Skip to content

route53 - Support for FQDN Record Names (without appended hosted zone names) (ACM validation records) #2232

New issue
New issue
Open
Open
route53 - Support for FQDN Record Names (without appended hosted zone names) (ACM validation records)#2232
Labels
kind/bugCategorizes issue or PR as related to a bug.service/route53Indicates issues or PRs that are related to route53-controller.
@bongardino

Description

@bongardino
bongardino
opened on Dec 18, 2024

Description

Creating aRecordSet resource with spec.name as a fully qualified domain name (FQDN) ending with a period (.) throws an error.
This happens because the domain name corresponding to hostedZoneID is coerced into the spec.name as a suffix

Steps to Reproduce

  1. Create an ACM certificate that requires DNS validation.

  2. Attempt to create a RecordSet for the validation CNAME record using the following spec:

    apiVersion: route53.services.k8s.aws/v1alpha1
kind: RecordSet
metadata:
  name: hello-world-cert-validation
  namespace: default
spec:
  hostedZoneID: Z18NDHFOAV4GGH
  name: _231eec6e74d88e02592b9a8216e6ac46.hello-world.example.com.
  recordType: CNAME
  resourceRecords:
  - value: _55e2e41666e15565c76009875960fa96.zfyfvmchrl.acm-validations.aws.
  ttl: 60

  3. Observe the error:

    InvalidInput: FATAL problem: DomainLabelEmpty (Domain label is empty)
encountered with '_231eec6e74d88e02592b9a8216e6ac46.hello-world.example.com..example.com'
status code: 400, request id: <request-id>

Expected Behavior

The RecordSet should treat spec.name as an absolute FQDN because it ends with a period (.), and no further appending of the hosted zone domain should occur. This behavior is critical for creating ACM validation records, which require FQDNs.

Actual Behavior

The hosted zone domain is appended to the record name, resulting in a misconfigured domain name with duplicate suffixes (example.com..example.com).

Impact

This issue prevents the creation of DNS validation records required for ACM certificate validation via ACK.

Workarounds

  • Remove the trailing period from spec.name and allow Route 53 to append the hosted zone domain, but this doesn't match the requirements for ACM DNS validation
  • Manually create the validation records using the AWS CLI or SDK, bypassing ACK entirely, but this workflow pushes outside of ACK and makes resources more difficult to manage.

Proposed Solution

ACK should support FQDNs in spec.name for RecordSet resources. If record names end with a period, don't append the hosted zone.

Environment

  • K8s Rev: v1.31.3-eks-56e63d8
  • route53-controller release: v0.0.19

Relevant Issues

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.service/route53Indicates issues or PRs that are related to route53-controller.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions