From 6e68162621ce618682fabe567a7b2bd78d126ff6 Mon Sep 17 00:00:00 2001
From: Federico Maleh <fedemaleh@yahoo.com.ar>
Date: Fri, 10 Apr 2026 16:12:44 -0300
Subject: [PATCH 1/2] Skip alb validations when cloud is not alb

---
 k8s/scope/networking/resolve_balancer         | 97 ++++++++++---------
 .../tests/networking/resolve_balancer.bats    | 46 ++++++++-
 k8s/scope/tests/validate_alb_capacity.bats    | 83 ++++++++++++----
 k8s/scope/validate_alb_capacity               |  7 +-
 4 files changed, 165 insertions(+), 68 deletions(-)

diff --git a/k8s/scope/networking/resolve_balancer b/k8s/scope/networking/resolve_balancer
index 559cb870..fd07a68f 100755
--- a/k8s/scope/networking/resolve_balancer
+++ b/k8s/scope/networking/resolve_balancer
@@ -2,7 +2,7 @@
 
 # Resolves the ALB name to use for the scope's ingress.
 #
-# Resolution priority:
+# Resolution priority (when DNS_TYPE is route53):
 #   1. Route53 — if a DNS record already exists for the scope domain,
 #      use the ALB it points to (ensures DNS/ingress consistency)
 #   2. Load balancing — when additional balancers are configured, pick
@@ -10,7 +10,10 @@
 #   3. Provider config — base ALB from scope-configurations or
 #      container-orchestration provider
 #
+# For non-route53 DNS types, only priority 3 (provider config) is used.
+#
 # Inputs (env vars):
+#   DNS_TYPE            - DNS provider type (route53, azure, external_dns)
 #   INGRESS_VISIBILITY  - "internet-facing" or "internal"
 #   CONTEXT             - JSON with provider configuration
 #   REGION              - AWS region (for elbv2 API calls)
@@ -142,64 +145,68 @@ else
   )
 fi
 
-# Priority 1: Check Route53 for an existing DNS record
-SCOPE_DOMAIN_VAL=$(echo "$CONTEXT" | jq -r '.scope.domain // empty')
-EXISTING_ALB=""
+if [[ "$DNS_TYPE" == "route53" ]]; then
+  # Priority 1: Check Route53 for an existing DNS record
+  SCOPE_DOMAIN_VAL=$(echo "$CONTEXT" | jq -r '.scope.domain // empty')
+  EXISTING_ALB=""
 
-if [ -n "$SCOPE_DOMAIN_VAL" ]; then
-  EXISTING_ALB=$(get_alb_from_route53 "$SCOPE_DOMAIN_VAL" "$REGION" 2>/dev/null) || true
-fi
+  if [ -n "$SCOPE_DOMAIN_VAL" ]; then
+    EXISTING_ALB=$(get_alb_from_route53 "$SCOPE_DOMAIN_VAL" "$REGION" 2>/dev/null) || true
+  fi
 
-if [ -n "$EXISTING_ALB" ]; then
-  log info "📝 Using ALB '$EXISTING_ALB' from Route53 record for $SCOPE_DOMAIN_VAL"
-  ALB_NAME="$EXISTING_ALB"
-else
-  # Priority 2: If additional balancers configured, pick the least-loaded one
-  ADDITIONAL_BALANCERS=""
-  if [ "$INGRESS_VISIBILITY" = "internet-facing" ]; then
-    ADDITIONAL_BALANCERS=$(get_config_value \
-      --provider '.providers["scope-configurations"].networking.additional_public_balancers' \
-      --provider '.providers["container-orchestration"].balancer.additional_public_names' \
-      --default ""
-    )
+  if [ -n "$EXISTING_ALB" ]; then
+    log info "📝 Using ALB '$EXISTING_ALB' from Route53 record for $SCOPE_DOMAIN_VAL"
+    ALB_NAME="$EXISTING_ALB"
   else
-    ADDITIONAL_BALANCERS=$(get_config_value \
-      --provider '.providers["scope-configurations"].networking.additional_private_balancers' \
-      --provider '.providers["container-orchestration"].balancer.additional_private_names' \
-      --default ""
-    )
-  fi
+    # Priority 2: If additional balancers configured, pick the least-loaded one
+    ADDITIONAL_BALANCERS=""
+    if [ "$INGRESS_VISIBILITY" = "internet-facing" ]; then
+      ADDITIONAL_BALANCERS=$(get_config_value \
+        --provider '.providers["scope-configurations"].networking.additional_public_balancers' \
+        --provider '.providers["container-orchestration"].balancer.additional_public_names' \
+        --default ""
+      )
+    else
+      ADDITIONAL_BALANCERS=$(get_config_value \
+        --provider '.providers["scope-configurations"].networking.additional_private_balancers' \
+        --provider '.providers["container-orchestration"].balancer.additional_private_names' \
+        --default ""
+      )
+    fi
+
+    if [ -n "$ADDITIONAL_BALANCERS" ] && [ "$ADDITIONAL_BALANCERS" != "null" ] && [ "$ADDITIONAL_BALANCERS" != "[]" ]; then
+      log debug "🔍 Additional balancers configured, resolving least-loaded ALB..."
 
-  if [ -n "$ADDITIONAL_BALANCERS" ] && [ "$ADDITIONAL_BALANCERS" != "null" ] && [ "$ADDITIONAL_BALANCERS" != "[]" ]; then
-    log debug "🔍 Additional balancers configured, resolving least-loaded ALB..."
+      CANDIDATES=$(echo "$ADDITIONAL_BALANCERS" | jq -r --arg base "$ALB_NAME" '[$base] + . | .[]')
 
-    CANDIDATES=$(echo "$ADDITIONAL_BALANCERS" | jq -r --arg base "$ALB_NAME" '[$base] + . | .[]')
+      log debug "📋 Candidate balancers: $(echo "$CANDIDATES" | paste -sd ',' - | sed 's/,/, /g')"
 
-    log debug "📋 Candidate balancers: $(echo "$CANDIDATES" | paste -sd ',' - | sed 's/,/, /g')"
+      MIN_RULES=-1
+      BEST_ALB="$ALB_NAME"
 
-    MIN_RULES=-1
-    BEST_ALB="$ALB_NAME"
+      for CANDIDATE in $CANDIDATES; do
+        RULE_COUNT=$(get_alb_rule_count "$CANDIDATE" 2>/dev/null) || {
+          log warn "⚠️  Could not query rules for ALB '$CANDIDATE', skipping"
+          continue
+        }
 
-    for CANDIDATE in $CANDIDATES; do
-      RULE_COUNT=$(get_alb_rule_count "$CANDIDATE" 2>/dev/null) || {
-        log warn "⚠️  Could not query rules for ALB '$CANDIDATE', skipping"
-        continue
-      }
+        log debug "📋 ALB '$CANDIDATE': $RULE_COUNT rules"
 
-      log debug "📋 ALB '$CANDIDATE': $RULE_COUNT rules"
+        if [ "$MIN_RULES" -eq -1 ] || [ "$RULE_COUNT" -lt "$MIN_RULES" ]; then
+          MIN_RULES=$RULE_COUNT
+          BEST_ALB="$CANDIDATE"
+        fi
+      done
 
-      if [ "$MIN_RULES" -eq -1 ] || [ "$RULE_COUNT" -lt "$MIN_RULES" ]; then
-        MIN_RULES=$RULE_COUNT
-        BEST_ALB="$CANDIDATE"
+      if [ "$BEST_ALB" != "$ALB_NAME" ]; then
+        log info "📝 Selected ALB '$BEST_ALB' ($MIN_RULES rules) over default '$ALB_NAME'"
       fi
-    done
 
-    if [ "$BEST_ALB" != "$ALB_NAME" ]; then
-      log info "📝 Selected ALB '$BEST_ALB' ($MIN_RULES rules) over default '$ALB_NAME'"
+      ALB_NAME="$BEST_ALB"
     fi
-
-    ALB_NAME="$BEST_ALB"
   fi
+else
+  log debug "📋 DNS type is '$DNS_TYPE', skipping Route53 lookup and load balancing"
 fi
 
 export ALB_NAME
diff --git a/k8s/scope/tests/networking/resolve_balancer.bats b/k8s/scope/tests/networking/resolve_balancer.bats
index 60ba2ace..676d8c67 100644
--- a/k8s/scope/tests/networking/resolve_balancer.bats
+++ b/k8s/scope/tests/networking/resolve_balancer.bats
@@ -12,6 +12,7 @@ setup() {
 
   export SCRIPT="$PROJECT_ROOT/k8s/scope/networking/resolve_balancer"
   export REGION="us-east-1"
+  export DNS_TYPE="route53"
 
   # Default: aws returns failure (no Route53 record, no ALBs)
   aws() { return 1; }
@@ -72,7 +73,7 @@ mock_route53_alb() {
         return 0
         ;;
       *describe-load-balancers*)
-        echo '${alb_name}'
+        echo '{\"LoadBalancers\":[{\"LoadBalancerName\":\"${alb_name}\",\"DNSName\":\"${alb_dns}\"}]}'
         return 0
         ;;
       *)
@@ -453,3 +454,46 @@ mock_alb_rules() {
 
   assert_equal "$ALB_NAME" "co-balancer-public"
 }
+
+# =============================================================================
+# DNS_TYPE guard — non-route53 skips Route53 lookup and load balancing
+# =============================================================================
+@test "resolve_balancer: skips Route53 and load balancing for external_dns" {
+  export INGRESS_VISIBILITY="internet-facing"
+  export DNS_TYPE="external_dns"
+  export CONTEXT=$(echo "$CONTEXT" | jq '
+    .providers["scope-configurations"].networking.additional_public_balancers = ["alb-extra-1"]
+  ')
+  mock_route53_alb "alb-from-dns"
+
+  source "$SCRIPT"
+
+  assert_equal "$ALB_NAME" "co-balancer-public"
+}
+
+@test "resolve_balancer: skips Route53 and load balancing for azure" {
+  export INGRESS_VISIBILITY="internet-facing"
+  export DNS_TYPE="azure"
+
+  source "$SCRIPT"
+
+  assert_equal "$ALB_NAME" "co-balancer-public"
+}
+
+@test "resolve_balancer: uses provider config for non-route53 (private)" {
+  export INGRESS_VISIBILITY="internal"
+  export DNS_TYPE="external_dns"
+
+  source "$SCRIPT"
+
+  assert_equal "$ALB_NAME" "co-balancer-private"
+}
+
+@test "resolve_balancer: logs skip message for non-route53 DNS" {
+  export INGRESS_VISIBILITY="internet-facing"
+  export DNS_TYPE="external_dns"
+
+  run bash -c 'export LOG_LEVEL=debug; source "$SCRIPT"'
+
+  assert_contains "$output" "DNS type is 'external_dns', skipping Route53 lookup and load balancing"
+}
diff --git a/k8s/scope/tests/validate_alb_capacity.bats b/k8s/scope/tests/validate_alb_capacity.bats
index 547ee639..af08defd 100644
--- a/k8s/scope/tests/validate_alb_capacity.bats
+++ b/k8s/scope/tests/validate_alb_capacity.bats
@@ -15,6 +15,7 @@ setup() {
   export ALB_NAME="k8s-nullplatform-internet-facing"
   export REGION="us-east-1"
   export ALB_MAX_CAPACITY="75"
+  export DNS_TYPE="route53"
 
   # Base CONTEXT
   export CONTEXT='{
@@ -49,7 +50,7 @@ teardown() {
 # Success flow
 # =============================================================================
 @test "validate_alb_capacity: success when under capacity" {
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "🔍 Validating ALB capacity for 'k8s-nullplatform-internet-facing'..."
@@ -60,7 +61,7 @@ teardown() {
 @test "validate_alb_capacity: displays debug info" {
   export LOG_LEVEL="debug"
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "📋 ALB: k8s-nullplatform-internet-facing | Region: us-east-1 | Max capacity: 75 rules"
@@ -86,7 +87,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "📋 ALB 'k8s-nullplatform-internet-facing' has 10 rules (max capacity: 75)"
@@ -115,7 +116,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ ALB 'k8s-nullplatform-internet-facing' has reached capacity: 75/75 rules"
@@ -147,7 +148,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ ALB 'k8s-nullplatform-internet-facing' has reached capacity: 90/75 rules"
@@ -159,7 +160,7 @@ teardown() {
 @test "validate_alb_capacity: uses default ALB_MAX_CAPACITY of 75" {
   unset ALB_MAX_CAPACITY
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "📋 ALB 'k8s-nullplatform-internet-facing' has 60 rules (max capacity: 75)"
@@ -168,7 +169,7 @@ teardown() {
 @test "validate_alb_capacity: ALB_MAX_CAPACITY from env var" {
   export ALB_MAX_CAPACITY="50"
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ ALB 'k8s-nullplatform-internet-facing' has reached capacity: 60/50 rules"
@@ -178,7 +179,7 @@ teardown() {
   export CONTEXT='{"providers":{"scope-configurations":{"networking":{"alb_max_capacity":"50"}}}}'
   export ALB_MAX_CAPACITY="75"
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ ALB 'k8s-nullplatform-internet-facing' has reached capacity: 60/50 rules"
@@ -188,7 +189,7 @@ teardown() {
   export CONTEXT='{"providers":{"scope-configurations":{"networking":{"alb_max_capacity":"100"}}}}'
   export ALB_MAX_CAPACITY="50"
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "📋 ALB 'k8s-nullplatform-internet-facing' has 60 rules (max capacity: 100)"
@@ -199,7 +200,7 @@ teardown() {
   export CONTEXT='{"providers":{"container-orchestration":{"balancer":{"alb_capacity_threshold":"50"}}}}'
   export ALB_MAX_CAPACITY="75"
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ ALB 'k8s-nullplatform-internet-facing' has reached capacity: 60/50 rules"
@@ -208,7 +209,7 @@ teardown() {
 @test "validate_alb_capacity: scope-configurations takes priority over container-orchestration" {
   export CONTEXT='{"providers":{"scope-configurations":{"networking":{"alb_max_capacity":"100"}},"container-orchestration":{"balancer":{"alb_capacity_threshold":"50"}}}}'
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "📋 ALB 'k8s-nullplatform-internet-facing' has 60 rules (max capacity: 100)"
@@ -228,7 +229,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ Failed to find load balancer 'k8s-nullplatform-internet-facing' in region 'us-east-1'"
@@ -250,7 +251,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ Load balancer 'k8s-nullplatform-internet-facing' not found in region 'us-east-1'"
@@ -276,7 +277,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ Failed to describe listeners for ALB 'k8s-nullplatform-internet-facing'"
@@ -301,7 +302,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "⚠️  No listeners found on ALB 'k8s-nullplatform-internet-facing', skipping capacity check"
@@ -326,7 +327,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ Failed to describe rules for listener"
@@ -359,7 +360,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "📋 ALB 'k8s-nullplatform-internet-facing' has 0 rules (max capacity: 75)"
@@ -385,7 +386,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "✅ ALB capacity validated: 74/75 rules"
@@ -410,7 +411,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ Unexpected non-numeric rule count from listener"
@@ -425,7 +426,7 @@ teardown() {
 @test "validate_alb_capacity: fails when ALB_MAX_CAPACITY is non-numeric" {
   export ALB_MAX_CAPACITY="abc"
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ ALB_MAX_CAPACITY must be a numeric value, got: 'abc'"
@@ -444,8 +445,48 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ Load balancer 'k8s-nullplatform-internet-facing' not found in region 'us-east-1'"
 }
+
+# =============================================================================
+# DNS_TYPE guard
+# =============================================================================
+@test "validate_alb_capacity: skips when DNS_TYPE is external_dns" {
+  export DNS_TYPE="external_dns"
+
+  run bash -c 'source "$SCRIPT"'
+
+  assert_equal "$status" "0"
+  [[ "$output" != *"🔍 Validating ALB capacity"* ]]
+}
+
+@test "validate_alb_capacity: skips when DNS_TYPE is azure" {
+  export DNS_TYPE="azure"
+
+  run bash -c 'source "$SCRIPT"'
+
+  assert_equal "$status" "0"
+  [[ "$output" != *"🔍 Validating ALB capacity"* ]]
+}
+
+@test "validate_alb_capacity: skips with debug message for non-route53 DNS" {
+  export DNS_TYPE="external_dns"
+  export LOG_LEVEL="debug"
+
+  run bash -c 'source "$SCRIPT"'
+
+  assert_equal "$status" "0"
+  assert_contains "$output" "DNS type is 'external_dns', ALB capacity validation only applies to route53, skipping"
+}
+
+@test "validate_alb_capacity: runs when DNS_TYPE is route53" {
+  export DNS_TYPE="route53"
+
+  run bash -c 'source "$SCRIPT"'
+
+  assert_equal "$status" "0"
+  assert_contains "$output" "🔍 Validating ALB capacity for 'k8s-nullplatform-internet-facing'..."
+}
diff --git a/k8s/scope/validate_alb_capacity b/k8s/scope/validate_alb_capacity
index b431787b..1caf0439 100755
--- a/k8s/scope/validate_alb_capacity
+++ b/k8s/scope/validate_alb_capacity
@@ -5,6 +5,11 @@ set -euo pipefail
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 source "$SCRIPT_DIR/../utils/get_config_value"
 
+if [[ "$DNS_TYPE" != "route53" ]]; then
+    log debug "📋 DNS type is '$DNS_TYPE', ALB capacity validation only applies to route53, skipping"
+    return 0
+fi
+
 ALB_MAX_CAPACITY=$(get_config_value \
   --env ALB_MAX_CAPACITY \
   --provider '.providers["scope-configurations"].networking.alb_max_capacity' \
@@ -76,7 +81,7 @@ LISTENER_ARNS=$(aws elbv2 describe-listeners \
 
 if [[ -z "$LISTENER_ARNS" ]] || [[ "$LISTENER_ARNS" == "None" ]]; then
     log warn "⚠️  No listeners found on ALB '$ALB_NAME', skipping capacity check"
-    exit 0
+    return 0
 fi
 
 # Count rules across all listeners (excluding default rules)

From a95ddea6abd4b347fa9573197c4c31cdb712ab2e Mon Sep 17 00:00:00 2001
From: Federico Maleh <fedemaleh@yahoo.com.ar>
Date: Fri, 10 Apr 2026 16:19:12 -0300
Subject: [PATCH 2/2] Skip alb validations when cloud is not alb

---
 .../validate_alb_target_group_capacity.bats   | 77 ++++++++++++++-----
 .../validate_alb_target_group_capacity        |  5 ++
 2 files changed, 64 insertions(+), 18 deletions(-)

diff --git a/k8s/deployment/tests/validate_alb_target_group_capacity.bats b/k8s/deployment/tests/validate_alb_target_group_capacity.bats
index 3e6fb50d..08d1f28c 100644
--- a/k8s/deployment/tests/validate_alb_target_group_capacity.bats
+++ b/k8s/deployment/tests/validate_alb_target_group_capacity.bats
@@ -15,6 +15,7 @@ setup() {
   export ALB_NAME="k8s-nullplatform-internet-facing"
   export REGION="us-east-1"
   export ALB_MAX_TARGET_GROUPS="98"
+  export DNS_TYPE="route53"
 
   # Base CONTEXT
   export CONTEXT='{
@@ -45,7 +46,7 @@ teardown() {
 # Success flow
 # =============================================================================
 @test "validate_alb_target_group_capacity: success when under capacity" {
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "🔍 Validating ALB target group capacity for 'k8s-nullplatform-internet-facing'..."
@@ -56,7 +57,7 @@ teardown() {
 @test "validate_alb_target_group_capacity: displays debug info" {
   export LOG_LEVEL="debug"
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "📋 ALB: k8s-nullplatform-internet-facing | Region: us-east-1 | Max target groups: 98"
@@ -81,7 +82,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ ALB 'k8s-nullplatform-internet-facing' has reached target group capacity: 98/98"
@@ -109,7 +110,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ ALB 'k8s-nullplatform-internet-facing' has reached target group capacity: 100/98"
@@ -121,7 +122,7 @@ teardown() {
 @test "validate_alb_target_group_capacity: uses default ALB_MAX_TARGET_GROUPS of 98" {
   unset ALB_MAX_TARGET_GROUPS
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "📋 ALB 'k8s-nullplatform-internet-facing' has 40 target groups (max: 98)"
@@ -130,7 +131,7 @@ teardown() {
 @test "validate_alb_target_group_capacity: ALB_MAX_TARGET_GROUPS from env var" {
   export ALB_MAX_TARGET_GROUPS="30"
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ ALB 'k8s-nullplatform-internet-facing' has reached target group capacity: 40/30"
@@ -140,7 +141,7 @@ teardown() {
   export CONTEXT='{"providers":{"scope-configurations":{"networking":{"alb_max_target_groups":"30"}}}}'
   export ALB_MAX_TARGET_GROUPS="98"
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ ALB 'k8s-nullplatform-internet-facing' has reached target group capacity: 40/30"
@@ -150,7 +151,7 @@ teardown() {
   export CONTEXT='{"providers":{"container-orchestration":{"balancer":{"alb_max_target_groups":"30"}}}}'
   export ALB_MAX_TARGET_GROUPS="98"
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ ALB 'k8s-nullplatform-internet-facing' has reached target group capacity: 40/30"
@@ -159,7 +160,7 @@ teardown() {
 @test "validate_alb_target_group_capacity: scope-configurations takes priority over container-orchestration" {
   export CONTEXT='{"providers":{"scope-configurations":{"networking":{"alb_max_target_groups":"100"}},"container-orchestration":{"balancer":{"alb_max_target_groups":"30"}}}}'
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "📋 ALB 'k8s-nullplatform-internet-facing' has 40 target groups (max: 100)"
@@ -169,7 +170,7 @@ teardown() {
   export CONTEXT='{"providers":{"scope-configurations":{"networking":{"alb_max_target_groups":"100"}}}}'
   export ALB_MAX_TARGET_GROUPS="30"
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "📋 ALB 'k8s-nullplatform-internet-facing' has 40 target groups (max: 100)"
@@ -190,7 +191,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ Failed to find load balancer 'k8s-nullplatform-internet-facing' in region 'us-east-1'"
@@ -212,7 +213,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ Load balancer 'k8s-nullplatform-internet-facing' not found in region 'us-east-1'"
@@ -233,7 +234,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ Failed to describe target groups for ALB 'k8s-nullplatform-internet-facing'"
@@ -261,7 +262,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "📋 ALB 'k8s-nullplatform-internet-facing' has 0 target groups (max: 98)"
@@ -283,7 +284,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "0"
   assert_contains "$output" "✅ ALB target group capacity validated: 97/98"
@@ -304,7 +305,7 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ Unexpected non-numeric target group count from ALB"
@@ -317,7 +318,7 @@ teardown() {
 @test "validate_alb_target_group_capacity: fails when ALB_MAX_TARGET_GROUPS is non-numeric" {
   export ALB_MAX_TARGET_GROUPS="abc"
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ ALB_MAX_TARGET_GROUPS must be a numeric value, got: 'abc'"
@@ -336,8 +337,48 @@ teardown() {
   }
   export -f aws
 
-  run bash "$SCRIPT"
+  run bash -c 'source "$SCRIPT"'
 
   assert_equal "$status" "1"
   assert_contains "$output" "❌ Load balancer 'k8s-nullplatform-internet-facing' not found in region 'us-east-1'"
 }
+
+# =============================================================================
+# DNS_TYPE guard
+# =============================================================================
+@test "validate_alb_target_group_capacity: skips when DNS_TYPE is external_dns" {
+  export DNS_TYPE="external_dns"
+
+  run bash -c 'source "$SCRIPT"'
+
+  assert_equal "$status" "0"
+  [[ "$output" != *"🔍 Validating ALB target group capacity"* ]]
+}
+
+@test "validate_alb_target_group_capacity: skips when DNS_TYPE is azure" {
+  export DNS_TYPE="azure"
+
+  run bash -c 'source "$SCRIPT"'
+
+  assert_equal "$status" "0"
+  [[ "$output" != *"🔍 Validating ALB target group capacity"* ]]
+}
+
+@test "validate_alb_target_group_capacity: skips with debug message for non-route53 DNS" {
+  export DNS_TYPE="external_dns"
+  export LOG_LEVEL="debug"
+
+  run bash -c 'source "$SCRIPT"'
+
+  assert_equal "$status" "0"
+  assert_contains "$output" "DNS type is 'external_dns', ALB target group validation only applies to route53, skipping"
+}
+
+@test "validate_alb_target_group_capacity: runs when DNS_TYPE is route53" {
+  export DNS_TYPE="route53"
+
+  run bash -c 'source "$SCRIPT"'
+
+  assert_equal "$status" "0"
+  assert_contains "$output" "🔍 Validating ALB target group capacity for 'k8s-nullplatform-internet-facing'..."
+}
diff --git a/k8s/deployment/validate_alb_target_group_capacity b/k8s/deployment/validate_alb_target_group_capacity
index e7d50cb2..f5ecaf98 100755
--- a/k8s/deployment/validate_alb_target_group_capacity
+++ b/k8s/deployment/validate_alb_target_group_capacity
@@ -5,6 +5,11 @@ set -euo pipefail
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 source "$SCRIPT_DIR/../utils/get_config_value"
 
+if [[ "$DNS_TYPE" != "route53" ]]; then
+    log debug "📋 DNS type is '$DNS_TYPE', ALB target group validation only applies to route53, skipping"
+    return 0
+fi
+
 ALB_MAX_TARGET_GROUPS=$(get_config_value \
   --env ALB_MAX_TARGET_GROUPS \
   --provider '.providers["scope-configurations"].networking.alb_max_target_groups' \