Description
What happened:
External-DNS is repeatedly updating DNS records in NS1 for Kubernetes services that utilize the service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip annotation.
Root Cause: When this specific annotation is present on a Kubernetes Service, External-DNS is observed to include a ProviderSpecific field within the generated Endpoint object. This ProviderSpecific field contains information related to the AWS Network Load Balancer (NLB) IP type. Even if the core DNS record (e.g., hostname, IP address) remains unchanged, the presence and consistent addition of this ProviderSpecific field causes External-DNS to perceive the Endpoint object as "different" in each reconciliation loop. This perceived difference triggers an unnecessary update call to NS1, leading to a constant churn of DNS record updates.
What you expected to happen:
External-DNS should recognize that the ProviderSpecific field, when derived from a stable and unchanged Kubernetes Service annotation (like service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip), does not represent a material change to the DNS record itself. Therefore, it should not trigger a DNS update to NS1 if the core DNS record values (e.g., target hostname, IP address, TTL) remain identical across reconciliation cycles.
How to reproduce it (as minimally and precisely as possible):
Applying this svc:
apiVersion: v1
kind: Service
metadata:
annotations:
external-dns.alpha.kubernetes.io/hostname: test.foo.bar
external-dns.alpha.kubernetes.io/ttl: "300"
service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
name: test
namespace: test
spec:
clusterIP: 172.20.136.94
clusterIPs:
- 172.20.136.94
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: https
nodePort: 30592
port: 8200
- name: https-internal
nodePort: 30949
port: 8201
publishNotReadyAddresses: true
type: LoadBalancer
kind: List
metadata: {}
- External-DNS version (use
external-dns --version):
v0.13.6 - DNS provider:
NS1