Multiple target services for External DNS #118
Comments
|
The easiest way to achieve this with the current version of Switchboard is to run two instances of Switchboard that target the different Traefik instances. These two Switchboard instances can already select ingresses based on the value of the Since I think that Switchboard is pretty lightweight, I would rather recommend to run two instances than to increase its complexity 👀 |
|
So just doing some testing on this, and in general this would work if you had multiple individual load balancers, however a bit of an edge case (and ones that we are testing) is having a single load balancer with multiple services pointed to it. For example, you have 1 service annotated to be an In testing, what we saw was it did pick up the new ingressroute (we are using Traefik), and the DNS endpoint was created, and on the external-dns values, it was specified to point to the Values below: ##External cert-manager:
install: true
installCRDs: false
certificateIssuer:
create: true
email: [email protected]
solvers:
- dns01:
cloudDNS:
project: project-1
serviceAccountSecretRef:
key: dns-creds
name: dns-creds
external-dns:
crd:
create: true
domainFilters:
- external.example.com
google:
project: project-1
serviceAccountSecret: dns-creds
serviceAccountSecretKey: dns-creds
zoneVisibility: public
install: true
provider: google
sources:
- crd
- service
- ingress
image:
name: ghcr.io/borchero/switchboard
integrations:
certManager:
certificateTemplate:
spec:
duration: 2160h
issuerRef:
kind: ClusterIssuer
name: switchboard-letsencrypt-issuer
renewBefore: 360h
enabled: true
extraArgs:
- --dns01-recursive-nameservers-only=true
externalDNS:
enabled: true
targetService:
name: traefik-ext-lb
namespace: traefik-controller
metrics:
enabled: true
port: 9090
podAnnotations: {}
replicas: 1
resources:
limits:
cpu: 50m
memory: 40Mi
requests:
cpu: 5m
memory: 25Mi##Internal cert-manager:
install: true
installCRDs: false
certificateIssuer:
create: true
email: [email protected]
solvers:
- dns01:
cloudDNS:
project: project-1
serviceAccountSecretRef:
key: dns-creds
name: dns-creds
external-dns:
crd:
create: false
domainFilters:
- internal.example.com
google:
project: project-1
serviceAccountSecret: dns-creds
serviceAccountSecretKey: dns-creds
zoneVisibility: private
install: true
provider: google
sources:
- crd
- service
- ingress
image:
name: ghcr.io/borchero/switchboard
integrations:
certManager:
certificateTemplate:
spec:
duration: 2160h
issuerRef:
kind: ClusterIssuer
name: switchboard-letsencrypt-issuer
renewBefore: 360h
enabled: true
extraArgs:
- --dns01-recursive-nameservers-only=true
externalDNS:
enabled: true
targetService:
name: traefik-int-lb
namespace: traefik-controller
metrics:
enabled: true
port: 9090
podAnnotations: {}
replicas: 1
resources:
limits:
cpu: 50m
memory: 40Mi
requests:
cpu: 5m
memory: 25MiNot sure if there would be any other way around getting this to work. |
Currently switchboard only allows selecting one Traefik target service for external-dns integration. This works great when there is a single LoadBalancer-type service for Traefik.
I have recently found a use-case where I need to have two LoadBalancer-type services for the same Traefik deployment:
webandwebsecureentrypoints on a first Load Balancer (AWS NLB); which uses private IPs.websecure2), also pointing to port 443 of a second AWS NLB, which is internet-facing and uses public IPs.This way I can expose webhooks to the internet, while keeping the rest of my API private. This is particularly useful for pre-production environments that require callbacks from external services. But this feature would also be helpful if there were multiple Traefik instances deployed on the same cluster.
Could there by a way to register more than one target service, and then select the desired one with an annotation on the
IngressRouteobject, so that the correct IP is used for the generatedDNSEndpoint? For backwards compatibility, there could be a way to set the default target.Let me know what you think!
The text was updated successfully, but these errors were encountered: