Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPBUGS-32058: docs - add example of private dns zone for Azure provider #217

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

OCPBUGS-32058: docs - add example of private dns zone for Azure provider #217

wants to merge 1 commit into from

Conversation

alebedev87
Copy link
Contributor

@alebedev87 alebedev87 commented Apr 11, 2024
edited
Loading

@openshift-bot openshift-bot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Apr 11, 2024
@openshift-bot
Copy link

@alebedev87: This pull request references Jira Issue OCPBUGS-32058, which is invalid:

  • expected the bug to target the "4.16.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Adds an example of the usage of the private dns zone for the Azure provider. Addresses #197.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@alebedev87
Copy link
Contributor Author

/jira refresh

@openshift-bot openshift-bot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Apr 11, 2024
@openshift-bot
Copy link

@alebedev87: This pull request references Jira Issue OCPBUGS-32058, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.16.0) matches configured target version for branch (4.16.0)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @melvinjoseph86

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Apr 11, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from alebedev87. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-bot
Copy link

@alebedev87: This pull request references Jira Issue OCPBUGS-32058, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.16.0) matches configured target version for branch (4.16.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @melvinjoseph86

In response to this:

Adds an example of the usage of the private dns zone for the Azure provider. Addresses #197.
Also, a mistake was found in az network dns record-set list command, the correct syntax isaz network dns record-set a list.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-bot
Copy link

@alebedev87: This pull request references Jira Issue OCPBUGS-32058, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.16.0) matches configured target version for branch (4.16.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @melvinjoseph86

In response to this:

  • Adds an example of the usage of the private dns zone for the Azure provider
  • Addresses Azure Private DNS handling #197
  • Mistake was found in az network dns record-set list command, the correct syntax isaz network dns record-set a list

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@alebedev87 alebedev87 force-pushed the azure-private-docs branch 4 times, most recently from 93050e1 to 2d60480 Compare April 17, 2024 07:31
@melvinjoseph86
Copy link 

melvinjoseph@mjoseph-mac Downloads % oc get clusterversion
NAME      VERSION                                                   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.16.0-0.ci.test-2024-04-17-071445-ci-ln-vgviiqb-latest   True        False         34m     Cluster version is 4.16.0-0.ci.test-2024-04-17-071445-ci-ln-vgviiqb-latest
melvinjoseph@mjoseph-mac Downloads % 
melvinjoseph@mjoseph-mac Downloads % 
melvinjoseph@mjoseph-mac Downloads % CLIENT_ID=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_client_id}} | base64 -d)
CLIENT_SECRET=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_client_secret}} | base64 -d)
RESOURCE_GROUP=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_resourcegroup}} | base64 -d)
SUBSCRIPTION_ID=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_subscription_id}} | base64 -d)
TENANT_ID=$(oc get secrets azure-credentials  -n kube-system  --template={{.data.azure_tenant_id}} | base64 -d)

melvinjoseph@mjoseph-mac Downloads % 
melvinjoseph@mjoseph-mac Downloads % az login --service-principal -u "${CLIENT_ID}" -p "${CLIENT_SECRET}" --tenant "${TENANT_ID}"
[
  {
    "cloudName": "AzureCloud",
    "homeTenantId": "6047c7e9-b2ad-488d-a54e-dc3f6be6a7ee",
    "id": "d38f1e38-4bed-438e-b227-833f997adf6a",
    "isDefault": true,
    "managedByTenants": [],
    "name": "OpenShift CI",
    "state": "Enabled",
    "tenantId": "6047c7e9-b2ad-488d-a54e-dc3f6be6a7ee",
    "user": {
      "name": "4f03bcab-7b63-4617-9641-0e2eeb9cc5eb",
      "type": "servicePrincipal"
    }
  },
  {
    "cloudName": "AzureCloud",
    "homeTenantId": "6047c7e9-b2ad-488d-a54e-dc3f6be6a7ee",
    "id": "72e3a972-58b0-4afc-bd4f-da89b39ccebd",
    "isDefault": false,
    "managedByTenants": [],
    "name": "OpenShift CI 2",
    "state": "Enabled",
    "tenantId": "6047c7e9-b2ad-488d-a54e-dc3f6be6a7ee",
    "user": {
      "name": "4f03bcab-7b63-4617-9641-0e2eeb9cc5eb",
      "type": "servicePrincipal"
    }
  }
]melvinjoseph@mjoseph-mac Downloads % ZONE_NAME=$(az network private-dns zone list -g "${RESOURCE_GROUP}" -o tsv --query '[].name')
melvinjoseph@mjoseph-mac Downloads % echo $ZONE_NAME
ci-ln-vgviiqb-1d09d.ci.azure.devcluster.openshift.com
melvinjoseph@mjoseph-mac Downloads % cat <<EOF | oc create -f -
apiVersion: externaldns.olm.openshift.io/v1beta1
kind: ExternalDNS
metadata:
  name: sample-azure-private
spec:
  zones:
  - "/subscriptions/${SUBSCRIPTION_ID}/resourceGroups/${RESOURCE_GROUP}/providers/Microsoft.Network/privateDnsZones/${ZONE_NAME}"
  provider:
    type: Azure
  source:
    type: OpenShiftRoute
    openshiftRouteOptions:
      routerName: default
EOF
externaldns.externaldns.olm.openshift.io/sample-azure-private created

melvinjoseph@mjoseph-mac Downloads % az network private-dns record-set list -g "${RESOURCE_GROUP}" -z "${ZONE_NAME}" | grep console
    "fqdn": "console-openshift-console.apps.ci-ln-vgviiqb-1d09d.ci.azure.devcluster.openshift.com.",
    "id": "/subscriptions/d38f1e38-4bed-438e-b227-833f997adf6a/resourceGroups/ci-ln-vgviiqb-1d09d-mzsj6-rg/providers/Microsoft.Network/privateDnsZones/ci-ln-vgviiqb-1d09d.ci.azure.devcluster.openshift.com/CNAME/console-openshift-console.apps",
    "name": "console-openshift-console.apps",
    "fqdn": "downloads-openshift-console.apps.ci-ln-vgviiqb-1d09d.ci.azure.devcluster.openshift.com.",
    "id": "/subscriptions/d38f1e38-4bed-438e-b227-833f997adf6a/resourceGroups/ci-ln-vgviiqb-1d09d-mzsj6-rg/providers/Microsoft.Network/privateDnsZones/ci-ln-vgviiqb-1d09d.ci.azure.devcluster.openshift.com/CNAME/downloads-openshift-console.apps",
    "name": "downloads-openshift-console.apps",
    "fqdn": "external-dns-cname-console-openshift-console.apps.ci-ln-vgviiqb-1d09d.ci.azure.devcluster.openshift.com.",
    "id": "/subscriptions/d38f1e38-4bed-438e-b227-833f997adf6a/resourceGroups/ci-ln-vgviiqb-1d09d-mzsj6-rg/providers/Microsoft.Network/privateDnsZones/ci-ln-vgviiqb-1d09d.ci.azure.devcluster.openshift.com/TXT/external-dns-cname-console-openshift-console.apps",
    "name": "external-dns-cname-console-openshift-console.apps",
          "\"heritage=external-dns,external-dns/owner=external-dns-sample-azure-private,external-dns/resource=route/openshift-console/console\""
    "fqdn": "external-dns-cname-downloads-openshift-console.apps.ci-ln-vgviiqb-1d09d.ci.azure.devcluster.openshift.com.",
    "id": "/subscriptions/d38f1e38-4bed-438e-b227-833f997adf6a/resourceGroups/ci-ln-vgviiqb-1d09d-mzsj6-rg/providers/Microsoft.Network/privateDnsZones/ci-ln-vgviiqb-1d09d.ci.azure.devcluster.openshift.com/TXT/external-dns-cname-downloads-openshift-console.apps",
    "name": "external-dns-cname-downloads-openshift-console.apps",
          "\"heritage=external-dns,external-dns/owner=external-dns-sample-azure-private,external-dns/resource=route/openshift-console/downloads\""
    "fqdn": "external-dns-console-openshift-console.apps.ci-ln-vgviiqb-1d09d.ci.azure.devcluster.openshift.com.",
    "id": "/subscriptions/d38f1e38-4bed-438e-b227-833f997adf6a/resourceGroups/ci-ln-vgviiqb-1d09d-mzsj6-rg/providers/Microsoft.Network/privateDnsZones/ci-ln-vgviiqb-1d09d.ci.azure.devcluster.openshift.com/TXT/external-dns-console-openshift-console.apps",
    "name": "external-dns-console-openshift-console.apps",
          "\"heritage=external-dns,external-dns/owner=external-dns-sample-azure-private,external-dns/resource=route/openshift-console/console\""
    "fqdn": "external-dns-downloads-openshift-console.apps.ci-ln-vgviiqb-1d09d.ci.azure.devcluster.openshift.com.",
    "id": "/subscriptions/d38f1e38-4bed-438e-b227-833f997adf6a/resourceGroups/ci-ln-vgviiqb-1d09d-mzsj6-rg/providers/Microsoft.Network/privateDnsZones/ci-ln-vgviiqb-1d09d.ci.azure.devcluster.openshift.com/TXT/external-dns-downloads-openshift-console.apps",
    "name": "external-dns-downloads-openshift-console.apps",
          "\"heritage=external-dns,external-dns/owner=external-dns-sample-azure-private,external-dns/resource=route/openshift-console/downloads\""
melvinjoseph@mjoseph-mac Downloads %

Hence marking as verified

@melvinjoseph86
Copy link

/label qe-approved

@openshift-ci openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label Apr 17, 2024
@openshift-ci-robot
Copy link

@alebedev87: This pull request references Jira Issue OCPBUGS-32058, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.16.0) matches configured target version for branch (4.16.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @melvinjoseph86

In response to this:

  • Adds an example of the usage of the private dns zone for the Azure provider
  • Addresses Azure Private DNS handling #197
  • Mistake was found in az network dns record-set list command, the correct syntax isaz network dns record-set a list

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@candita
Copy link

candita commented Apr 17, 2024

/assign

@openshift-bot
Copy link

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 17, 2024
@candita
Copy link

candita commented Jul 17, 2024

/lifecycle frozen

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jul 17, 2024

@candita: The lifecycle/frozen label cannot be applied to Pull Requests.

In response to this:

/lifecycle frozen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

candita
candita reviewed Jul 17, 2024
View reviewed changes
docs/azure-openshift.md Outdated
@@ -37,10 +37,15 @@ openshift-console downloads downloads-openshift-console.apps.

6. Get the list of dns zones w.r.t your resource group to find the one which corresponds to the previously found route’s domain:
```bash
$ az network dns zone list --resource-group "${RESOURCE_GROUP}"
$ ZONE_NAME=$(az network dns zone list -g "${RESOURCE_GROUP}" -o tsv --query '[0].name')
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a guarantee that there is one and only one dns zone?

Copy link
Contributor Author

@alebedev87 alebedev87 Sep 3, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, there can be many zones. The previous version of the command was a better suit. I just wanted to set a ZONE_NAME environment variable to use it down the doc. Let me update the command to make sure only one zone is selected:

$ az network dns zone list -g "${RESOURCE_GROUP}" -o tsv --query '[].name'
example.com
anotherdomain.net
test-azure.qe.azure.devcluster.openshift.com

$ ZONE_NAME="test-azure.qe.azure.devcluster.openshift.com"

candita
candita reviewed Jul 17, 2024
View reviewed changes
docs/azure-openshift.md
8. Check the records created for `console` routes:
8. Check the records created for the routes:
```bash
$ az network dns record-set list -g "${RESOURCE_GROUP}" -z "${ZONE_NAME}" | grep console
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To match the removal of "console" from the instructions?

Suggested change
$ az network dns record-set list -g "${RESOURCE_GROUP}" -z "${ZONE_NAME}" | grep console
$ az network dns record-set list -g "${RESOURCE_GROUP}" -z "${ZONE_NAME}"

Copy link
Contributor Author

@alebedev87 alebedev87 Sep 3, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure I understood which "removal" you were referring to.

az network dns record-set list -g "${RESOURCE_GROUP}" -z "${ZONE_NAME}" command is supposed to list all DNS records of a given zone. ExternalDNS (the way it's configured in this doc) will try to create A and TXT records for any route of the cluster which may be a lot. That's why I though that filtering by console pattern using grep could simplify the output.

candita
candita reviewed Jul 17, 2024
View reviewed changes
docs/azure-openshift.md
```bash
$ az network dns record-set list -g "${RESOURCE_GROUP}" -z test-azure.qe.azure.devcluster.openshift.com | grep console
$ az network private-dns record-set list -g "${RESOURCE_GROUP}" -z "${ZONE_NAME}" | grep console
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
$ az network private-dns record-set list -g "${RESOURCE_GROUP}" -z "${ZONE_NAME}" | grep console
$ az network private-dns record-set list -g "${RESOURCE_GROUP}" -z "${ZONE_NAME}"

@candita
Copy link

candita commented Jul 17, 2024

@alebedev87 in the description you mention a mistake that was found, but that command still exists with the old syntax:

Mistake was found in az network dns record-set list command, the correct syntax isaz network dns record-set a list

Otherwise, just some minor clarifications needed.

@alebedev87
Copy link
Contributor Author

/remove-lifecycle stale

@openshift-ci openshift-ci bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 12, 2024
@openshift-ci-robot
Copy link

@alebedev87: This pull request references Jira Issue OCPBUGS-32058, which is invalid:

  • expected the bug to target either version "4.18." or "openshift-4.18.", but it targets "4.16.z" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Retaining the jira/valid-bug label as it was manually added.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@alebedev87
Copy link
Contributor Author

alebedev87 commented Sep 3, 2024
edited
Loading

@candita:

in the description you mention a mistake that was found, but that command still exists with the old syntax:

Mistake was found in az network dns record-set list command, the correct syntax isaz network dns record-set a list

As a matter of fact az network dns record-set list is a valid command which lists DNS records of all types. Initially I thought the doc wanted to list only A records (az network dns record-set a list) but then I realized that the intent was to list TXT records too. So, I left the command the way it was and removed this line from the PR description.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Sep 3, 2024

@alebedev87: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@candita candita candita left review comments

@melvinjoseph86 melvinjoseph86 Awaiting requested review from melvinjoseph86

@knobunc knobunc Awaiting requested review from knobunc

@rfredette rfredette Awaiting requested review from rfredette

Assignees

@candita candita

Labels
jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. qe-approved Signifies that QE has signed off on this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@alebedev87 @openshift-bot @melvinjoseph86 @openshift-ci-robot @candita