Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changing recordSet name in route53 controller creates new record without deleting the old one, leading to dangling records #2202

Open
bugbuilder opened this issue Oct 23, 2024 · 2 comments
Open

Changing recordSet name in route53 controller creates new record without deleting the old one, leading to dangling records #2202

bugbuilder opened this issue Oct 23, 2024 · 2 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. service/route53 Indicates issues or PRs that are related to route53-controller.

Comments

@bugbuilder
Copy link

bugbuilder commented Oct 23, 2024
edited
Loading

Describe the bug
When changing the name of a recordsets.route53.services.k8s.aws to update its DNS record, the controller creates a new record but does not delete the previous one. This behavior results in dangling records, which can lead to stale DNS entries and potential misconfigurations.

Steps to reproduce

  1. Create a recordsets.route53.services.k8s.aws resource, for example:
apiVersion: route53.services.k8s.aws/v1alpha1
kind: RecordSet
metadata:
  name: test-http-default
  namespace: test
spec:
  aliasTarget:
    dnsName: ------.cloudfront.net
    evaluateTargetHealth: false
    hostedZoneID: Z2FDTNDATAQYW2
  hostedZoneID: Z-------
  name: cato
  recordType: A
  1. After the record is created, verify that the DNS record cato exists in the Route53 hosted zone.
  2. Now, edit the name field in the spec to change it from cato to cheto:
apiVersion: route53.services.k8s.aws/v1alpha1
kind: RecordSet
metadata:
  name: test-http-default
  namespace: test
spec:
  aliasTarget:
    dnsName: ------.cloudfront.net
    evaluateTargetHealth: false
    hostedZoneID: Z2FDTNDATAQYW2
  hostedZoneID: Z-------
  name: cheto
  recordType: A

Expected outcome
The original record (cato) should be deleted, and a new record (cheto) should be created.

Environment

  • Kubernetes version v1.30.4-eks-a737599
  • AWS service Route-53
@bugbuilder bugbuilder changed the title Changing RecordSet Name in Route53 Controller Creates New Record Without Deleting the Old One, Leading to Dangling Records Changing recordSet name in route53 controller creates new record without deleting the old one, leading to dangling records Oct 23, 2024
@a-hilaly a-hilaly added kind/bug Categorizes issue or PR as related to a bug. service/route53 Indicates issues or PRs that are related to route53-controller. labels Oct 24, 2024
@a-hilaly a-hilaly reopened this Jan 22, 2025
@rushmash91
Copy link
Member

Hi @bugbuilder,

Thank you for the detailed report and for including your YAML specifications and repro steps!

This is a known behavior in the ACK Route 53 controller because the Name field in a RecordSet is treated as immutable.

The Name field is considered immutable because it, along with the Type field, serves as a unique identifier for resource record sets in Route 53. Any changes to these fields are treated by Route 53 as the creation of a new resource record set rather than an update to an existing one. This behavior is inherent to the design of the Route 53 API, which does not support directly renaming a resource record set.

https://docs.aws.amazon.com/Route53/latest/APIReference/API_ChangeResourceRecordSets.html

https://github.com/aws-controllers-k8s/route53-controller/blob/main/generator.yaml#L91C1-L98C27

We are actively working on improving how immutable fields are handled within ACK, to enhance validation such that attempts to modify immutable fields like Name are denied by the Kubernetes API server itself, providing clearer feedback.

Unfortunately, at this time, the only workaround is to create a new resource record set with the updated name and then delete the old one (or vice versa).

@rushmash91
Copy link
Member

We'll have a patch for all the controllers and move to CEL-Based Immutability in February.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. service/route53 Indicates issues or PRs that are related to route53-controller.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bugbuilder @a-hilaly @rushmash91