrectly applies these TTL values to the Nameserver A record in the DNSEndpoint resource. This results in an infinite loop where the controller continuously changes the Nameserver A record TTL, alternating between values from different GSLB objects.

Steps to Reproduce

  1. Create two or more GSLB objects with different dnsTtlSeconds values:
apiVersion: k8gb.absa.oss/v1beta1
kind: Gslb
metadata:
  name: gslb1
  namespace: namespace1
spec:
  ingress:
    ingressClassName: traefik
  resourceRef:
    apiVersion: networking.k8s.io/v1
    kind: Ingress
    matchLabels:
      app: gateway1
  strategy:
    dnsTtlSeconds: 20
    primaryGeoTag: apa
    splitBrainThresholdSeconds: 120
    type: roundRobin

and

apiVersion: k8gb.absa.oss/v1beta1
kind: Gslb
metadata:
  name: gslb2
  namespace: namespace2
spec:
  ingress:
    ingressClassName: traefik
  resourceRef:
    apiVersion: networking.k8s.io/v1
    kind: Ingress
    matchLabels:
      app: gateway2
  strategy:
    dnsTtlSeconds: 10
    primaryGeoTag: apa
    splitBrainThresholdSeconds: 120
    type: roundRobin
  1. Observe the DNSEndpoint resource in the k8gb namespace:
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
  annotations:
    k8gb.absa.oss/dnstype: extdns
  name: k8gb-ns-extdns
  namespace: k8gb
spec:
  endpoints:
    - dnsName: common.geo.paywb.com
      recordTTL: 20  # Incorrectly applied TTL
      recordType: NS
      targets:
        - gslb-ns-apa-common.geo.example.com
        - gslb-ns-ipa-common.geo.example.com
    - dnsName: gslb-ns-ipa-common.geo.example.com
      recordTTL: 20  # Incorrectly applied TTL
      recordType: A
      targets:
        - 10.230.107.10
  1. Notice that the TTL for the Nameserver A record is constantly changing as the controller alternates between different TTL values from GSLB objects.

Expected Behavior

Changing dnsTtlSeconds in a GSLB object should only affect the DNS records for that specific service.
The Nameserver A record TTL should not be altered based on different GSLB objects’ TTL values.

Actual Behavior

The k8gb controller updates the Nameserver A record TTL based on dnsTtlSeconds from any GSLB object in the cluster, causing continuous updates.

Versions

k8gb: v0.14.0
external-dns: v0.13.4-azure-ns-multiarch
Kubernetes: v1.27
@ytsarev ytsarev added the bug Something isn't working label Mar 7, 2025
@ytsarev
Copy link
Member

ytsarev commented Mar 7, 2025

@steemax Thanks a lot for the details report and the investigation!

@kuritka @k0da have you seen this behavior in the latest iterations? fixing it should reduce the load on the upstream DNS server, can be a part of recent optimizations

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ytsarev @steemax