CRD source based on getting endpoints from CRD

[shashidharatd]

This pr will allow one to define a CRD with embedded DNS records (in the form of Endpoints) and then make external-dns to monitor that CRD for Endpoints and rest of the usual magic of programming DNS server continues.

Ref: #555

Here is how to use it.

$ build/external-dns --source crd --crd-source-apiversion multiclusterdns.federation.k8s.io/v1alpha1 --crd-source-kind DNSEndpoint --provider inmemory --once --dry-run
INFO[0000] config: {Master: KubeConfig: Sources:[crd] Namespace: AnnotationFilter: FQDNTemplate: CombineFQDNAndAnnotation:false Compatibility: PublishInternal:false PublishHostIP:false ConnectorSourceServer:localhost:8080 Provider:inmemory GoogleProject: DomainFilter:[] ZoneIDFilter:[] AWSZoneType: AWSAssumeRole: AWSMaxChangeCount:4000 AWSEvaluateTargetHealth:true AzureConfigFile:/etc/kubernetes/azure.json AzureResourceGroup: CloudflareProxied:false InfobloxGridHost: InfobloxWapiPort:443 InfobloxWapiUsername:admin InfobloxWapiPassword: InfobloxWapiVersion:2.3.1 InfobloxSSLVerify:true DynCustomerName: DynUsername: DynPassword: DynMinTTLSeconds:0 OCIConfigFile:/etc/kubernetes/oci.yaml InMemoryZones:[] PDNSServer:http://localhost:8081 PDNSAPIKey: PDNSTLSEnabled:false TLSCA: TLSClientCert: TLSClientCertKey: Policy:sync Registry:txt TXTOwnerID:default TXTPrefix: Interval:1m0s Once:true DryRun:true LogFormat:text MetricsAddress::7979 LogLevel:info TXTCacheInterval:0s ExoscaleEndpoint:https://api.exoscale.ch/dns ExoscaleAPIKey: ExoscaleAPISecret: CRDSourceAPIVersion:multiclusterdns.federation.k8s.io/v1alpha1 CRDSourceKind:DNSEndpoint} 
INFO[0000] running in dry-run mode. No changes to DNS records will be made. 
INFO[0000] Connected to cluster at https://192.168.99.100:8443 
INFO[0000] CREATE: fs1.default.galactic.svc.dzone.io 180 IN A 192.168.99.216 
INFO[0000] CREATE: fs1.default.galactic.svc.us.dzone.io 180 IN A 192.168.99.216 
INFO[0000] CREATE: fs1.default.galactic.svc.us1.us.dzone.io 180 IN A 192.168.99.216 
INFO[0000] CREATE: fs1.default.galactic.svc.dzone.io 0 IN TXT "heritage=external-dns,external-dns/owner=default" 
INFO[0000] CREATE: fs1.default.galactic.svc.us.dzone.io 0 IN TXT "heritage=external-dns,external-dns/owner=default" 
INFO[0000] CREATE: fs1.default.galactic.svc.us1.us.dzone.io 0 IN TXT "heritage=external-dns,external-dns/owner=default"

/cc @linki @mtsr @pmorie @irfanurrehman

p.s: This pr includes 2 commits from relatively independent pr #655

[k8s-ci-robot]

@shashidharatd: GitHub didn't allow me to request PR reviews from the following users: mtsr, irfanurrehman.

Note that only kubernetes-incubator members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

This pr will allow one to define a CRD with embedded DNS records (in the form of Endpoints) and then make external-dns to monitor that CRD for Endpoints and rest of the usual magic of programming DNS server continues.

Ref: #555

Here is how to use it.

$ build/external-dns --source generic --generic-source-crd-apiversion multiclusterdns.federation.k8s.io/v1alpha1 --generic-source-crd-kind DNSEndpoint --provider inmemory --once --dry-run
INFO[0000] config: {Master: KubeConfig: Sources:[generic] Namespace: AnnotationFilter: FQDNTemplate: CombineFQDNAndAnnotation:false Compatibility: PublishInternal:false PublishHostIP:false ConnectorSourceServer:localhost:8080 Provider:inmemory GoogleProject: DomainFilter:[] ZoneIDFilter:[] AWSZoneType: AWSAssumeRole: AWSMaxChangeCount:4000 AWSEvaluateTargetHealth:true AzureConfigFile:/etc/kubernetes/azure.json AzureResourceGroup: CloudflareProxied:false InfobloxGridHost: InfobloxWapiPort:443 InfobloxWapiUsername:admin InfobloxWapiPassword: InfobloxWapiVersion:2.3.1 InfobloxSSLVerify:true DynCustomerName: DynUsername: DynPassword: DynMinTTLSeconds:0 OCIConfigFile:/etc/kubernetes/oci.yaml InMemoryZones:[] PDNSServer:http://localhost:8081 PDNSAPIKey: PDNSTLSEnabled:false TLSCA: TLSClientCert: TLSClientCertKey: Policy:sync Registry:txt TXTOwnerID:default TXTPrefix: Interval:1m0s Once:true DryRun:true LogFormat:text MetricsAddress::7979 LogLevel:info TXTCacheInterval:0s ExoscaleEndpoint:https://api.exoscale.ch/dns ExoscaleAPIKey: ExoscaleAPISecret: GenericSourceCRDApiVer:multiclusterdns.federation.k8s.io/v1alpha1 GenericSourceCRDKind:DNSEndpoint} 
INFO[0000] running in dry-run mode. No changes to DNS records will be made. 
INFO[0000] Connected to cluster at https://192.168.99.100:8443 
INFO[0000] CREATE: fs1.default.galactic.svc.dzone.io 180 IN A 192.168.99.216 
INFO[0000] CREATE: fs1.default.galactic.svc.us.dzone.io 180 IN A 192.168.99.216 
INFO[0000] CREATE: fs1.default.galactic.svc.us1.us.dzone.io 180 IN A 192.168.99.216 
INFO[0000] CREATE: fs1.default.galactic.svc.dzone.io 0 IN TXT "heritage=external-dns,external-dns/owner=default" 
INFO[0000] CREATE: fs1.default.galactic.svc.us.dzone.io 0 IN TXT "heritage=external-dns,external-dns/owner=default" 
INFO[0000] CREATE: fs1.default.galactic.svc.us1.us.dzone.io 0 IN TXT "heritage=external-dns,external-dns/owner=default"

/cc @linki @mtsr @pmorie @irfanurrehman

p.s: This pr includes 2 commits from relatively independent pr #655

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[shashidharatd]

/cc @njuettner, PTAL. Thanks !

[pmorie]

Very interesting change, left a few comments.

[pmorie]

I wonder if crd is a better name here than generic, but I'll leave that question to folks who have more review history than my basically zero in this repo :)

[shashidharatd]

agree, crd source seems better.

[pmorie]

It might be helpful to have an example in the flag description like test.k8s.io/v1alpha1 as you have used in the test.

[pmorie]

Suggest also capitalizing API and CRD.

[shashidharatd]

ok, would update.

[pmorie]

Suggestion, make the description here: Kind of the CRD for the generic source in API group and version specified by generic-source-crd-apiversion

[shashidharatd]

will update.

[pmorie]

Is this the same as using the in-cluster config?

[shashidharatd]

yes, it is almost the same. if user has not set the kubeconfig path explicitly, it would look into standard path $HOME/.kube/config and if that is also not present then uses in-cluster config. I just reused the logic already done by external-dns in here https://github.com/kubernetes-incubator/external-dns/blob/master/source/store.go#L111

[pmorie]

Question: should we have part of the contract between such a CRD and external-dns that external-dns maintains status? We should have observedGeneration here.

[shashidharatd]

This is a good question, and mostly raises another off topic question about optimisation for all the sources in general. currently, all the sources does not seem to be using informer pattern. they just do List the object types from the kube client. It is so because the design of external-dns needs all the objects (providing Endpoint) to feed the planner, which then calculates what changes need to be done in DNS provider.

Coming to this source in particular, it also uses the List operation to get all the CRD objects for now. we could in future write an informer and do a watch, which would give us a local cache of these objects. In that scenario, having such a contract would may be meaningful. Also observedGeneration in status field makes sense for a single CRD object, but here we are dealing with list of such objects, and i am unsure how meaningful that is to maintain it.

[pmorie]

Well - the a single instance of this resource is itself a list. I think observedGeneration makes sense as a status field. Otherwise, how do you know - as the controller or the user - that the controller has 'seen' a particular generation of the resource?

[shashidharatd]

@pmorie, currently there is nothing in status, so observedGeneration does not make sense for such an object. It would be unnecessary complexity. wdyt?

[shashidharatd]

@pmorie, now i have added the ObservedGeneration field in the Status according to the discussion. PTAL.

[njuettner]

No need to specify the content-type by default it's "application/json"

[shashidharatd]

Fixed.

[njuettner]

why not using ...{CodeFactory: scheme.Codecs} directly?

[shashidharatd]

i did not find scheme.Codecs in the latest vendored code. Am i missing something.

[njuettner]

Can we somehow make this nicer?

[shashidharatd]

Updated. however not sure what exactly you meant :)

[njuettner]

what do you think of externaldns.k8s.io/v1alpha as APIVersion and DNSEndpoint as Kind for default settings?

[shashidharatd]

Agree. Done

[njuettner]

dns.k8s.io/v1alpha1 -> externaldns.k8s.io/v1alpha1

[shashidharatd]

Done

[njuettner]

There's currently a PR #650 which includes a ProviderSpecific field to set provider specific settings for endpoints.

Could you add it additionally?

[shashidharatd]

Included.

[njuettner]

Please add some documentation how to use it. This would be really helpful for customers, which like to use CRD.

[shashidharatd]

@njuettner, Thanks for your comments. have tried addressing them. Also have added documentation on how to use CRD source. PTAL once again.
Request @pmorie to take a look too. Thanks !

[njuettner]

@shashidharatd thank you for adding the documentation.

some notes from my side:

• CRD manifest can be also applied manually or for what do I have ? If so can you add it in the documentation, like an example crd.yaml
• An example how an object would look like, if I would create via kubectl apply -f dns-example.yaml

[shashidharatd]

@njuettner, have added the crd manifest and an example. ptal. Thanks !

[njuettner]

👍 for the hard work, thank you! From my point of view it looks good.

I would appreciate if @linki or @ideahitme could have a look again 🙂.

[shashidharatd]

Thanks @njuettner, @linki / @ideahitme ptal

[pmorie]

A couple notes and one question - am I missing something obvious?

[pmorie]

s/the user/a user/

[shashidharatd]

Fixed.

[pmorie]

filling

[shashidharatd]

Fixed.

[pmorie]

You should link to the example here so people know that there's an example the rest of this file is in terms of.

[shashidharatd]

Added.

[pmorie]

It's worth considering whether this should be a list of key-value pairs. Maps are supposed to be avoided per the API conventions: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#lists-of-named-subobjects-preferred-over-maps

[pmorie]

I think list of k-v pairs might be better because this is a contract many different types will have to implement.

[shashidharatd]

This field is added by the ongoing pr #650. Its optional for the feature in this pr to work.
I would post the same comments in that pr. In this pr i have just added json tag for it.

[pmorie]

👍

[pmorie]

I would suggest something like:

// DNSEndpoint is a contract that a user-specified CRD must implement to be used as a source for external-dns.

[pmorie]

I would also call out that the user-specified CRD must have the status subresource.

[shashidharatd]

Updated.

[pmorie]

We should update the observed generation as we do work - it's not clear to me where this method is used. Am I missing something?

[shashidharatd]

Endpoints() is the interface method for Source. The controller calls the Source's Endpoint method and proceeds onto making necessary changes to DNS records in Provider. Source is a interface with just this Endpoints() method.

[shashidharatd]

@pmorie, have tried addressing your comments. ptal, Thanks !

[shashidharatd]

Fixed.

[shashidharatd]

Added.

[shashidharatd]

Fixed.

[shashidharatd]

This field is added by the ongoing pr #650. Its optional for the feature in this pr to work.
I would post the same comments in that pr. In this pr i have just added json tag for it.

[shashidharatd]

Updated.

[shashidharatd]

Endpoints() is the interface method for Source. The controller calls the Source's Endpoint method and proceeds onto making necessary changes to DNS records in Provider. Source is a interface with just this Endpoints() method.

[pmorie]

My feedbacks have been addressed, thanks @shashidharatd

[pmorie]

@linki @ideahitme We're very interested in getting this merged to use external-dns with federation-v2 - does either of you (or another maintainer) have bandwidth to review this PR?

[njuettner]

I think let's merge it now. This seems to be fine and was already reviewed a lot. Thanks again @shashidharatd and @pmorie 👍

[shashidharatd]

Thanks @njuettner

[2rs2ts]

Is it possible to make latency-based route53 record sets with this feature?

[linki]

Is it possible to make latency-based route53 record sets with this feature?

@shashidharatd do you know?

[shashidharatd]

Is it possible to make latency-based route53 record sets with this feature?

Honestly, i have no idea. But the Endpoint definition is quite generic, if you can fit in the definition of latency-based route53 record sets inside the Endpoint, then pretty much you can make it.