create the external DNS in Azure AKS v1.22.6

anji babu eluri 11 Reputation points
2022-04-25T15:41:29.91+00:00

Hi Team,

I need your help to fix the issue.
I have created Azure AKS cluster v1.22.6.
I am trying to create the Kubernetes External DNS to create Record Sets in Azure DNS from AKS, getting the error.
My domain name is registered in GoDaddy.
I have updated the azure name services information in GoDaddy NS records.
Create Managed Service Identity (MSI)
Added Azure Role Assignment in MSI
Create Secret
Deploy ExternalDNS (below is the manifest file)

apiVersion: v1
kind: ServiceAccount
metadata:

name: external-dns

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-dns
rules:

  • apiGroups: [""]
    resources: ["services","endpoints","pods"]
    verbs: ["get","watch","list"]
  • apiGroups: ["extensions","networking.k8s.io"]
    resources: ["ingresses"]
    verbs: ["get","watch","list"]
  • apiGroups: [""]
    resources: ["nodes"]

verbs: ["list"]

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:

  • kind: ServiceAccount
    name: external-dns

namespace: default

apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: external-dns
template:
metadata:
labels:
app: external-dns
spec:
serviceAccountName: external-dns
containers:

  • name: external-dns
    image: registry.opensource.zalan.do/teapot/external-dns:latest
    args:
  • --source=service
  • --source=ingress
  • --domain-filter=example.com
  • --provider=azure-private-dns
  • --azure-resource-group=dns-zone
  • --azure-subscription-id=5fc70770-36a3-494e-a389-a8a81b8cef2c 
      volumeMounts:
    - name: azure-config-file
      mountPath: /etc/kubernetes/
volumes:
- name: azure-config-file
  secret:
    secretName: azure-config-file

getting below error message in external pod logs.

kubectl logs external-dns-67958cbc75-vvnvx

time="2022-04-25T15:07:27Z" level=info msg="config: {APIServerURL: KubeConfig: RequestTimeout:30s DefaultTargets:[] ContourLoadBalancerService:heptio-contour/contour GlooNamespace:gloo-system SkipperRouteGroupVersion:zalando.org/v1 Sources:[service ingress] Namespace: AnnotationFilter: LabelFilter: FQDNTemplate: CombineFQDNAndAnnotation:false IgnoreHostnameAnnotation:false IgnoreIngressTLSSpec:false IgnoreIngressRulesSpec:false Compatibility: PublishInternal:false PublishHostIP:false AlwaysPublishNotReadyAddresses:false ConnectorSourceServer:localhost:8080 Provider:azure-private-dns GoogleProject: GoogleBatchChangeSize:1000 GoogleBatchChangeInterval:1s GoogleZoneVisibility: DomainFilter:[example.com] ExcludeDomains:[] RegexDomainFilter: RegexDomainExclusion: ZoneNameFilter:[] ZoneIDFilter:[] AlibabaCloudConfigFile:/etc/kubernetes/alibaba-cloud.json AlibabaCloudZoneType: AWSZoneType: AWSZoneTagFilter:[] AWSAssumeRole: AWSBatchChangeSize:1000 AWSBatchChangeInterval:1s AWSEvaluateTargetHealth:true AWSAPIRetries:3 AWSPreferCNAME:false AWSZoneCacheDuration:0s AzureConfigFile:/etc/kubernetes/azure.json AzureResourceGroup:dns-zone AzureSubscriptionID:5fc70770-36a3-494e-a389-a8a81b8cef2c AzureUserAssignedIdentityClientID: BluecatConfigFile:/etc/kubernetes/bluecat.json CloudflareProxied:false CloudflareZonesPerPage:50 CoreDNSPrefix:/skydns/ RcodezeroTXTEncrypt:false AkamaiServiceConsumerDomain: AkamaiClientToken: AkamaiClientSecret: AkamaiAccessToken: AkamaiEdgercPath: AkamaiEdgercSection: InfobloxGridHost: InfobloxWapiPort:443 InfobloxWapiUsername:admin InfobloxWapiPassword: InfobloxWapiVersion:2.3.1 InfobloxSSLVerify:true InfobloxView: InfobloxMaxResults:0 InfobloxFQDNRegEx: DynCustomerName: DynUsername: DynPassword: DynMinTTLSeconds:0 OCIConfigFile:/etc/kubernetes/oci.yaml InMemoryZones:[] OVHEndpoint:ovh-eu OVHApiRateLimit:20 PDNSServer:http://localhost:8081 PDNSAPIKey: PDNSTLSEnabled:false TLSCA: TLSClientCert: TLSClientCertKey: Policy:sync Registry:txt TXTOwnerID:default TXTPrefix: TXTSuffix: Interval:1m0s MinEventSyncInterval:5s Once:false DryRun:false UpdateEvents:false LogFormat:text MetricsAddress::7979 LogLevel:info TXTCacheInterval:0s TXTWildcardReplacement: ExoscaleEndpoint:https://api.exoscale.ch/dns ExoscaleAPIKey: ExoscaleAPISecret: CRDSourceAPIVersion:externaldns.k8s.io/v1alpha1 CRDSourceKind:DNSEndpoint ServiceTypeFilter:[] CFAPIEndpoint: CFUsername: CFPassword: RFC2136Host: RFC2136Port:0 RFC2136Zone: RFC2136Insecure:false RFC2136GSSTSIG:false RFC2136KerberosRealm: RFC2136KerberosUsername: RFC2136KerberosPassword: RFC2136TSIGKeyName: RFC2136TSIGSecret: RFC2136TSIGSecretAlg: RFC2136TAXFR:false RFC2136MinTTL:0s RFC2136BatchChangeSize:50 NS1Endpoint: NS1IgnoreSSL:false NS1MinTTLSeconds:0 TransIPAccountName: TransIPPrivateKeyFile: DigitalOceanAPIPageSize:50 ManagedDNSRecordTypes:[A CNAME] GoDaddyAPIKey: GoDaddySecretKey: GoDaddyTTL:0 GoDaddyOTE:false}"
time="2022-04-25T15:07:27Z" level=info msg="Instantiating new Kubernetes client"
time="2022-04-25T15:07:27Z" level=info msg="Using inCluster-config based on serviceaccount-token"
time="2022-04-25T15:07:27Z" level=info msg="Created Kubernetes client https://10.0.0.1:443"
E0425 15:07:27.227347 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.2/tools/cache/reflector.go:167: Failed to watch *v1.Node: unknown (get nodes)
time="2022-04-25T15:07:27Z" level=info msg="Using managed identity extension to retrieve access token for Azure API."
time="2022-04-25T15:07:27Z" level=info msg="Resolving to user assigned identity, client id is afc67bbc-27b8-42c2-89a3-47d15ee4f774."
E0425 15:07:28.135606 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.2/tools/cache/reflector.go:167: Failed to watch *v1.Node: unknown (get nodes)
E0425 15:07:30.223314 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.2/tools/cache/reflector.go:167: Failed to watch *v1.Node: unknown (get nodes)
E0425 15:07:35.841379 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.2/tools/cache/reflector.go:167: Failed to watch *v1.Node: unknown (get nodes)
E0425 15:07:42.945611 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.2/tools/cache/reflector.go:167: Failed to watch *v1.Node: unknown (get nodes)
W0425 15:07:57.225429 1 transport.go:288] Unable to cancel request for *instrumented_http.Transport
W0425 15:07:57.225736 1 transport.go:288] Unable to cancel request for *instrumented_http.Transport
W0425 15:07:57.240119 1 transport.go:288] Unable to cancel request for *instrumented_http.Transport
W0425 15:07:57.301508 1 transport.go:288] Unable to cancel request for *instrumented_http.Transport
E0425 15:08:05.897116 1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.2/tools/cache/reflector.go:167: Failed to watch *v1.Node: unknown (get nodes)

Can any one please help me to resolve the issue.

Note: I am beginner. To learn AKS/Kubernetes I am practicing in my test environment.

Thanks & Regards
Anji

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,856 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. anji babu eluri 11 Reputation points
    2022-05-05T09:32:23.817+00:00

    @vipullag-MSFT ,

    Thanks for your help/suggestion on issue.

    My self tried to identify the issue and fixed it.

    In external DNS manifest file I have changed the image file “registry.opensource.zalan.do/teapot/external-dns:latest” to “k8s.gcr.io/external-dns/external-dns:v0.11.0” then it start working file.
    I have followed the below links.

    https://github.com/kubernetes-sigs/external-dns

    A breaking change was added in external-dns v0.10.0.
    ExternalDNS <= 0.9.x >= 0.10.0
    Kubernetes <= 1.18 ✅ ❌
    Kubernetes >= 1.19 and <= 1.21 ✅ ✅
    Kubernetes >= 1.22 ❌ ✅

    Note: AKS 1.22 will support 0.10.0 and above version of external DNS image.

    https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/azure.md

    2 people found this answer helpful.