Long tunnel names cause errors when creating DNS records

[irumaru]

summary

If the tunnel name is long, the length of the comment in the DNS record exceeds the limit of 100 characters.
In that case, it seems that DNS records cannot be registered.

Therefore, it is necessary to ensure that the comment length does not exceed 100 characters.

Details

When I created the Ingress resource, I received the following error.

2024/10/23 12:04:14 controller-runtime: "caller"={"file"="controller.go" "line"=316} "msg"="Reconciler error" "error"="put exposures: update DNS CNAME record: update DNS CNAME record for zone [example.com]: create DNS record for zone example.com, hostname test-svc.example.com: DNS record comment exceeds the maximum length of 100 characters. (9313)" "controller"="ingress" "controllerGroup"="networking.k8s.io" "controllerKind"="Ingress" "Ingress"={"name"="test-ingress" "namespace"="default"} "namespace"="default" "name"="test-ingress" "reconcileID"="45ab836b-e535-42bd-94a9-68147dee1792"

The following code was temporarily changed for debugging purposes.
https://github.com/STRRL/cloudflare-tunnel-ingress-controller/blob/master/pkg/cloudflare-controller/tunnel-client.go#L150

			return errors.Wrapf(err, "create DNS record for zone %s, hostname %s, comment {{{%s}}}", zone.Name, item.Hostname, item.Comment)

Here is the controller's log afterwards.

2024/10/23 12:50:46 controller-runtime: "caller"={"file"="controller.go" "line"=316} "msg"="Reconciler error" "error"="put exposures: update DNS CNAME record: update DNS CNAME record for zone [example.com]: create DNS record for zone example.com, hostname test-svc.example.com, comment {{{managed by strrl.dev/cloudflare-tunnel-ingress-controller, tunnel [cloudflare-ingress-controller-test-tunnel]}}}: DNS record comment exceeds the maximum length of 100 characters. (9313)" "controller"="ingress" "controllerGroup"="networking.k8s.io" "controllerKind"="Ingress" "Ingress"={"name"="test-ingress" "namespace"="default"} "namespace"="default" "name"="test-ingress" "reconcileID"="6e11491d-e1b7-4dc8-ab1c-380eff44c80c"

There are 110 characters in the COMMENT string

managed by strrl.dev/cloudflare-tunnel-ingress-controller, tunnel [cloudflare-ingress-controller-test-tunnel]

[STRRL]

Thanks for your contribution for reporting this issue! 🚀

Get that, using DNS record comments for annotating metadata(this DNS Record is controlled by which operator) is NOT good. Maybe we could use TXT record as instead.

What do you think about that? Do you have any suggestions? ❤️

[irumaru]

Thank you for your response.

I think using a TXT record is not good for security, because information about the connection is visible to the outside world.

How about not including the tunnel name as connection information?

Specifically, the comment in the DNS record should be as follows

managed by strrl.dev/cloudflare-tunnel-ingress-controller

[irumaru]

I think it's fine because you can check the tunnel name from the Cloudflare Dashboard without including it. What do you think?

[STRRL]

Let me take a look why we need setup the comment 🤔

[irumaru]

How about limiting the length of tunnel names and displaying an error message if the limit is exceeded when the controller is started, so that it will not start?

Example

Due to the comment length limit of Cloudflare's DNS records, the tunnel name must be 31 characters or less.

Or, how about cutting off the excess part if the total length exceeds 100 characters?
Example

managed by strrl.dev/cloudflare-tunnel-ingress-controller, tunnel [cloudflare-ingress-controller...