Skip to content

Fix: extra-dns-labels not being applied to pods #82

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix: extra-dns-labels not being applied to pods #82

wants to merge 1 commit into from

Conversation

@christian-deleon
Copy link

@christian-deleon christian-deleon commented Nov 22, 2025
edited
Loading

Fix: NetBird extra-dns-labels not being applied to pods

Problem

The netbird.io/extra-dns-labels annotation was not working when applied to pods. Despite the webhook detecting the annotation and adding it to the NetBird container configuration, the extra DNS labels were not appearing in the NetBird UI or being applied to registered peers.

Root Cause

The pod webhook had two issues:

  1. Invalid setup key argument: The webhook was passing --setup-key-file /etc/nbkey to the NetBird client, but this file path was never created. The setup key was already being passed via the NB_SETUP_KEY environment variable, making the file-based approach unnecessary and causing confusion in the client startup.

  2. NetBird CLI flag bug: The webhook was using the --extra-dns-labels command line flag, but NetBird has a known issue (netbirdio/netbird#4282) where this flag is not properly processed. The workaround is to use the NB_EXTRA_DNS_LABELS environment variable instead.

Solution

  • Removed the --setup-key-file argument entirely since the setup key is provided via environment variable
  • Removed all command line arguments from the NetBird container
  • Added NB_EXTRA_DNS_LABELS environment variable when the netbird.io/extra-dns-labels annotation is present
  • NetBird client now uses only environment variables for configuration, which is more reliable and matches the pattern used by the NBRoutingPeer controller

Changes

Before:

args := []string{
    "--setup-key-file", "/etc/nbkey",
    "-m", managementURL,
}
// ... add extra-dns-labels to args

After:

envVars := []corev1.EnvVar{
    {Name: "NB_SETUP_KEY", ValueFrom: ...},
    {Name: "NB_MANAGEMENT_URL", Value: managementURL},
}
// ... conditionally add NB_EXTRA_DNS_LABELS to envVars

Testing

  1. Create a deployment with the netbird.io/setup-key and netbird.io/extra-dns-labels annotations:
annotations:
  netbird.io/setup-key: my-setup-key
  netbird.io/extra-dns-labels: "my-label,another-label"
  1. Verify the environment variable is set:
kubectl get pod <pod-name> -o jsonpath='{.spec.containers[?(@.name=="netbird")].env[*]}' | jq .

  1. Check the NetBird UI to confirm the extra DNS labels appear on the registered peer

  2. Verify the NetBird container logs show successful registration without errors

References

This fix ensures that the netbird.io/extra-dns-labels annotation works as documented and provides a more robust configuration method by using environment variables consistently across all NetBird deployments in the operator.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mohamed-essam mohamed-essam Awaiting requested review from mohamed-essam

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@christian-deleon