Description of problem: When checking https://bugzilla.redhat.com/show_bug.cgi?id=1869387#c4 and found that the DNSRecords shows incorrect Type and TTL for non-gov AWS cluster. e.g. $ aws route53 list-resource-record-sets --hosted-zone-id $zone_id --query 'ResourceRecordSets[?contains(Name,`apps`)==`true`]' [ { "Name": "\\052.apps.hongli-46bv.qe.devcluster.openshift.com.", "Type": "A", "AliasTarget": { "HostedZoneId": "ZLMOA37VPKANP", "DNSName": "a6bf1bd31181a4d64b3e8bd31d375aff-e3c151ab4f44d630.elb.us-east-2.amazonaws.com.", "EvaluateTargetHealth": false } } ] $ oc -n openshift-ingress-operator get dnsrecords/default-wildcard -oyaml spec: dnsName: '*.apps.hongli-46bv.qe.devcluster.openshift.com.' recordTTL: 30 recordType: CNAME targets: - a6bf1bd31181a4d64b3e8bd31d375aff-e3c151ab4f44d630.elb.us-east-2.amazonaws.com Version-Release number of selected component (if applicable): 4.6.0-0.nightly-2020-09-08-123737 How reproducible: 100% Steps to Reproduce: 1. spin up a cluster on AWS (non-gov) 2. check the DNSRecords $ oc -n openshift-ingress-operator get dnsrecords/default-wildcard -oyaml 3. check the records that created by dns controller on AWS console (or by aws cli) Actual results: The DNSRecords says Type is CNAME and TTL is 30, but actually the Type is A and TTL is null on AWS Route 53. Expected results: 1. The Type in DNSRecords should be "A". 2. Should set the TTL of apps records to 30 in AWS Route 53. Additional info:
I’m adding UpcomingSprint, because I was occupied by fixing bugs with higher priority/severity, developing new features with higher priority, or developing new features to improve stability at a macro level. I will revisit this bug next sprint.
Target set to 4.7 while investigation is either ongoing or pending. Will be considered for earlier release versions when diagnosed and resolved.
Hongan, This is expected behavior. Ingress Operator will always create a CNAME record type and the provider implementation will convert the type if needed. We decided on this approach since Alias records are specific to AWS.
Hi Daneyon, There are two issues listed in this BZ (since both in `dnsrecords.spec`, but if that confused then I can file new one) First issue is about the CNAME, I agree with you that Alias is specific to AWS and provider implementation indeed create A (or CNAME for GovCloud) type. And another issue is the TTL, seems it is not configured on AWS side. I'm updating the title to make it clearer.
I’m adding UpcomingSprint because I was occupied by fixing bugs with higher priority/severity, developing new features with higher priority, or developing new features to improve stability at a macro level. I will revisit this bug next sprint.
Hi Hongan, Thanks for noticing that the TTL did not show up on the AWS side. However, in this case, the TTL actually should not appear, as TTL is not allowed for a Route 53 AliasTarget type. In summary, for non-gov-cloud Route 53, a CNAME record with TTL becomes an A record with no TTL. We have updated the comments in the code to reflect this special case. Best Regards, Candace
Tested with 4.7.0-0.nightly-2020-11-25-114114 and passed. # oc explain dnsrecords.spec.recordTTL KIND: DNSRecord VERSION: ingress.operator.openshift.io/v1 FIELD: recordTTL <integer> DESCRIPTION: recordTTL is the record TTL in seconds. If zero, the default is 30. RecordTTL will not be used in AWS regions Alias targets, but will be used in CNAME targets, per AWS API contract.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633