feat: Make TTL configurable for ExternalDNS integration (#218)

Claude · borchero · web-flow · commit 27242babb331 · 2026-02-25T14:28:13.000Z
Co-authored-by: anthropic-code-agent[bot] &lt;242468646+Claude@users.noreply.github.com&gt;
Co-authored-by: borchero &lt;22455425+borchero@users.noreply.github.com&gt;
Co-authored-by: Oliver Borchert &lt;oliver.borchert@quantco.com&gt;
diff --git a/README.md b/README.md
@@ -122,7 +122,7 @@ metadata:
 spec:
   endpoints:
     - dnsName: www.example.com
-      recordTTL: 300
+      recordTTL: 300  # Default TTL, can be customized in Switchboard configuration
       recordType: A
       targets:
         # The target is the public (or, if unavailable, private) IP address of your Traefik
diff --git a/chart/README.md b/chart/README.md
@@ -61,6 +61,7 @@ The following lists all values that may be set when installing this chart (see
 | integrations.externalDNS.targetIPs | list | `[]` | The static IP addresses that created DNS records should point to. Must not be provided    if the target service is set. |
 | integrations.externalDNS.targetService.name | string | `nil` | The name of the (Traefik) service whose IP address should be used for DNS records. |
 | integrations.externalDNS.targetService.namespace | string | `nil` | The namespace of the (Traefik) service whose IP address should be used for DNS records. |
+| integrations.externalDNS.ttl | string | `nil` | The TTL (Time To Live) for DNS records in seconds. If not specified, defaults to 300.    Some DNS providers require a minimum TTL (e.g., deSEC requires 3600). |
 | metrics.enabled | bool | `true` | Whether the metrics endpoint should be enabled. |
 | metrics.port | int | `9090` | The port on which Prometheus metrics can be scraped on path `/metrics`. |
 | nodeSelector | object | `{}` |  |
diff --git a/chart/templates/_config.tpl b/chart/templates/_config.tpl
@@ -48,6 +48,9 @@ integrations:
     {{ else }}
       {{ fail "exactly one of target service and target IPs must be set for external dns" }}
     {{ end }}
+    {{ if $externalDNS.ttl }}
+    ttl: {{ $externalDNS.ttl }}
+    {{ end }}
   {{ end }}
 {{ end }}
 
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -60,6 +60,9 @@ integrations:
       name: ~
       # -- The namespace of the (Traefik) service whose IP address should be used for DNS records.
       namespace: ~
+    # -- The TTL (Time To Live) for DNS records in seconds. If not specified, defaults to 300.
+    #    Some DNS providers require a minimum TTL (e.g., deSEC requires 3600).
+    ttl: ~
 
 metrics:
   # -- Whether the metrics endpoint should be enabled.
diff --git a/internal/config/v1/config.go b/internal/config/v1/config.go
@@ -55,6 +55,7 @@ type IntegrationConfigs struct {
 type ExternalDNSIntegrationConfig struct {
 	TargetService *ServiceRef `json:"targetService,omitempty"`
 	TargetIPs     []string    `json:"targetIPs,omitempty"`
+	TTL           *int64      `json:"ttl,omitempty"`
 }
 
 // CertManagerIntegrationConfig describes the configuration for the cert-manager integration.
diff --git a/internal/controllers/utils.go b/internal/controllers/utils.go
@@ -32,10 +32,12 @@ func integrationsFromConfig(
 					externalDNS.TargetService.Name,
 					externalDNS.TargetService.Namespace,
 				),
+				externalDNS.TTL,
 			))
 		} else {
 			result = append(result, integrations.NewExternalDNS(
 				client, switchboard.NewStaticTarget(externalDNS.TargetIPs...),
+				externalDNS.TTL,
 			))
 		}
 	}
diff --git a/internal/controllers/utils_test.go b/internal/controllers/utils_test.go
@@ -64,4 +64,15 @@ func TestIntegrationsFromConfig(t *testing.T) {
 	}
 	_, err = integrationsFromConfig(config, client)
 	require.NotNil(t, err)
+
+	// Test with custom TTL configuration
+	customTTL := int64(3600)
+	config.Integrations.ExternalDNS = &configv1.ExternalDNSIntegrationConfig{
+		TargetService: &configv1.ServiceRef{Name: "my-service", Namespace: "my-namespace"},
+		TTL:           &customTTL,
+	}
+	integrations, err = integrationsFromConfig(config, client)
+	require.Nil(t, err)
+	assert.Len(t, integrations, 2)
+	assert.Equal(t, "external-dns", integrations[0].Name())
 }
diff --git a/internal/integrations/externaldns.go b/internal/integrations/externaldns.go
@@ -22,9 +22,13 @@ type externalDNS struct {
 }
 
 // NewExternalDNS initializes a new external-dns integration whose created DNS endpoints target the
-// provided service.
-func NewExternalDNS(client client.Client, target switchboard.Target) Integration {
-	return &externalDNS{client, target, 300}
+// provided service. If ttl is nil, a default TTL of 300 seconds is used.
+func NewExternalDNS(client client.Client, target switchboard.Target, ttl *int64) Integration {
+	ttlValue := endpoint.TTL(300)
+	if ttl != nil {
+		ttlValue = endpoint.TTL(*ttl)
+	}
+	return &externalDNS{client, target, ttlValue}
 }
 
 func (*externalDNS) Name() string {
diff --git a/internal/integrations/externaldns_test.go b/internal/integrations/externaldns_test.go
@@ -14,7 +14,7 @@ import (
 )
 
 func TestExternalDNSWatchedObject(t *testing.T) {
-	integration := NewExternalDNS(nil, switchboard.NewServiceTarget("my-name", "my-namespace"))
+	integration := NewExternalDNS(nil, switchboard.NewServiceTarget("my-name", "my-namespace"), nil)
 	obj := integration.WatchedObject()
 	assert.Equal(t, "my-name", obj.GetName())
 	assert.Equal(t, "my-namespace", obj.GetNamespace())
@@ -32,7 +32,7 @@ func TestExternalDNSUpdateResource(t *testing.T) {
 	owner := k8tests.DummyService("my-service", namespace, 80)
 	err := client.Create(ctx, &owner)
 	require.Nil(t, err)
-	integration := NewExternalDNS(client, switchboard.NewServiceTarget(owner.Name, namespace))
+	integration := NewExternalDNS(client, switchboard.NewServiceTarget(owner.Name, namespace), nil)
 
 	// No resource should be created if no hosts are provided
 	var info IngressInfo
@@ -121,6 +121,19 @@ func TestExternalDNSRecordType(t *testing.T) {
 	assert.Equal(t, "CNAME", integration.recordType("example.lb.identifier.amazonaws.com"))
 }
 
+func TestExternalDNSWithCustomTTL(t *testing.T) {
+	// Test with custom TTL
+	customTTL := int64(3600)
+	integration := NewExternalDNS(nil, switchboard.NewServiceTarget("my-name", "my-namespace"), &customTTL)
+	externalDNSImpl := integration.(*externalDNS)
+	assert.Equal(t, endpoint.TTL(3600), externalDNSImpl.ttl)
+
+	// Test with default TTL (nil)
+	integration = NewExternalDNS(nil, switchboard.NewServiceTarget("my-name", "my-namespace"), nil)
+	externalDNSImpl = integration.(*externalDNS)
+	assert.Equal(t, endpoint.TTL(300), externalDNSImpl.ttl)
+}
+
 //-------------------------------------------------------------------------------------------------
 // UTILS
 //-------------------------------------------------------------------------------------------------

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,7 @@ type IntegrationConfigs struct {`
`55`	`55`	`type ExternalDNSIntegrationConfig struct {`
`56`	`56`	TargetService *ServiceRef `json:"targetService,omitempty"`
`57`	`57`	TargetIPs []string `json:"targetIPs,omitempty"`
	`58`	+ TTL *int64 `json:"ttl,omitempty"`
`58`	`59`	`}`
`59`	`60`
`60`	`61`	`// CertManagerIntegrationConfig describes the configuration for the cert-manager integration.`
Original file line number	Diff line number	Diff line change
`@@ -32,10 +32,12 @@ func integrationsFromConfig(`
`32`	`32`	`externalDNS.TargetService.Name,`
`33`	`33`	`externalDNS.TargetService.Namespace,`
`34`	`34`	`),`
	`35`	`+ externalDNS.TTL,`
`35`	`36`	`))`
`36`	`37`	`} else {`
`37`	`38`	`result = append(result, integrations.NewExternalDNS(`
`38`	`39`	`client, switchboard.NewStaticTarget(externalDNS.TargetIPs...),`
	`40`	`+ externalDNS.TTL,`
`39`	`41`	`))`
`40`	`42`	`}`
`41`	`43`	`}`