Currently, nginx-ingress controller can be run as a ClusterIP type service, however, it does not allow publishing this service’s endpoints to associated ingress objects. As a result, external-dns is not able to detect these ingress objects without any IP Address to create/update A DNS records for them.
Why?
Many may argue that why will someone need DNS records for ingress objects using ClusterIP type nginx-ingress service. They aren’t reachable from outside the kubernetes cluster, anyways.
However, I see a number of reasons why you will want to create DNS records for ingress objects associated with a ClusterIP type nginx-ingress service.
- Regarding accessing the cluster’s internal network from outside, we can always install OpenVPN in the Kubernetes cluster using this chart, and expose it to the internet using
NodePortorLoadBalancertype service. - Always creating
LoadBalancertype service can be costly. - Some cloud providers like DigitalOcean do not support private load balancer, and their compute nodes are accessible over the public internet. So, we cannot expose our internal applications via
LoadBalancerorNodePorttype service in these cloud providers.
So, I see a solid reason why we might want to enable publishing endpoints for ClusterIP type nginx-ingress service to the associated ingress objects, so that external-dns can discover them for publishing DNS records for them.
How?
If you look at the source of nginx-ingress here: kubernetes/ingress-nginx, you will see that publishService is done only for LoadBalancer and NodePort type service. All we need to do is enable it for ClusterIP as well.
This is how I achieved it here: https://github.com/kubernetes/ingress-nginx/pull/4462
I have already built a docker image from this change and I am using this custom image in my personal DigitalOcean Kubernetes cluster. And, it worked like a charm.
docker.io/rtnpro/nginx-ingress-controller-amd64:latest
If you want to do something similar, please feel free to use my work above.