I'm trying to figure out how to get this setup to work:

• I am using Kube 1.7 (no RBAC) spun up from kops in AWS
• I have a single nginx ingress controller for my entire cluster that is using a LoadBalancer service in the kube-system, namespace installed via Helm
• I have cert-manager setup in kube-system, installed via Helm and using ClusterIssuers
• I have external-dns setup in kube-system installed via Helm
• I have multiple applications, one per namespace, with associated Ingress objects in each namespace.
• I am annotating the Ingresses with the appropriate annotations for both cert-manager (certmanager.k8s.io/cluster-issuer: letsencrypt-prod) and external-dns (dns.alpha.kubernetes.io/external: app.contoso.com)

In this scenario, cert-manager is reacting appropriately to the Ingress object (modifying it to complete the ACME challenge), but external-dns is not doing anything (logs are saying all hostnames are up to date). If I manually add a Route53 record for the ELB associated with the LB service, everything works as expected. Inspecting the Ingress object, I see that the status block looks like so:

status:
  loadBalancer:
    ingress:
    - {}

which I suppose is why external-dns isn't reacting? How do I get this to work? Per the documentation

More troubleshooting information (pod definitions, ingress definitions, controller logs, etc.) can be found here: https://gist.github.com/DWSR/f6d596850346223393bec23b289c9731