Changing recordSet name in route53 controller creates new record without deleting the old one, leading to dangling records

[bugbuilder]

Describe the bug
When changing the name of a recordsets.route53.services.k8s.aws to update its DNS record, the controller creates a new record but does not delete the previous one. This behavior results in dangling records, which can lead to stale DNS entries and potential misconfigurations.

Steps to reproduce

1. Create a recordsets.route53.services.k8s.aws resource, for example:

apiVersion: route53.services.k8s.aws/v1alpha1
kind: RecordSet
metadata:
  name: test-http-default
  namespace: test
spec:
  aliasTarget:
    dnsName: ------.cloudfront.net
    evaluateTargetHealth: false
    hostedZoneID: Z2FDTNDATAQYW2
  hostedZoneID: Z-------
  name: cato
  recordType: A

2. After the record is created, verify that the DNS record cato exists in the Route53 hosted zone.
3. Now, edit the name field in the spec to change it from cato to cheto:

apiVersion: route53.services.k8s.aws/v1alpha1
kind: RecordSet
metadata:
  name: test-http-default
  namespace: test
spec:
  aliasTarget:
    dnsName: ------.cloudfront.net
    evaluateTargetHealth: false
    hostedZoneID: Z2FDTNDATAQYW2
  hostedZoneID: Z-------
  name: cheto
  recordType: A

Expected outcome
The original record (cato) should be deleted, and a new record (cheto) should be created.

Environment

• Kubernetes version v1.30.4-eks-a737599
• AWS service Route-53

[rushmash91]

Hi @bugbuilder,

Thank you for the detailed report and for including your YAML specifications and repro steps!

This is a known behavior in the ACK Route 53 controller because the Name field in a RecordSet is treated as immutable.

The Name field is considered immutable because it, along with the Type field, serves as a unique identifier for resource record sets in Route 53. Any changes to these fields are treated by Route 53 as the creation of a new resource record set rather than an update to an existing one. This behavior is inherent to the design of the Route 53 API, which does not support directly renaming a resource record set.

https://docs.aws.amazon.com/Route53/latest/APIReference/API_ChangeResourceRecordSets.html

https://github.com/aws-controllers-k8s/route53-controller/blob/main/generator.yaml#L91C1-L98C27

We are actively working on improving how immutable fields are handled within ACK, to enhance validation such that attempts to modify immutable fields like Name are denied by the Kubernetes API server itself, providing clearer feedback.

Unfortunately, at this time, the only workaround is to create a new resource record set with the updated name and then delete the old one (or vice versa).

[rushmash91]

We'll have a patch for all the controllers and move to CEL-Based Immutability in February.

[ack-bot]

Issues go stale after 180d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 60d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/aws-controllers-k8s/community.
/lifecycle stale

[rushmash91]

/close

[ack-prow]

@rushmash91: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.