create the external DNS in Azure AKS v1.22.6

anji babu eluri 11 Reputation points

Hi Team,

I need your help to fix the issue.
I have created Azure AKS cluster v1.22.6.
I am trying to create the Kubernetes External DNS to create Record Sets in Azure DNS from AKS, getting the error.
My domain name is registered in GoDaddy.
I have updated the azure name services information in GoDaddy NS records.
Create Managed Service Identity (MSI)
Added Azure Role Assignment in MSI
Create Secret
Deploy ExternalDNS (below is the manifest file)

apiVersion: v1
kind: ServiceAccount

name: external-dns

kind: ClusterRole
name: external-dns

  • apiGroups: [""]
    resources: ["services","endpoints","pods"]
    verbs: ["get","watch","list"]
  • apiGroups: ["extensions",""]
    resources: ["ingresses"]
    verbs: ["get","watch","list"]
  • apiGroups: [""]
    resources: ["nodes"]

verbs: ["list"]

kind: ClusterRoleBinding
name: external-dns-viewer
kind: ClusterRole
name: external-dns

  • kind: ServiceAccount
    name: external-dns

namespace: default

apiVersion: apps/v1
kind: Deployment
name: external-dns
type: Recreate
app: external-dns
app: external-dns
serviceAccountName: external-dns

  • name: external-dns
  • --source=service
  • --source=ingress
  • --provider=azure-private-dns
  • --azure-resource-group=dns-zone
  • --azure-subscription-id=5fc70770-36a3-494e-a389-a8a81b8cef2c
        - name: azure-config-file
          mountPath: /etc/kubernetes/
    - name: azure-config-file
        secretName: azure-config-file

getting below error message in external pod logs.

kubectl logs external-dns-67958cbc75-vvnvx

time="2022-04-25T15:07:27Z" level=info msg="config: {APIServerURL: KubeConfig: RequestTimeout:30s DefaultTargets:[] ContourLoadBalancerService:heptio-contour/contour GlooNamespace:gloo-system Sources:[service ingress] Namespace: AnnotationFilter: LabelFilter: FQDNTemplate: CombineFQDNAndAnnotation:false IgnoreHostnameAnnotation:false IgnoreIngressTLSSpec:false IgnoreIngressRulesSpec:false Compatibility: PublishInternal:false PublishHostIP:false AlwaysPublishNotReadyAddresses:false ConnectorSourceServer:localhost:8080 Provider:azure-private-dns GoogleProject: GoogleBatchChangeSize:1000 GoogleBatchChangeInterval:1s GoogleZoneVisibility: DomainFilter:[] ExcludeDomains:[] RegexDomainFilter: RegexDomainExclusion: ZoneNameFilter:[] ZoneIDFilter:[] AlibabaCloudConfigFile:/etc/kubernetes/alibaba-cloud.json AlibabaCloudZoneType: AWSZoneType: AWSZoneTagFilter:[] AWSAssumeRole: AWSBatchChangeSize:1000 AWSBatchChangeInterval:1s AWSEvaluateTargetHealth:true AWSAPIRetries:3 AWSPreferCNAME:false AWSZoneCacheDuration:0s AzureConfigFile:/etc/kubernetes/azure.json AzureResourceGroup:dns-zone AzureSubscriptionID:5fc70770-36a3-494e-a389-a8a81b8cef2c AzureUserAssignedIdentityClientID: BluecatConfigFile:/etc/kubernetes/bluecat.json CloudflareProxied:false CloudflareZonesPerPage:50 CoreDNSPrefix:/skydns/ RcodezeroTXTEncrypt:false AkamaiServiceConsumerDomain: AkamaiClientToken: AkamaiClientSecret: AkamaiAccessToken: AkamaiEdgercPath: AkamaiEdgercSection: InfobloxGridHost: InfobloxWapiPort:443 InfobloxWapiUsername:admin InfobloxWapiPassword: InfobloxWapiVersion:2.3.1 InfobloxSSLVerify:true InfobloxView: InfobloxMaxResults:0 InfobloxFQDNRegEx: DynCustomerName: DynUsername: DynPassword: DynMinTTLSeconds:0 OCIConfigFile:/etc/kubernetes/oci.yaml InMemoryZones:[] OVHEndpoint:ovh-eu OVHApiRateLimit:20 PDNSServer:http://localhost:8081 PDNSAPIKey: PDNSTLSEnabled:false TLSCA: TLSClientCert: TLSClientCertKey: Policy:sync Registry:txt TXTOwnerID:default TXTPrefix: TXTSuffix: Interval:1m0s MinEventSyncInterval:5s Once:false DryRun:false UpdateEvents:false LogFormat:text MetricsAddress::7979 LogLevel:info TXTCacheInterval:0s TXTWildcardReplacement: ExoscaleEndpoint: ExoscaleAPIKey: ExoscaleAPISecret: CRDSourceKind:DNSEndpoint ServiceTypeFilter:[] CFAPIEndpoint: CFUsername: CFPassword: RFC2136Host: RFC2136Port:0 RFC2136Zone: RFC2136Insecure:false RFC2136GSSTSIG:false RFC2136KerberosRealm: RFC2136KerberosUsername: RFC2136KerberosPassword: RFC2136TSIGKeyName: RFC2136TSIGSecret: RFC2136TSIGSecretAlg: RFC2136TAXFR:false RFC2136MinTTL:0s RFC2136BatchChangeSize:50 NS1Endpoint: NS1IgnoreSSL:false NS1MinTTLSeconds:0 TransIPAccountName: TransIPPrivateKeyFile: DigitalOceanAPIPageSize:50 ManagedDNSRecordTypes:[A CNAME] GoDaddyAPIKey: GoDaddySecretKey: GoDaddyTTL:0 GoDaddyOTE:false}"
time="2022-04-25T15:07:27Z" level=info msg="Instantiating new Kubernetes client"
time="2022-04-25T15:07:27Z" level=info msg="Using inCluster-config based on serviceaccount-token"
time="2022-04-25T15:07:27Z" level=info msg="Created Kubernetes client"
E0425 15:07:27.227347 1 reflector.go:138] pkg/mod/ Failed to watch *v1.Node: unknown (get nodes)
time="2022-04-25T15:07:27Z" level=info msg="Using managed identity extension to retrieve access token for Azure API."
time="2022-04-25T15:07:27Z" level=info msg="Resolving to user assigned identity, client id is afc67bbc-27b8-42c2-89a3-47d15ee4f774."
E0425 15:07:28.135606 1 reflector.go:138] pkg/mod/ Failed to watch *v1.Node: unknown (get nodes)
E0425 15:07:30.223314 1 reflector.go:138] pkg/mod/ Failed to watch *v1.Node: unknown (get nodes)
E0425 15:07:35.841379 1 reflector.go:138] pkg/mod/ Failed to watch *v1.Node: unknown (get nodes)
E0425 15:07:42.945611 1 reflector.go:138] pkg/mod/ Failed to watch *v1.Node: unknown (get nodes)
W0425 15:07:57.225429 1 transport.go:288] Unable to cancel request for *instrumented_http.Transport
W0425 15:07:57.225736 1 transport.go:288] Unable to cancel request for *instrumented_http.Transport
W0425 15:07:57.240119 1 transport.go:288] Unable to cancel request for *instrumented_http.Transport
W0425 15:07:57.301508 1 transport.go:288] Unable to cancel request for *instrumented_http.Transport
E0425 15:08:05.897116 1 reflector.go:138] pkg/mod/ Failed to watch *v1.Node: unknown (get nodes)

Can any one please help me to resolve the issue.

Note: I am beginner. To learn AKS/Kubernetes I am practicing in my test environment.

Thanks & Regards

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,976 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. anji babu eluri 11 Reputation points

    @vipullag-MSFT ,

    Thanks for your help/suggestion on issue.

    My self tried to identify the issue and fixed it.

    In external DNS manifest file I have changed the image file “” to “” then it start working file.
    I have followed the below links.

    A breaking change was added in external-dns v0.10.0.
    ExternalDNS <= 0.9.x >= 0.10.0
    Kubernetes <= 1.18 ✅ ❌
    Kubernetes >= 1.19 and <= 1.21 ✅ ✅
    Kubernetes >= 1.22 ❌ ✅

    Note: AKS 1.22 will support 0.10.0 and above version of external DNS image.

    2 people found this answer helpful.