Question: Exposing an existing app to internet (via cloudflare tunnel)

[serpro69]

Hi,

I've tried to expose homepage to internet after it has been created, and not sure if some steps are needed to expose an existing (previously deployed but not yet exposed) app to internet, or it just takes time.
I've basically added two annotations to homepage ingress:

external-dns.alpha.kubernetes.io/target: "homelab-tunnel.example.com"
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"

and then tried to access it from internet, and that failed.
I couldn't see any new logs in cloudflared namespace while trying to access the homepage. What I did notice is some logs in external-dns namespace that mentioned that some DNS records failed to create because they already existed:

time="2025-07-01T18:23:47Z" level=info msg="Changing record." action=CREATE record=home.example.com ttl=1 type=TXT zone=...
time="2025-07-01T18:23:58Z" level=error msg="failed to create record: An identical record already exists. (81058)" action=CREATE record=home.example.com ttl=1 type=TXT zone=...
time="2025-07-01T18:23:58Z" level=info msg="Changing record." action=CREATE record=cname-home.example.com ttl=1 type=TXT zone=...
time="2025-07-01T18:23:58Z" level=error msg="failed to create record: An identical record already exists. (81058)" action=CREATE record=cname-home.example.com ttl=1 type=TXT zone=...
time="2025-07-01T18:25:31Z" level=info msg="Changing record." action=CREATE record=home.example.com ttl=1 type=CNAME zone=...
time="2025-07-01T18:25:32Z" level=error msg="failed to create record: An A, AAAA, or CNAME record with that host already exists. For more details, refer to <https://developers.cloudflare.com/dns/manage-dns-records/troubleshooting/records-with-same-name/>. (81053)" action=CREATE record=home.example.com ttl=1 type=CNAME zone=

So I went and deleted all *home.* records from cloudflare manually (I think I didn't need to delete a-home, since that wasn't re-created 😁 ), and then deleted the app from argo, and then re-synced. After that I am able to access the homepage from internet.
I can see that new home record was created as CNAME and now points to the tunnel.

I'm just wondering because I thought this would happen automatically if I add an annotation to existing app to expose it to internet, but I guess not? Or am I missing some steps?

[khuedoan]

Hi, is the record already existing before you use this project? If yes this is a safety feature to ensure that records that are not owned by the External DNS controller in this project will not be overwritten. Here’s the related config:

homelab/system/external-dns/values.yaml

Line 3 in 23858f4

txtOwnerId: homelab

[serpro69]

No, these particular records were made by the homelab.
For example, when I added the homepage app, it added several records for that app. However, when I tried to expose that app later to internet, the records couldn't be updated it seemed.