feat: DNSProvider secret ref in DNSPolicy

Removes the requirement for a ManagedZone to be configured for a host in
order for the DNSPolicy to create dns records for it.

Make DNSRecord.zoneID optional Set specific allowed values for
providerRef.Kind
Allow a providerRef.Kind of ManagedZone that looks up zones from
Managedzones in the current ns (Current behaviour) and loads dns client
through the managed zone providerRef.  Add logic around zoneAssignment
in dnsPolicy, some providerRef.kinds will result in zoneAssignment being
false which indicates that a zone is not going to be looked up or
assigned to any created DNSRecords. A DNSRecord will be created for all
listeners in this case.

Created a v1alpha2 API for DNSPolicy, ManagedZone and DNSRecord.
v1alpha1 versions are removed and no longer supported.

E2E Test Updates

* DO NOT MERGE Add 406_dnspolicy_provider_ref branch for testing
* Add e2e test for dnspolicy focused on istio gateways and providers
* Add suite id and generate a testDomainName to use for all tests in
  that instance of the suite (Avoids thigns like wildcard hosts being
created that coudl affect all instances of a suite running in teh same
hosted zone)
* Removed all references to managed zones as input to the e2e test
  suite. Env vars required now are TEST_DNS_ZONE_DOMAIN_NAME,
TEST_DNS_ZONE_ID and TEST_DNS_PROVIDER_SECRET_NAME.

ManagedZone updates

* Make description optional
* fix managedZoneListToZoneList - use range index
* Make ID and description pointers
* Remove hostedzone prefix from AWS hosted zones
* Use status id in managedZoneListToZoneList

.github/workflows/ci-e2e.yaml

@@ -5,6 +5,7 @@ on:
     branches:
       - main
       - "release-*"
+      - 406_dnspolicy_provider_ref
     tags:
       - "v[0-9]+.[0-9]+.[0-9]+"
     paths-ignore:
@@ -43,24 +44,6 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           go-version: "1.21.x"
-      - name: Create controller-config.env
-        run: |
-          echo "AWS_DNS_PUBLIC_ZONE_ID=${{ secrets.E2E_AWS_DNS_PUBLIC_ZONE_ID }}" >> controller-config.env
-          echo "ZONE_ROOT_DOMAIN=${{ secrets.E2E_AWS_DNS_PUBLIC_ZONE_NAME }}" >> controller-config.env
-          echo "ZONE_NAME=${{ secrets.E2E_GCP_ZONE_NAME }}" >> controller-config.env 
-          echo "ZONE_DNS_NAME=${{ secrets.E2E_GCP_ZONE_DNS_NAME }}" >> controller-config.env
-
-      - name: Create aws-credentials.env
-        run: |
-          echo "AWS_ACCESS_KEY_ID=${{ secrets.E2E_AWS_ACCESS_KEY_ID }}" >> aws-credentials.env
-          echo "AWS_SECRET_ACCESS_KEY=${{ secrets.E2E_AWS_SECRET_ACCESS_KEY }}" >> aws-credentials.env
-          echo "AWS_REGION=${{ env.AWS_REGION }}" >> aws-credentials.env
-      - name: Create gcp-credentials.env
-        run: |
-          secret="${{ secrets.E2E_GOOGLE }}"
-          decoded=$(echo "$secret" | base64 --decode )
-          echo "GOOGLE=$decoded" >> gcp-credentials.env
-          echo "PROJECT_ID=${{ secrets.E2E_PROJECT_ID }}" >> gcp-credentials.env   
       - name: Setup environment
         run: |
           export OCM_SINGLE=1
@@ -74,31 +57,42 @@ jobs:
           kubectl --context kind-mgc-control-plane -n multicluster-gateway-controller-system wait --timeout=300s --for=condition=Available deployment/mgc-policy-controller
           kubectl --context kind-mgc-control-plane logs --all-containers --ignore-errors deployment/mgc-controller-manager -n multicluster-gateway-controller-system
           kubectl --context kind-mgc-control-plane logs --all-containers --ignore-errors deployment/mgc-policy-controller -n multicluster-gateway-controller-system
-          kubectl get managedzones -n multi-cluster-gateways mgc-dev-mz-aws -o yaml
-          kubectl --context kind-mgc-control-plane -n multi-cluster-gateways wait --timeout=60s --for=condition=Ready managedzone/mgc-dev-mz-aws
-          kubectl get managedzones -n multi-cluster-gateways mgc-dev-mz-gcp -o yaml
-          kubectl --context kind-mgc-control-plane -n multi-cluster-gateways wait --timeout=60s --for=condition=Ready managedzone/mgc-dev-mz-gcp
+      - name: Create AWS provider secret
+        run: |
+          echo "{\"zoneIDFilter\": [], \"domainFilter\": [\"e2e.hcpapps.net\"]}" > e2e-test-aws-provider-config.json
+          kubectl create secret generic e2e-test-aws-credentials -n multi-cluster-gateways \
+            --type=kuadrant.io/aws \
+            --from-literal=AWS_ACCESS_KEY_ID=${{ secrets.E2E_AWS_ACCESS_KEY_ID }} \
+            --from-literal=AWS_SECRET_ACCESS_KEY=${{ secrets.E2E_AWS_SECRET_ACCESS_KEY }} \
+            --from-file=CONFIG=e2e-test-aws-provider-config.json
+      - name: Create GCP provider secret
+        run: |
+          secret="${{ secrets.E2E_GOOGLE }}"
+          decoded=$(echo "$secret" | base64 --decode )
+          echo "$decoded" >> gcp_credentials.json
+          echo "{\"zoneIDFilter\": [], \"domainFilter\": [\"e2e.google.hcpapps.net\"]}" > e2e-test-gcp-provider-config.json
+          kubectl create secret generic e2e-test-gcp-credentials -n multi-cluster-gateways \
+            --type=kuadrant.io/gcp \
+            --from-literal=PROJECT_ID=${{ secrets.E2E_PROJECT_ID }} \
+            --from-file=GOOGLE=gcp_credentials.json \
+            --from-file=CONFIG=e2e-test-gcp-provider-config.json
       - name: Run suite AWS
         run: |
           export OCM_SINGLE=1
           export TEST_HUB_NAMESPACE=multi-cluster-gateways
           export TEST_HUB_KUBE_CONTEXT=kind-mgc-control-plane
-          export TEST_DNS_PROVIDER_SECRET_NAME=mgc-aws-credentials
+          export TEST_DNS_PROVIDER_SECRET_NAME=e2e-test-aws-credentials
           export TEST_DNS_ZONE_DOMAIN_NAME=e2e.hcpapps.net
           export TEST_DNS_ZONE_ID=Z086929132US3PB46EOLR
-          export TEST_MANAGED_ZONE=${{ secrets.E2E_AWS_DNS_PUBLIC_ZONE_NAME }}
-          export TEST_MANAGED_ZONE_NAME=mgc-dev-mz-aws
           make test-e2e
       - name: Run suite GCP
         run: |
           export OCM_SINGLE=1
           export TEST_HUB_NAMESPACE=multi-cluster-gateways
           export TEST_HUB_KUBE_CONTEXT=kind-mgc-control-plane
-          export TEST_DNS_PROVIDER_SECRET_NAME=mgc-gcp-credentials
+          export TEST_DNS_PROVIDER_SECRET_NAME=e2e-test-gcp-credentials
           export TEST_DNS_ZONE_DOMAIN_NAME=e2e.google.hcpapps.net
           export TEST_DNS_ZONE_ID=e2e-google-hcpapps-net
-          export TEST_MANAGED_ZONE=${{ secrets.E2E_GCP_ZONE_DNS_NAME }}
-          export TEST_MANAGED_ZONE_NAME=mgc-dev-mz-gcp
           make test-e2e
       - name: Dump Gateway Controller logs
         if: ${{ failure() }}

bundle/manifests/kuadrant.io_dnspolicies.yaml

@@ -21,7 +21,7 @@ spec:
       jsonPath: .status.conditions[?(@.type=="Ready")].status
       name: Ready
       type: string
-    name: v1alpha1
+    name: v1alpha2
     schema:
       openAPIV3Schema:
         description: DNSPolicy is the Schema for the dnspolicies API
@@ -156,6 +156,20 @@ spec:
                         type: integer
                     type: object
                 type: object
+              providerRef:
+                properties:
+                  kind:
+                    enum:
+                    - None
+                    - Secret
+                    - ManagedZone
+                    type: string
+                  name:
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
               routingStrategy:
                 default: loadbalanced
                 enum:
@@ -201,6 +215,7 @@ spec:
                 - name
                 type: object
             required:
+            - providerRef
             - routingStrategy
             - targetRef
             type: object

bundle/manifests/kuadrant.io_dnsrecords.yaml

@@ -19,7 +19,7 @@ spec:
       jsonPath: .status.conditions[?(@.type=="Ready")].status
       name: Ready
       type: string
-    name: v1alpha1
+    name: v1alpha2
     schema:
       openAPIV3Schema:
         description: DNSRecord is the Schema for the dnsrecords API
@@ -85,15 +85,24 @@ spec:
                   type: object
                 minItems: 1
                 type: array
-              managedZone:
-                description: ManagedZoneReference holds a reference to a ManagedZone
+              providerRef:
                 properties:
+                  kind:
+                    enum:
+                    - None
+                    - Secret
+                    - ManagedZone
+                    type: string
                   name:
-                    description: '`name` is the name of the managed zone. Required'
                     type: string
                 required:
+                - kind
                 - name
                 type: object
+              zoneID:
+                type: string
+            required:
+            - providerRef
             type: object
           status:
             description: DNSRecordStatus defines the observed state of DNSRecord

bundle/manifests/kuadrant.io_managedzones.yaml

@@ -35,7 +35,7 @@ spec:
       jsonPath: .status.conditions[?(@.type=="Ready")].status
       name: Ready
       type: string
-    name: v1alpha1
+    name: v1alpha2
     schema:
       openAPIV3Schema:
         description: ManagedZone is the Schema for the managedzones API
@@ -58,13 +58,6 @@ spec:
               description:
                 description: Description for this ManagedZone
                 type: string
-              dnsProviderSecretRef:
-                properties:
-                  name:
-                    type: string
-                required:
-                - name
-                type: object
               domainName:
                 description: Domain name of this ManagedZone
                 pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$
@@ -82,10 +75,23 @@ spec:
                 required:
                 - name
                 type: object
+              providerRef:
+                properties:
+                  kind:
+                    enum:
+                    - None
+                    - Secret
+                    - ManagedZone
+                    type: string
+                  name:
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
             required:
-            - description
-            - dnsProviderSecretRef
             - domainName
+            - providerRef
             type: object
           status:
             description: ManagedZoneStatus defines the observed state of a Zone

bundle/manifests/multicluster-gateway-controller.clusterserviceversion.yaml

@@ -4,7 +4,7 @@ metadata:
   annotations:
     alm-examples: '[]'
     capabilities: Basic Install
-    createdAt: "2023-12-21T13:08:31Z"
+    createdAt: "2023-12-04T11:02:57Z"
     operators.operatorframework.io/builder: operator-sdk-v1.28.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
   name: multicluster-gateway-controller.v0.0.0
@@ -18,15 +18,13 @@ spec:
       version: v1alpha1
     - kind: DNSPolicy
       name: dnspolicies.kuadrant.io
-      version: v1alpha1
+      version: v1alpha2
     - kind: DNSRecord
       name: dnsrecords.kuadrant.io
-      version: v1alpha1
-    - description: ManagedZone is the Schema for the managedzones API
-      displayName: Managed Zone
-      kind: ManagedZone
+      version: v1alpha2
+    - kind: ManagedZone
       name: managedzones.kuadrant.io
-      version: v1alpha1
+      version: v1alpha2
     - kind: TLSPolicy
       name: tlspolicies.kuadrant.io
       version: v1alpha1

cmd/policy_controller/main.go

@@ -38,6 +38,7 @@ import (
 	"github.com/kuadrant/kuadrant-operator/pkg/reconcilers"
 
 	"github.com/Kuadrant/multicluster-gateway-controller/pkg/apis/v1alpha1"
+	"github.com/Kuadrant/multicluster-gateway-controller/pkg/apis/v1alpha2"
 	"github.com/Kuadrant/multicluster-gateway-controller/pkg/controllers/dnshealthcheckprobe"
 	"github.com/Kuadrant/multicluster-gateway-controller/pkg/controllers/dnspolicy"
 	"github.com/Kuadrant/multicluster-gateway-controller/pkg/controllers/dnsrecord"
@@ -55,6 +56,7 @@ func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme.Scheme))
 	utilruntime.Must(gatewayapiv1.AddToScheme(scheme.Scheme))
 	utilruntime.Must(v1alpha1.AddToScheme(scheme.Scheme))
+	utilruntime.Must(v1alpha2.AddToScheme(scheme.Scheme))
 	utilruntime.Must(certmanv1.AddToScheme(scheme.Scheme))
 	//this is need for now but will be removed soon
 	utilruntime.Must(clusterv1.AddToScheme(scheme.Scheme))

config/local-setup/controller/aws/managed_zone.yaml

@@ -1,10 +1,10 @@
-apiVersion: kuadrant.io/v1alpha1
+apiVersion: kuadrant.io/v1alpha2
 kind: ManagedZone
 metadata:
   name: dev-mz-aws
 spec:
   id: DUMMY_ID
   domainName: DUMMY_DOMAIN_NAME
   description: "Dev Managed Zone"
-  dnsProviderSecretRef:
+  providerRef:
     name: mgc-aws-credentials

config/local-setup/controller/gcp/managed_zone.yaml

@@ -1,10 +1,10 @@
-apiVersion: kuadrant.io/v1alpha1
+apiVersion: kuadrant.io/v1alpha2
 kind: ManagedZone
 metadata:
   name: dev-mz-gcp
 spec:
   id: DUMMY_ID
   domainName: DUMMY_DOMAIN_NAME
   description: "Dev Managed Zone"
-  dnsProviderSecretRef:
+  providerRef:
     name: mgc-gcp-credentials

config/policy-controller/crd/bases/kuadrant.io_dnspolicies.yaml

@@ -20,7 +20,7 @@ spec:
       jsonPath: .status.conditions[?(@.type=="Ready")].status
       name: Ready
       type: string
-    name: v1alpha1
+    name: v1alpha2
     schema:
       openAPIV3Schema:
         description: DNSPolicy is the Schema for the dnspolicies API
@@ -155,6 +155,20 @@ spec:
                         type: integer
                     type: object
                 type: object
+              providerRef:
+                properties:
+                  kind:
+                    enum:
+                    - None
+                    - Secret
+                    - ManagedZone
+                    type: string
+                  name:
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
               routingStrategy:
                 default: loadbalanced
                 enum:
@@ -200,6 +214,7 @@ spec:
                 - name
                 type: object
             required:
+            - providerRef
             - routingStrategy
             - targetRef
             type: object

config/policy-controller/crd/bases/kuadrant.io_dnsrecords.yaml

@@ -20,7 +20,7 @@ spec:
       jsonPath: .status.conditions[?(@.type=="Ready")].status
       name: Ready
       type: string
-    name: v1alpha1
+    name: v1alpha2
     schema:
       openAPIV3Schema:
         description: DNSRecord is the Schema for the dnsrecords API
@@ -86,15 +86,24 @@ spec:
                   type: object
                 minItems: 1
                 type: array
-              managedZone:
-                description: ManagedZoneReference holds a reference to a ManagedZone
+              providerRef:
                 properties:
+                  kind:
+                    enum:
+                    - None
+                    - Secret
+                    - ManagedZone
+                    type: string
                   name:
-                    description: '`name` is the name of the managed zone. Required'
                     type: string
                 required:
+                - kind
                 - name
                 type: object
+              zoneID:
+                type: string
+            required:
+            - providerRef
             type: object
           status:
             description: DNSRecordStatus defines the observed state of DNSRecord