From 45886608db4e85993e6bf7e15ba35d96e0489890 Mon Sep 17 00:00:00 2001 From: afirth Date: Wed, 3 Nov 2021 10:40:37 +0100 Subject: [PATCH] Expand the AWS tutorial with common args to mitigate rate limiting --- docs/tutorials/aws.md | 41 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 38 insertions(+), 3 deletions(-) diff --git a/docs/tutorials/aws.md b/docs/tutorials/aws.md index 75dfbfc6f1..0c0c42ec22 100644 --- a/docs/tutorials/aws.md +++ b/docs/tutorials/aws.md @@ -464,6 +464,41 @@ $ aws route53 delete-hosted-zone --id /hostedzone/ZEWFWZ4R16P7IB ## Throttling Route53 has a [5 API requests per second per account hard quota](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests-route-53). -Running several fast polling ExternalDNS instances in a given account can easily hit that limit. Some ways to circumvent that issue includes: -* Augment the synchronization interval (`--interval`), at the cost of slower changes propagation. -* If the ExternalDNS managed zones list doesn't change frequently, set `--aws-zones-cache-duration` (zones list cache time-to-live) to a larger value. Note that zones list cache can be disabled with `--aws-zones-cache-duration=0s`. +Running several fast polling ExternalDNS instances in a given account can easily hit that limit. Some ways to reduce the request rate include: +* Reduce the polling loop's synchronization interval at the possible cost of slower change propagation (but see `--events` below to reduce the impact). + * `--interval=5m` (default `1m`) +* Trigger the polling loop on changes to K8s objects, rather than only at `interval`, to have responsive updates with long poll intervals + * `--events` +* Limit the [sources watched](https://github.com/kubernetes-sigs/external-dns/blob/master/pkg/apis/externaldns/types.go#L364) when the `--events` flag is specified to specific types, namespaces, labels, or annotations + * `--source=ingress --source=service` - specify multiple times for multiple sources + * `--namespace=my-app` + * `--label-filter=app in (my-app)` + * `--annotation-filter=kubernetes.io/ingress.class in (nginx-external)` - note that this filter would apply to services too.. +* Limit services watched by type (not applicable to ingress or other types) + * `--service-type-filter=LoadBalancer` default `all` +* Limit the hosted zones considered + * `--zone-id-filter=ABCDEF12345678` - specify multiple times if needed + * `--domain-filter=example.com` by domain suffix - specify multiple times if needed + * `--regex-domain-filter=example*` by domain suffix but as a regex - overrides domain-filter + * `--exclude-domains=ignore.this.example.com` to exclude a domain or subdomain + * `--regex-domain-exclusion=ignore*` subtracts it's matches from `regex-domain-filter`'s matches + * `--aws-zone-type=public` only sync zones of this type `[public|private]` + * `--aws-zone-tags=owner=k8s` only sync zones with this tag +* If the list of zones managed by ExternalDNS doesn't change frequently, cache it by setting a TTL. + * `--aws-zones-cache-duration=3h` (default `0` - disabled) +* Increase the number of changes applied to Route53 in each batch + * `--aws-batch-change-size=4000` (default `1000`) +* Increase the interval between changes + * `--aws-batch-change-interval=10s` (default `1s`) + +### EKS + +An effective starting point for EKS with an ingress controller might look like: + +```bash +--interval=5m +--events +--source=ingress +--domain-filter=example.com +--aws-zones-cache-duration=1h +```