Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

route53 - Support for FQDN Record Names (without appended hosted zone names) (ACM validation records) #2232

Open
bongardino opened this issue Dec 18, 2024 · 0 comments
Open

route53 - Support for FQDN Record Names (without appended hosted zone names) (ACM validation records) #2232

bongardino opened this issue Dec 18, 2024 · 0 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. service/route53 Indicates issues or PRs that are related to route53-controller.

Comments

@bongardino
Copy link

bongardino commented Dec 18, 2024
edited
Loading

Description

Creating aRecordSet resource with spec.name as a fully qualified domain name (FQDN) ending with a period (.) throws an error.
This happens because the domain name corresponding to hostedZoneID is coerced into the spec.name as a suffix

Steps to Reproduce

  1. Create an ACM certificate that requires DNS validation.

  2. Attempt to create a RecordSet for the validation CNAME record using the following spec:

    apiVersion: route53.services.k8s.aws/v1alpha1
kind: RecordSet
metadata:
  name: hello-world-cert-validation
  namespace: default
spec:
  hostedZoneID: Z18NDHFOAV4GGH
  name: _231eec6e74d88e02592b9a8216e6ac46.hello-world.example.com.
  recordType: CNAME
  resourceRecords:
  - value: _55e2e41666e15565c76009875960fa96.zfyfvmchrl.acm-validations.aws.
  ttl: 60

  3. Observe the error:

    InvalidInput: FATAL problem: DomainLabelEmpty (Domain label is empty)
encountered with '_231eec6e74d88e02592b9a8216e6ac46.hello-world.example.com..example.com'
status code: 400, request id: <request-id>

Expected Behavior

The RecordSet should treat spec.name as an absolute FQDN because it ends with a period (.), and no further appending of the hosted zone domain should occur. This behavior is critical for creating ACM validation records, which require FQDNs.

Actual Behavior

The hosted zone domain is appended to the record name, resulting in a misconfigured domain name with duplicate suffixes (example.com..example.com).

Impact

This issue prevents the creation of DNS validation records required for ACM certificate validation via ACK.

Workarounds

  • Remove the trailing period from spec.name and allow Route 53 to append the hosted zone domain, but this doesn't match the requirements for ACM DNS validation
  • Manually create the validation records using the AWS CLI or SDK, bypassing ACK entirely, but this workflow pushes outside of ACK and makes resources more difficult to manage.

Proposed Solution

ACK should support FQDNs in spec.name for RecordSet resources. If record names end with a period, don't append the hosted zone.

Environment

  • K8s Rev: v1.31.3-eks-56e63d8
  • route53-controller release: v0.0.19

Relevant Issues
@michaelhtm michaelhtm added kind/bug Categorizes issue or PR as related to a bug. service/route53 Indicates issues or PRs that are related to route53-controller. labels Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. service/route53 Indicates issues or PRs that are related to route53-controller.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bongardino @michaelhtm