fix(source): skip pod DNS when PodIP is empty for IP-derived records

[isumitsolanki]

What does it do ?

Skips pod-source endpoint generation whenever the record would be built from pod.Status.PodIP but that value is still empty (e.g. pod is Pending). This applies to internal hostname annotation, --pod-source-domain without explicit targets, and kops-dns-controller internal hostname. It avoids SuitableType("") producing a CNAME with an empty target; skips are logged at debug, consistent with hostsFromTemplate. Adds three TestPodSource table cases for pending pods with empty PodIP.

Motivation

Fixes #6375 — empty-target CNAMEs could block later A records at the same name (e.g. Azure Private DNS CNAME naming restriction).

More

• Yes, this PR title follows Conventional Commits
• Yes, I added unit tests
• Yes, I updated end user documentation accordingly

[k8s-ci-robot]

Welcome @isumitsolanki!

It looks like this is your first PR to kubernetes-sigs/external-dns 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/external-dns has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @isumitsolanki. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ivankatliarchuk]

/ok-to-test

[coveralls]

Coverage Report for CI Build 25335662845

Warning

Build has drifted: This PR's base is out of sync with its target branch, so coverage data may include unrelated changes.
Quick fix: rebase this PR. Learn more →

Coverage increased (+0.01%) to 80.5%

Details

• Coverage increased (+0.01%) from the base build.
• Patch coverage: No coverable lines changed in this PR.
• 64 coverage regressions across 7 files.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

64 previously-covered lines in 7 files lost coverage.

File	Lines Losing Coverage	Coverage
service.go	25	95.12%
aws/aws.go	23	89.07%
informers/indexers.go	7	90.28%
fake.go	4	96.0%
pod.go	2	97.28%
annotations/processors.go	2	97.37%
v1alpha1/groupversion_info.go	1	0.0%

---

Coverage Stats

Relevant Lines:	21421
Covered Lines:	17244
Line Coverage:	80.5%
Coverage Strength:	1468.95 hits per line

---

💛 - Coveralls

[ivankatliarchuk]

The same pattern appears four times in pod.go — identical log message, identical condition

something like

 // addInternalHostnameAnnotationEndpoints
  if len(targets) == 0 && pod.Status.PodIP == "" {
      log.Debugf("skipping pod %q. PodIP is empty with phase %q", pod.Name, pod.Status.Phase)
      return
  }

  // addKopsDNSControllerEndpoints
  if pod.Status.PodIP == "" {
      log.Debugf("skipping pod %q. PodIP is empty with phase %q", pod.Name, pod.Status.Phase)
  }

  // addPodSourceDomainEndpoints
  if pod.Status.PodIP == "" {
      log.Debugf("skipping pod %q. PodIP is empty with phase %q", pod.Name, pod.Status.Phase)
  }

  // hostsFromTemplate (pre-existing)
  if address.IP == "" {
      log.Debugf("skipping pod %q. PodIP is empty with phase %q", pod.Name, pod.Status.Phase)
  }

A small helper could eliminate the repetition and have a common method

// returns false and logs if PodIP is empty
  func podIPReady(pod *v1.Pod) bool {
      if pod.Status.PodIP == "" {
          log.Debugf("skipping pod %q. PodIP is empty with phase %q", pod.Name, pod.Status.Phase)
          return false
      }
      return true
  }

Then the call sites become a single line each - e.g. if !podIPReady(pod) { return }

[ivankatliarchuk]

Actually after review, a more robust fix would be a single check at the top of addPodEndpointsToEndpointMap

  func (ps *podSource) addPodEndpointsToEndpointMap(endpointMap map[endpoint.EndpointKey][]string, pod *v1.Pod) {
      if ps.ignoreNonHostNetworkPods && !pod.Spec.HostNetwork {
          log.Debugf("skipping pod %s. hostNetwork=false", pod.Name)
          return
      }
      if pod.Status.Phase != v1.PodRunning {
          log.Debugf("skipping pod %q. phase is %q", pod.Name, pod.Status.Phase)
          return
      }
      // ...
  }

This would cover all paths — current and future - with one guard instead of per-function checks. The trade-off is that it also skips Succeeded/Failed pods with explicit targets annotations (which currently still produce records), but that's arguably correct behavior anyway — a terminated pod shouldn't own DNS records.

[ivankatliarchuk]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ivankatliarchuk

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [ivankatliarchuk]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ivankatliarchuk]

Have you tested it? Is the problem resolved? https://github.com/kubernetes-sigs/external-dns/blob/master/CONTRIBUTING.md#how-to-test-a-pr

[isumitsolanki]

Have you tested it? Is the problem resolved? https://github.com/kubernetes-sigs/external-dns/blob/master/CONTRIBUTING.md#how-to-test-a-pr

Hi @ivankatliarchuk , my cluster is on-prem what should i use for --provider ?? I can see any option is available for on-prem.

[ivankatliarchuk]

Exactly as you running the service. Sorry i have no idea, this is your environment

[mloiseleur]

@isumitsolanki You can install build locally a docker image with this PR code, make this image accessible to your k8s cluster and test with it.

[k8s-ci-robot]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.