Description of problem: External-DNS cannot find the DNS private zone in the resource group OpenShift release version: 4.10.0-0.nightly-2021-11-28-164900 external-dns-operator: 0.1.1 Cluster Platform: Azure IPI How reproducible: 100% Steps to Reproduce (in detail): 1. install external-dns-operator 2. create CR externaldns sample-azure apiVersion: externaldns.olm.openshift.io/v1alpha1 kind: ExternalDNS metadata: name: sample-azure spec: provider: type: Azure zones: - "/subscriptions/xxxx/resourceGroups/hongli-az-2f9kj-rg/providers/Microsoft.Network/privateDnsZones/hongli-az.exmaple.com" source: type: Service service: serviceType: - LoadBalancer - ClusterIP annotationFilter: external-dns.mydomain.org/publish: "yes" fqdnTemplate: - "{{.Name}}.hongli-az.example.com" please note: the "privateDnsZones/..." is specified in .spec.zones. 3. create pod, svc then add annotation to the svc $ oc annotate svc <svc_name> external-dns.mydomain.org/publish="yes" Actual results: the records of A and TXT are not added by external-dns, and find the logs as below: $ oc -n external-dns logs external-dns-sample-azure-6f88b4df87-sbk2t | grep "zone" time="2021-11-29T09:29:37Z" level=debug msg="Retrieving Azure DNS zones for resource group: hongli-az-2f9kj-rg." time="2021-11-29T09:29:37Z" level=debug msg="Found 0 Azure DNS zone(s)." time="2021-11-29T09:29:37Z" level=debug msg="Retrieving Azure DNS zones for resource group: hongli-az-2f9kj-rg." time="2021-11-29T09:29:37Z" level=debug msg="Found 0 Azure DNS zone(s)." time="2021-11-29T09:29:37Z" level=info msg="Ignoring changes to 'service-unsecure.hongli-az.<exmaple>.com' because a suitable Azure DNS zone was not found." time="2021-11-29T09:29:37Z" level=info msg="Ignoring changes to 'external-dns-service-unsecure.hongli-az.<example>.com' because a suitable Azure DNS zone was not found." Expected results: external-dns should update records for Azure private zones. Impact of the problem: Additional info: create another normal DNS zone in same resource group and it works as expected. ** Please do not disregard the report template; filling the template out as much as possible will allow us to help you. Please consider attaching a must-gather archive (via `oc adm must-gather`). Please review must-gather contents for sensitive information before attaching any must-gathers to a bugzilla report. You may also mark the bug private if you wish.
The Azure provider for ExternalDNS will find suitable zones for domains it manages; **it will not automatically create zones.** Reference - https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/azure.md#creating-an-azure-dns-zone
BTW, we have implemented functionality for https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/azure.md and not https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/azure-private-dns.md We might need to implement this functionality. Basically it will involve adding Reader and Private DNS Zone Contributor Role as well https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/azure-private-dns.md#configure-service-principal-for-managing-the-zone via the code. BTW did you check curl to the route in Azure ?
Setting blocker+ because support for Azure is one of the requirements for GA for external-dns.
verified with 4.10.0-0.nightly-2021-12-12-184227 and external-dns-operator.v0.1.2, the issue has been fixed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release of ExternalDNS Operator on OperatorHub), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2022:0781