Add source of DNS configuration to AWSPlatformStatus #1397
Conversation
|
Hello @sadasu! Some important instructions when contributing to openshift/api: For merging purposes, this repository follows the no-Feature-Freeze process which means that in addition to the standard
OR
Who should apply these qe/docs/px labels?
|
sadasu
changed the title
openshift-ci
bot
added
the
do-not-merge/work-in-progress
sadasu
force-pushed
the
custom-dns
branch
4 times, most recently
from
bccf116 to
c1fa499
Compare
sadasu
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
sadasu
force-pushed
the
custom-dns
branch
4 times, most recently
from
5285fc0 to
b96d90f
Compare
openshift-merge-robot
added
the
needs-rebase
openshift-merge-robot
removed
the
needs-rebase
config/v1/types_infrastructure.go
Outdated
|
|
||
| // DNSConfig contains the LB IP and DNS Record type to configure a DNS entry. | ||
| type DNSConfig struct { | ||
| // recordType is the DNS record type. |
There was a problem hiding this comment.
Are there a subset that we support here? Would we expect an MX for example? Could this be an enum of the ones we support?
There was a problem hiding this comment.
Yes, it would be useful to make this an enum type. Updating.
|
Heads up, I'm on PTO for the next 2 weeks, so if you need additional reviews in that time, I'd recommend poking in #forum-api-review |
sadasu
changed the title
openshift-ci
bot
added
the
size/L
openshift-ci
bot
added
size/S
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: sadasu The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
sadasu
changed the title
config/v1/types_infrastructure.go
Outdated
| // +default={"provider": "ClusterProvided"} | ||
| // +kubebuilder:default={"provider": "ClusterProvided"} | ||
| // +openshift:enable:FeatureSets=TechPreviewNoUpgrade | ||
| DNSConfig *DNSConfigurationType `json:"dnsConfig"` |
There was a problem hiding this comment.
This should be optional, right? Upgraded clusters won't have this value.
There was a problem hiding this comment.
Kubebuilder will automatically add the default value of provider="ClusterProvided". There is a integration test to that effect.
There was a problem hiding this comment.
But, updating anyways.
There was a problem hiding this comment.
Kubebuilder will automatically add the default value of provider="ClusterProvided". There is a integration test to that effect.
Interesting. I didn't know you could do that! That's cool.
I'm having a hard time wrapping my head around the idea of something being both required and having a default value; to me they seem mutually exclusive, or at least to mutually diminish one another. Just a personal observation/opinion.
Joel helpfullly brought up UPI installs--we don't technically know that all existing clusters are using IPI-style cloud DNS. Users could opt for UPI in order to establish their own non-route53 DNS solutions. I don't know how many that would be, but I'm pretty confident it's non-zero. So if we default this value, I think the values would likely be incorrect in some cases.
There was a problem hiding this comment.
With the current implementation, if DNSConfig.Provider is left unset by the user, it will be given the default of "CloudProvided". "CloudProvided" represents how the cluster behaves today (without the custom DNS feature.) Afaik, this should work for UPI too. Are there some functionality/semantics issues that I am missing?
There was a problem hiding this comment.
I replaced "CloudProvided" with "Default" to indicate that that the right defaults for UPI or IPI are in use.
There was a problem hiding this comment.
Replaced "Default" with "".
config/v1/types_infrastructure.go
Outdated
| // DNSUserProvided indicates that the user provides the LB and DNS for API and API-Int. | ||
| DNSUserProvided DNSProviderType = "UserProvided" | ||
|
|
||
| // DNSClusterProvided indicates that the cluster provides the LB and DNS for API and API-Int. | ||
| DNSClusterProvided DNSProviderType = "ClusterProvided" |
There was a problem hiding this comment.
These values seem a little squishy to me. I am having trouble keeping track of all the discussions around this feature, so I'm not sure if these values have been gamed out.
My understanding of the intention here is that when the value is UserProvided that would indicate that we need to run CoreDNS. That to me has some cognitive dissonance.
For the sake of discussion, what about something along the lines of
CloudProvider - this is standard IPI, DNS is in the cloud provider
ClusterProvider - uses on-cluster baremetal dns provider (coredns)
UserProvider - cluster/ipi does not provide DNS, this would be for something like ROSA where they are running dnsmasq in pods
Do these values better capture the current/future use cases we are aware of?
There was a problem hiding this comment.
Because in a way, the cluster is taking care of DNS for both the CloudProvider and ClusterProvider cases. I have updated the values for Provider as UserProvided and CloudProvided. Comments have been updated accordingly.
I see the cluster's need to run the CoreDNS pod for Ingress as an implementation detail. Agree that there have been several discussions on this topic. The enhancement proposal reflects the current approach we are taking.
| // DNSConfigurationType contains information about API and API-Int Load Balancers | ||
| // and who is responsible for that configuration. | ||
| // +union | ||
| type DNSConfigurationType struct { |
There was a problem hiding this comment.
To enable external DNS, I think we are only concerned about using coreDNS to run ingress. Should that be taken into account for the shape of this API? Any concerns there?
There was a problem hiding this comment.
I think this comment was unclear. My concern is that this shape may give the impression that this is the DNS config for everything (API & Ingress) but I believe our current direction is that this will only treat ingress.
There was a problem hiding this comment.
The comment suggests you are looking at this config as "who provides DNS for Ingress?" Whereas, this API is currently designed to indicate "who provides DNS for the cluster?". I think the 2nd question is the most generic form of the question.
We need DNS for Ingress to be functional during cluster bringup so we have a CoreDNS pod that provides that during cluster bring up. When the cluster is up, we do want the user to update their DNS solution for the *.apps entry too. When all steps are completed, the customer's DNS solution resolves API, API-Int and Ingress.
The enhancement proposal openshift/enhancements#1400 talks about this in greater detail.
sadasu
changed the title
sadasu
force-pushed
the
custom-dns
branch
3 times, most recently
from
567239c to
d9303e4
Compare
openshift-merge-robot
added
the
needs-rebase
openshift-merge-robot
removed
the
needs-rebase
openshift-ci
bot
added
size/XL
openshift-ci
bot
added
size/L
When a customer configures their own DNS solution for API and API-Int in place of the default cloud provided DNS, the state of the DNS provider is added to the Infrastructure CR's AWSPlatformStatus. This feature is in TechPreview.
Update the MaxLength within the format package of gomega. This allows for the test suite to compare strings of size greater than 4000 which for required for the new tests added for the custom DNS feature.
Currently feature is in Tech preview
|
@JoelSpeed @patrickdillon could you please take another look? |
Our enhancement discussion has revealed a path that may very well make these changes unneeded, so we should probably resolve that before iterating much further. |
@patrickdillon is there a desire for having the cluster have specific knowledge about whether external DNS is in use? If yes, then we would need this. |
|
@sadasu: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
openshift-merge-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
This PR is no longer needed since the design for this epic has changed. |
When and AWS customer wishes to use their own DNS solution instead of Route53, they are expected to create the API and API-Int Load Balancers and use their LB names to configure their custom DNS prior to cluster installation. The customer created API and API-Int LB information is provided via install-config.
AWSPlatformStatus is updated with a special "provider" if the user does not want OpenShift to configure the default cloud DNS solution.
Enhancement Proposal : openshift/enhancements#1400