AWS の EKS 上で ExternalDNS を利用する際に policy という概念が分からなかったので、動かしながら簡単に調べてみたメモです。
policyって?
https://github.com/kubernetes-sigs/external-dns/blob/master/pkg/apis/externaldns/types.go#L410
Modify how DNS records are synchronized between sources and providers
- マニフェストファイルで定義されるものとDNSプロバイダー間でDNSレコードがどのように同期が取られるかというのを設定する
- sync, upsert-only, create-only の3種類のうちどれか
- 鋭い方ならこの時点である程度想像付くかと思う
AWS Route53と連携する場合
こちらを参照。 https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md#deploy-externaldns
- ExternalDNSの引数として
--policy=upsert-onlyが例示されている
would prevent ExternalDNS from deleting any records, omit to enable full synchronization
- またこの引数のコメントとして、(upsert-onlyは)レコードを削除するのを防ぐ、完全な同期を行う場合は(引数を)省略する、ということを言っている
- 読んで一瞬分からなかったため動かしながら確かめたという経緯
それぞれのpolicyによる働き
- 動作を確認するために、DNSレコード作成→変更→削除という流れを想定した操作を行った
事前準備
話に関わる部分だけ掻い摘んで紹介。基本的には external-dns/aws.md at master · kubernetes-sigs/external-dns · GitHub で紹介されている方法で行った。
external-dns-test.niboshino-tech.net. という hosted zone を作成。
$ aws route53 create-hosted-zone --name "external-dns-test.niboshino-tech.net." --caller-reference "external-dns-test-$(date +%s)" { "Location": "https://route53.amazonaws.com/2013-04-01/hostedzone/Z0608323LFWKCVBOP5JV", "HostedZone": { "Id": "/hostedzone/Z0608323LFWKCVBOP5JV", "Name": "external-dns-test.niboshino-tech.net.", "CallerReference": "external-dns-test-1606996869", "Config": { "PrivateZone": false }, "ResourceRecordSetCount": 2 }, "ChangeInfo": { "Id": "/change/C067512728AL1CJFU0BF9", "Status": "PENDING", "SubmittedAt": "2020-12-03T12:01:11.058000+00:00" }, "DelegationSet": { "NameServers": [ "ns-131.awsdns-16.com", "ns-1855.awsdns-39.co.uk", "ns-1374.awsdns-43.org", "ns-903.awsdns-48.net" ] } } $ hosted_zone_id='/hostedzone/Z0608323LFWKCVBOP5JV'
external-dns deployment コンテナ args の --policy 値を変えながら確認。ポリシーを切り替える時には以下手順で生成されるDNSレコードを削除しながら行った。
# external-dns.yml apiVersion: apps/v1 kind: Deployment metadata: name: external-dns spec: strategy: type: Recreate selector: matchLabels: app: external-dns template: metadata: labels: app: external-dns spec: serviceAccountName: external-dns containers: - name: external-dns image: k8s.gcr.io/external-dns/external-dns:v0.7.3 args: - --source=service - --source=ingress - --domain-filter=external-dns-test.niboshino-tech.net - --provider=aws - --policy=sync # ここを変えながら確認する - --aws-zone-type=public - --registry=txt - --txt-owner-id=my-hostedzone-identifier - --log-level=debug securityContext: fsGroup: 65534 # For ExternalDNS to be able to read Kubernetes and AWS token files
2つの service と nginx deployment。コメントアウトしているアノテーションをいじりながら確認。
# sample-service.yml apiVersion: v1 kind: Service metadata: name: nginx-1 #annotations: # external-dns.alpha.kubernetes.io/hostname: nginx.external-dns-test.niboshino-tech.net spec: type: LoadBalancer ports: - port: 80 name: http targetPort: 80 selector: app: nginx --- apiVersion: v1 kind: Service metadata: name: nginx-2 #annotations: # external-dns.alpha.kubernetes.io/hostname: nginx.external-dns-test.niboshino-tech.net spec: type: LoadBalancer ports: - port: 80 name: http targetPort: 80 selector: app: nginx --- apiVersion: apps/v1 kind: Deployment metadata: name: nginx spec: selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx name: nginx ports: - containerPort: 80 name: http
これを適用して2つのELBとひもづくサービスが生成されたのを確認。
$ kubectl apply -f sample-service.yml service/nginx-1 created service/nginx-2 created deployment.apps/nginx created $ kubectl describe svc nginx-1 | grep -i ingress LoadBalancer Ingress: a99a72c973d704f21b37154b784f9e42-511373786.ap-northeast-1.elb.amazonaws.com $ kubectl describe svc nginx-2 | grep -i ingress LoadBalancer Ingress: a6779323f48a9429896681eff5889292-1848281942.ap-northeast-1.elb.amazonaws.com
sync
# nginx-1 にアノテーション付与 $ kubectl logs external-dns-xxxxx time="2020-12-03T13:12:54Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:12:54Z" level=debug msg="No endpoints could be generated from service kube-system/kube-dns" time="2020-12-03T13:12:54Z" level=debug msg="No endpoints could be generated from service default/nginx-2" time="2020-12-03T13:12:54Z" level=debug msg="Endpoints generated from service: default/nginx-1: [nginx.external-dns-test.niboshino-tech.net 0 IN CNAME a99a72c973d704f21b37154b784f9e42-511373786.ap-northeast-1.elb.amazonaws.com []]" time="2020-12-03T13:12:54Z" level=debug msg="No endpoints could be generated from service default/kubernetes" time="2020-12-03T13:12:55Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:12:55Z" level=debug msg="Adding nginx.external-dns-test.niboshino-tech.net. to zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:12:55Z" level=debug msg="Adding nginx.external-dns-test.niboshino-tech.net. to zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:12:55Z" level=info msg="Desired change: CREATE nginx.external-dns-test.niboshino-tech.net A [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:12:55Z" level=info msg="Desired change: CREATE nginx.external-dns-test.niboshino-tech.net TXT [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:12:55Z" level=info msg="2 record(s) in zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV] were successfully updated" # ターゲットがnginx-1のロードバランサーであるAliasレコードが作成された $ aws route53 list-resource-record-sets --output json --hosted-zone-id $hosted_zone_id \ --query "ResourceRecordSets[?Name == 'nginx.external-dns-test.niboshino-tech.net.']|[?Type == 'A']" [ { "Name": "nginx.external-dns-test.niboshino-tech.net.", "Type": "A", "AliasTarget": { "HostedZoneId": "Z14GRHDCWA56QT", "DNSName": "a99a72c973d704f21b37154b784f9e42-511373786.ap-northeast-1.elb.amazonaws.com.", "EvaluateTargetHealth": true } } ] # nginx-1からアノテーションを削除しnginx-2にアノテーションを付与 $ kubectl logs external-dns-xxxxx time="2020-12-03T13:14:56Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:14:56Z" level=debug msg="No endpoints could be generated from service default/kubernetes" time="2020-12-03T13:14:56Z" level=debug msg="No endpoints could be generated from service kube-system/kube-dns" time="2020-12-03T13:14:56Z" level=debug msg="Endpoints generated from service: default/nginx-2: [nginx.external-dns-test.niboshino-tech.net 0 IN CNAME a6779323f48a9429896681eff5889292-1848281942.ap-northeast-1.elb.amazonaws.com []]" time="2020-12-03T13:14:56Z" level=debug msg="No endpoints could be generated from service default/nginx-1" time="2020-12-03T13:14:56Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:14:56Z" level=debug msg="Adding nginx.external-dns-test.niboshino-tech.net. to zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:14:56Z" level=debug msg="Adding nginx.external-dns-test.niboshino-tech.net. to zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:14:56Z" level=info msg="Desired change: UPSERT nginx.external-dns-test.niboshino-tech.net A [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:14:56Z" level=info msg="Desired change: UPSERT nginx.external-dns-test.niboshino-tech.net TXT [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:14:57Z" level=info msg="2 record(s) in zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV] were successfully updated" # nginx-2のロードバランサーがターゲットに変更された $ aws route53 list-resource-record-sets --output json --hosted-zone-id $hosted_zone_id \ --query "ResourceRecordSets[?Name == 'nginx.external-dns-test.niboshino-tech.net.']|[?Type == 'A']" [ { "Name": "nginx.external-dns-test.niboshino-tech.net.", "Type": "A", "AliasTarget": { "HostedZoneId": "Z14GRHDCWA56QT", "DNSName": "a6779323f48a9429896681eff5889292-1848281942.ap-northeast-1.elb.amazonaws.com.", "EvaluateTargetHealth": true } } ] # nginx-2からアノテーションを削除 time="2020-12-03T13:17:58Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:17:58Z" level=debug msg="No endpoints could be generated from service kube-system/kube-dns" time="2020-12-03T13:17:58Z" level=debug msg="No endpoints could be generated from service default/nginx-2" time="2020-12-03T13:17:58Z" level=debug msg="No endpoints could be generated from service default/nginx-1" time="2020-12-03T13:17:58Z" level=debug msg="No endpoints could be generated from service default/kubernetes" time="2020-12-03T13:17:58Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:17:58Z" level=debug msg="Adding nginx.external-dns-test.niboshino-tech.net. to zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:17:58Z" level=debug msg="Adding nginx.external-dns-test.niboshino-tech.net. to zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:17:58Z" level=info msg="Desired change: DELETE nginx.external-dns-test.niboshino-tech.net A [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:17:58Z" level=info msg="Desired change: DELETE nginx.external-dns-test.niboshino-tech.net TXT [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:17:59Z" level=info msg="2 record(s) in zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV] were successfully updated" # Aliasレコードが消えているのを確認 $ aws route53 list-resource-record-sets --output json --hosted-zone-id $hosted_zone_id \ --query "ResourceRecordSets[?Name == 'nginx.external-dns-test.niboshino-tech.net.']|[?Type == 'A']" []
upsert-only
作成、変更のアノテーション操作のみがDNSレコードと同期された。
# nginx-1 にアノテーション付与 time="2020-12-03T13:21:23Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:21:23Z" level=debug msg="No endpoints could be generated from service default/nginx-2" time="2020-12-03T13:21:23Z" level=debug msg="Endpoints generated from service: default/nginx-1: [nginx.external-dns-test.niboshino-tech.net 0 IN CNAME a99a72c973d704f21b37154b784f9e42-511373786.ap-northeast-1.elb.amazonaws.com []]" time="2020-12-03T13:21:23Z" level=debug msg="No endpoints could be generated from service default/kubernetes" time="2020-12-03T13:21:23Z" level=debug msg="No endpoints could be generated from service kube-system/kube-dns" time="2020-12-03T13:21:24Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:21:24Z" level=debug msg="Adding nginx.external-dns-test.niboshino-tech.net. to zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:21:24Z" level=debug msg="Adding nginx.external-dns-test.niboshino-tech.net. to zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:21:24Z" level=info msg="Desired change: CREATE nginx.external-dns-test.niboshino-tech.net A [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:21:24Z" level=info msg="Desired change: CREATE nginx.external-dns-test.niboshino-tech.net TXT [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:21:24Z" level=info msg="2 record(s) in zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV] were successfully updated" # ターゲットがnginx-1のロードバランサーであるAliasレコードが作成された aws route53 list-resource-record-sets --output json --hosted-zone-id $hosted_zone_id \ --query "ResourceRecordSets[?Name == 'nginx.external-dns-test.niboshino-tech.net.']|[?Type == 'A']" [ { "Name": "nginx.external-dns-test.niboshino-tech.net.", "Type": "A", "AliasTarget": { "HostedZoneId": "Z14GRHDCWA56QT", "DNSName": "a99a72c973d704f21b37154b784f9e42-511373786.ap-northeast-1.elb.amazonaws.com.", "EvaluateTargetHealth": true } } ] # nginx-1からアノテーションを削除しnginx-2にアノテーションを付与 time="2020-12-03T13:23:25Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:23:25Z" level=debug msg="Endpoints generated from service: default/nginx-2: [nginx.external-dns-test.niboshino-tech.net 0 IN CNAME a6779323f48a9429896681eff5889292-1848281942.ap-northeast-1.elb.amazonaws.com []]" time="2020-12-03T13:23:25Z" level=debug msg="No endpoints could be generated from service default/nginx-1" time="2020-12-03T13:23:25Z" level=debug msg="No endpoints could be generated from service default/kubernetes" time="2020-12-03T13:23:25Z" level=debug msg="No endpoints could be generated from service kube-system/kube-dns" time="2020-12-03T13:23:26Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:23:26Z" level=debug msg="Adding nginx.external-dns-test.niboshino-tech.net. to zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:23:26Z" level=debug msg="Adding nginx.external-dns-test.niboshino-tech.net. to zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:23:26Z" level=info msg="Desired change: UPSERT nginx.external-dns-test.niboshino-tech.net A [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:23:26Z" level=info msg="Desired change: UPSERT nginx.external-dns-test.niboshino-tech.net TXT [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:23:26Z" level=info msg="2 record(s) in zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV] were successfully updated" # nginx-2のロードバランサーがターゲットに変更された aws route53 list-resource-record-sets --output json --hosted-zone-id $hosted_zone_id \ --query "ResourceRecordSets[?Name == 'nginx.external-dns-test.niboshino-tech.net.']|[?Type == 'A']" [ { "Name": "nginx.external-dns-test.niboshino-tech.net.", "Type": "A", "AliasTarget": { "HostedZoneId": "Z14GRHDCWA56QT", "DNSName": "a6779323f48a9429896681eff5889292-1848281942.ap-northeast-1.elb.amazonaws.com.", "EvaluateTargetHealth": true } } ] # nginx-2からアノテーションを削除 # nginx-1, nginx-2 からエンドポイントが生成されていないが All records are already up to date となっていた time="2020-12-03T13:25:26Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:25:26Z" level=debug msg="No endpoints could be generated from service default/nginx-2" time="2020-12-03T13:25:26Z" level=debug msg="No endpoints could be generated from service default/nginx-1" time="2020-12-03T13:25:26Z" level=debug msg="No endpoints could be generated from service default/kubernetes" time="2020-12-03T13:25:26Z" level=debug msg="No endpoints could be generated from service kube-system/kube-dns" time="2020-12-03T13:25:27Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:25:27Z" level=info msg="All records are already up to date" # nginx-2のロードバランサーがターゲットのまま変更なし aws route53 list-resource-record-sets --output json --hosted-zone-id $hosted_zone_id \ --query "ResourceRecordSets[?Name == 'nginx.external-dns-test.niboshino-tech.net.']|[?Type == 'A']" [ { "Name": "nginx.external-dns-test.niboshino-tech.net.", "Type": "A", "AliasTarget": { "HostedZoneId": "Z14GRHDCWA56QT", "DNSName": "a6779323f48a9429896681eff5889292-1848281942.ap-northeast-1.elb.amazonaws.com.", "EvaluateTargetHealth": true } } ]
create-only
# nginx-1 にアノテーション付与 time="2020-12-03T13:31:13Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:31:13Z" level=debug msg="No endpoints could be generated from service kube-system/kube-dns" time="2020-12-03T13:31:13Z" level=debug msg="No endpoints could be generated from service default/nginx-2" time="2020-12-03T13:31:13Z" level=debug msg="Endpoints generated from service: default/nginx-1: [nginx.external-dns-test.niboshino-tech.net 0 IN CNAME a99a72c973d704f21b37154b784f9e42-511373786.ap-northeast-1.elb.amazonaws.com []]" time="2020-12-03T13:31:13Z" level=debug msg="No endpoints could be generated from service default/kubernetes" time="2020-12-03T13:31:13Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:31:13Z" level=debug msg="Adding nginx.external-dns-test.niboshino-tech.net. to zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:31:13Z" level=debug msg="Adding nginx.external-dns-test.niboshino-tech.net. to zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:31:13Z" level=info msg="Desired change: CREATE nginx.external-dns-test.niboshino-tech.net A [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:31:13Z" level=info msg="Desired change: CREATE nginx.external-dns-test.niboshino-tech.net TXT [Id: /hostedzone/Z0608323LFWKCVBOP5JV]" time="2020-12-03T13:31:14Z" level=info msg="2 record(s) in zone external-dns-test.niboshino-tech.net. [Id: /hostedzone/Z0608323LFWKCVBOP5JV] were successfully updated" # ターゲットがnginx-1のロードバランサーであるAliasレコードが作成された aws route53 list-resource-record-sets --output json --hosted-zone-id $hosted_zone_id \ --query "ResourceRecordSets[?Name == 'nginx.external-dns-test.niboshino-tech.net.']|[?Type == 'A']" [ { "Name": "nginx.external-dns-test.niboshino-tech.net.", "Type": "A", "AliasTarget": { "HostedZoneId": "Z14GRHDCWA56QT", "DNSName": "a99a72c973d704f21b37154b784f9e42-511373786.ap-northeast-1.elb.amazonaws.com.", "EvaluateTargetHealth": true } } ] # nginx-1からアノテーションを削除しnginx-2にアノテーションを付与 time="2020-12-03T13:33:15Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:33:15Z" level=debug msg="No endpoints could be generated from service default/nginx-1" time="2020-12-03T13:33:15Z" level=debug msg="No endpoints could be generated from service default/kubernetes" time="2020-12-03T13:33:15Z" level=debug msg="No endpoints could be generated from service kube-system/kube-dns" time="2020-12-03T13:33:15Z" level=debug msg="Endpoints generated from service: default/nginx-2: [nginx.external-dns-test.niboshino-tech.net 0 IN CNAME a6779323f48a9429896681eff5889292-1848281942.ap-northeast-1.elb.amazonaws.com []]" time="2020-12-03T13:33:15Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:33:15Z" level=info msg="All records are already up to date" # nginx-1のロードバランサーがターゲットのまま変更なし aws route53 list-resource-record-sets --output json --hosted-zone-id $hosted_zone_id \ --query "ResourceRecordSets[?Name == 'nginx.external-dns-test.niboshino-tech.net.']|[?Type == 'A']" [ { "Name": "nginx.external-dns-test.niboshino-tech.net.", "Type": "A", "AliasTarget": { "HostedZoneId": "Z14GRHDCWA56QT", "DNSName": "a99a72c973d704f21b37154b784f9e42-511373786.ap-northeast-1.elb.amazonaws.com.", "EvaluateTargetHealth": true } } ] # nginx-2からアノテーションを削除 time="2020-12-03T13:35:16Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:35:16Z" level=debug msg="No endpoints could be generated from service default/kubernetes" time="2020-12-03T13:35:16Z" level=debug msg="No endpoints could be generated from service kube-system/kube-dns" time="2020-12-03T13:35:16Z" level=debug msg="No endpoints could be generated from service default/nginx-2" time="2020-12-03T13:35:16Z" level=debug msg="No endpoints could be generated from service default/nginx-1" time="2020-12-03T13:35:16Z" level=debug msg="Considering zone: /hostedzone/Z0608323LFWKCVBOP5JV (domain: external-dns-test.niboshino-tech.net.)" time="2020-12-03T13:35:16Z" level=info msg="All records are already up to date" # nginx-1のロードバランサーがターゲットのまま変更なし aws route53 list-resource-record-sets --output json --hosted-zone-id $hosted_zone_id \ --query "ResourceRecordSets[?Name == 'nginx.external-dns-test.niboshino-tech.net.']|[?Type == 'A']" [ { "Name": "nginx.external-dns-test.niboshino-tech.net.", "Type": "A", "AliasTarget": { "HostedZoneId": "Z14GRHDCWA56QT", "DNSName": "a99a72c973d704f21b37154b784f9e42-511373786.ap-northeast-1.elb.amazonaws.com.", "EvaluateTargetHealth": true } } ]
調査まとめ
policy の名前通りにDNSレコードが同期されることが分かりました(素晴らしいネーミング!)。誤ってアノテーションを消してしまうようなオペレーションミスのことを考えると、ドキュメントに例示されているように upsert-only もしくは create-only を設定するのがベターな印象を受けました。
