Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The wrong Cloudflare zone is being updated #74

Open
CCoffie opened this issue May 8, 2024 · 2 comments
Open

The wrong Cloudflare zone is being updated #74

CCoffie opened this issue May 8, 2024 · 2 comments

Comments

@CCoffie
Copy link

CCoffie commented May 8, 2024

I have a bunch of domains within my Cloudflare account. Some of the domains are subsets of other domains. Unfortunately, this is causing issues with the ingress controller. For example:

I'm looking to run the tunnels on myexampledomain.com but it's updating the records on exampledomain.com.

Any idea what causing this? I was able to restrict which zones were exposed to the API token but I figured I should probably report the bug here as well.
@STRRL
Copy link
Owner

STRRL commented May 8, 2024

this controller would use the exactly matched hostname introduced in the ingress objects, maybe make a double-check on the ingress objects?

in addition, if you could provide the more detailed information like the ingress object in yaml, logs of this controller, and how DNS records looks in cloudflare, it would very helpful to address this issue.

@CCoffie
Copy link
Author

CCoffie commented May 8, 2024

Yeah. I re-added the zone to the api token and here are the logs from the controller:

2024/05/08 16:56:22 controller-runtime: "caller"={"file":"controller.go","line":324} "msg"="Reconciler error" "error"="put exposures: update DNS CNAME record: update DNS CNAME record for zone [example.com myexample.com]: create DNS record for zone example.com, hostname test.myexample.com: An A, AAAA, or CNAME record with that host already exists. For more details, refer to <https://developers.cloudflare.com/dns/manage-dns-records/troubleshooting/records-with-same-name/>. (81053)" "controller"="ingress" "controllerGroup"="networking.k8s.io" "controllerKind"="Ingress" "Ingress"={"name":"argocd-server-http-ingress","namespace":"argocd"} "namespace"="argocd" "name"="argocd-server-http-ingress" "reconcileID"="3e01300e-fbff-4d16-bd08-0efe9555c5da"
2024/05/08 16:56:23 main/ingress-controller: "caller"={"file":"ingress-controller.go","line":67} "level"=0 "msg"="update cloudflare tunnel config" "triggered-by"={"name":"test-ingress","namespace":"default"}
2024/05/08 16:56:24 main/tunnel-client: "caller"={"file":"tunnel-client.go","line":129} "level"=0 "msg"="create DNS record" "type"="CNAME" "hostname"="argocd-grpc.myexample.com" "content"="4d270321-28b0-4686-b1bc-7ecd07c2a1c0.cfargotunnel.com"
2024/05/08 16:56:24 controller-runtime: "caller"={"file":"controller.go","line":324} "msg"="Reconciler error" "error"="put exposures: update DNS CNAME record: update DNS CNAME record for zone [example.com myexample.com]: create DNS record for zone example.com, hostname argocd-grpc.myexample.com: An A, AAAA, or CNAME record with that host already exists. For more details, refer to <https://developers.cloudflare.com/dns/manage-dns-records/troubleshooting/records-with-same-name/>. (81053)" "controller"="ingress" "controllerGroup"="networking.k8s.io" "controllerKind"="Ingress" "Ingress"={"name":"test-ingress","namespace":"default"} "namespace"="default" "name"="test-ingress" "reconcileID"="db5c6880-0d85-46eb-82d2-ae2a7df0b6a1"
2024/05/08 16:56:24 main/ingress-controller: "caller"={"file":"ingress-controller.go","line":67} "level"=0 "msg"="update cloudflare tunnel config" "triggered-by"={"name":"argocd-server-grpc-ingress","namespace":"argocd"}
2024/05/08 16:56:25 main/tunnel-client: "caller"={"file":"tunnel-client.go","line":129} "level"=0 "msg"="create DNS record" "type"="CNAME" "hostname"="argocd-grpc.myexample.com" "content"="4d270321-28b0-4686-b1bc-7ecd07c2a1c0.cfargotunnel.com"
2024/05/08 16:56:26 controller-runtime: "caller"={"file":"controller.go","line":324} "msg"="Reconciler error" "error"="put exposures: update DNS CNAME record: update DNS CNAME record for zone [example.com myexample.com]: create DNS record for zone example.com, hostname argocd-grpc.myexample.com: An A, AAAA, or CNAME record with that host already exists. For more details, refer to <https://developers.cloudflare.com/dns/manage-dns-records/troubleshooting/records-with-same-name/>. (81053)" "controller"="ingress" "controllerGroup"="networking.k8s.io" "controllerKind"="Ingress" "Ingress"={"name":"argocd-server-grpc-ingress","namespace":"argocd"} "namespace"="argocd" "name"="argocd-server-grpc-ingress" "reconcileID"="f0165a8c-28a9-40bc-a437-4b0bdbfbdf49"

Here's the ingress manifest:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-http-ingress
  namespace: argocd
  annotations:
    cloudflare-tunnel-ingress-controller.strrl.dev/backend-protocol: "http"
    cloudflare-tunnel-ingress-controller.strrl.dev/proxy-ssl-verify: "off"
spec:
  ingressClassName: cloudflare-tunnel
  rules:
  - host: argocd.myexample.com
    http:
      paths:
      - backend:
          service:
            name: argocd-server
            port:
              name: http
        path: /
        pathType: Prefix

I did change the domain to example.com and myexample.com to for security reasons. If you need the original the original logs I can share them privately. The original domains are very similar to myexample.com and example.com where the longer domain is just the shorter domain with a string prepended to it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CCoffie @STRRL