Allow to override DNS record targets

[illrill]

Description

K8GB assumes that the Ingress status.loadBalancer.ingress[].ip field(s) are always the desired target(s) for K8GB managed DNS records. This is not always the case, see below example scenarios.

Looking at External DNS, it has the capabilities to override the target of managed records, either globally or per Ingress:

• The argument --default-targets allows users to globally set the default target for all DNS records that are under management of the External DNS controller. It supports both FQDNs (resulting in CNAMEs) and IPs (resulting in A records). This flag takes precedence over the status.loadBalancer.ingress[].ip field(s).
• The Ingress annotation external-dns.alpha.kubernetes.io/target allows users to override the target for DNS records created for each of the Ingress' hosts. It supports both FQDNs (resulting in CNAMEs) and IPs (resulting in A records). This annotation takes precedence over both the --default-targets flag and the status.loadBalancer.ingress[].ip field(s).

I propose to add the equivalent capabilities to K8GB so that users can set the DNS record targets to any arbitrary IP or FQDN.

Scenarios

It's not uncommon to run the cluster ingress controller behind some other form of reverse proxy, in below example an Azure Application Gateway. In this case, the Azure Application Gateway's public IP should be the target of the foo.com and bar.com DNS records managed by K8GB.

flowchart TB

subgraph Azure
gateway-ip("Public IP")
gateway[Azure Application Gateway]
end

subgraph cluster[Cluster]
ingress-ip("LoadBalancer Service<br>Private IP")
ingress-controller[Ingress Controller]
ingress-controller --> ingress-x["Ingress<br>_Host: foo.com_"]
ingress-controller --> ingress-y["Ingress<br>_Host: bar.com_"]


subgraph ns-x[Namespace X]
ingress-x -.Routing rule.-> Service-X --> Pod-X
ingress-x -.Routing rule.-> Service-Y --> Pod-Y
end

subgraph ns-y[Namespace Y]
ingress-y -.Routing rule.-> Service-Z --> Pod-Z
end

end
gateway-ip --- gateway --> ingress-ip --- ingress-controller
client-a --bar.com--> gateway-ip
client-b --foo.com--> gateway-ip

Loading

In another case there might be an existing intermediate CNAME record managed by something else / someone else, that we'd want to use as the target for DNS records managed by K8GB.

flowchart TB

subgraph cluster[Cluster]
ingress-ip("LoadBalancer Service<br>Public IP")
ingress-controller[Ingress Controller]
ingress-controller --> ingress-x["Ingress<br>_Host: foo.com_"]
ingress-controller --> ingress-y["Ingress<br>_Host: bar.com_"]


subgraph ns-x[Namespace X]
ingress-x -.Routing rule.-> Service-X --> Pod-X
ingress-x -.Routing rule.-> Service-Y --> Pod-Y
end

subgraph ns-y[Namespace Y]
ingress-y -.Routing rule.-> Service-Z --> Pod-Z
end

end
cname(CNAME<br>cluster-domain.com) --> ingress-ip --- ingress-controller
client-a --bar.com--> cname
client-b --foo.com--> cname

Loading

[abaguas]

Thank you for creating an issue and for the detailed description. The first scenario, overriding the load-balancer's IP address, would be solved by #1710. We should be able to merge this week do a release before the end of the month.

---

The second one, publishing CNAMEs, is not supported. At the moment K8GB only holds A records, to make that happen we would have to also support CNAMEs. We would also have to rethink some failover algorithms. For example, we implement the roundrobin strategy by returning multiple A records, 1 per cluster. However, a domain cannot have multiple CNAME records.
Do you have this usecase or is it a setup that you have seen in the past? So that we can prioritize this feature request accordingly.