dns: introduce CRD DNS architecture and DNS status reporting

* Introduce s dnsrecord.ingress.operator.openshift.io resource type to represent DNS records in a Kube-native API. * Refactor ingress controller to manage dnsrecords rather than inferring DNS record requirements indirectly through services. * Teach the ingresscontroller status computer about dnsrecords so DNS management status can surface through all operator CRDs in a way consistent with other resources (e.g. services). * Introduce a DNS controller which syncs dnsrecords with the cluster's configured DNS zones, reporting status on the dnsrecord.
openshift · Jun 14, 2019 · 6d76a99 · 6d76a99
1 parent 4fd063d
commit 6d76a99
Show file tree

Hide file tree

Showing 27 changed files with 1,559 additions and 644 deletions.
diff --git a/Makefile b/Makefile
@@ -22,6 +22,7 @@ buildconfig:
 cluster-build:
 	hack/start-build.sh
 
+# TODO: Add deepcopy generation script/target
 .PHONY: generate
 generate: bindata crd
 
@@ -53,7 +54,7 @@ release-local:
 
 .PHONY: test-e2e
 test-e2e:
-	KUBERNETES_CONFIG="$(KUBECONFIG)" WATCH_NAMESPACE=openshift-ingress-operator $(GO) test -count 1 -v -tags e2e -run "$(TEST)" ./...
+	$(GO) test -count 1 -v -tags e2e -run "$(TEST)" ./...
 
 .PHONY: clean
 clean:

diff --git a/cmd/ingress-operator/main.go b/cmd/ingress-operator/main.go
@@ -11,6 +11,7 @@ import (
 	awsdns "github.com/openshift/cluster-ingress-operator/pkg/dns/aws"
 	azuredns "github.com/openshift/cluster-ingress-operator/pkg/dns/azure"
 	logf "github.com/openshift/cluster-ingress-operator/pkg/log"
+	"github.com/openshift/cluster-ingress-operator/pkg/manifests"
 	"github.com/openshift/cluster-ingress-operator/pkg/operator"
 	operatorclient "github.com/openshift/cluster-ingress-operator/pkg/operator/client"
 	operatorconfig "github.com/openshift/cluster-ingress-operator/pkg/operator/config"
@@ -55,7 +56,7 @@ func main() {
 	// Collect operator configuration.
 	operatorNamespace := os.Getenv("WATCH_NAMESPACE")
 	if len(operatorNamespace) == 0 {
-		operatorNamespace = "openshift-ingress-operator"
+		operatorNamespace = manifests.DefaultOperatorNamespace
 	}
 	log.Info("using operator namespace", "namespace", operatorNamespace)
 
@@ -106,14 +107,14 @@ func main() {
 	}
 
 	// Set up the DNS manager.
-	dnsManager, err := createDNSManager(kubeClient, operatorConfig, infraConfig, dnsConfig, installConfig)
+	dnsProvider, err := createDNSProvider(kubeClient, operatorConfig, infraConfig, dnsConfig, installConfig)
 	if err != nil {
 		log.Error(err, "failed to create DNS manager")
 		os.Exit(1)
 	}
 
 	// Set up and start the operator.
-	op, err := operator.New(operatorConfig, dnsManager, kubeConfig)
+	op, err := operator.New(operatorConfig, dnsProvider, kubeConfig)
 	if err != nil {
 		log.Error(err, "failed to create operator")
 		os.Exit(1)
@@ -126,8 +127,8 @@ func main() {
 
 // createDNSManager creates a DNS manager compatible with the given cluster
 // configuration.
-func createDNSManager(cl client.Client, operatorConfig operatorconfig.Config, infraConfig *configv1.Infrastructure, dnsConfig *configv1.DNS, installConfig *installConfig) (dns.Manager, error) {
-	var dnsManager dns.Manager
+func createDNSProvider(cl client.Client, operatorConfig operatorconfig.Config, infraConfig *configv1.Infrastructure, dnsConfig *configv1.DNS, installConfig *installConfig) (dns.Provider, error) {
+	var dnsProvider dns.Provider
 	switch infraConfig.Status.Platform {
 	case configv1.AWSPlatformType:
 		awsCreds := &corev1.Secret{}
@@ -136,7 +137,7 @@ func createDNSManager(cl client.Client, operatorConfig operatorconfig.Config, in
 			return nil, fmt.Errorf("failed to get aws creds from secret %s/%s: %v", awsCreds.Namespace, awsCreds.Name, err)
 		}
 		log.Info("using aws creds from secret", "namespace", awsCreds.Namespace, "name", awsCreds.Name)
-		manager, err := awsdns.NewManager(awsdns.Config{
+		provider, err := awsdns.NewProvider(awsdns.Config{
 			AccessID:  string(awsCreds.Data["aws_access_key_id"]),
 			AccessKey: string(awsCreds.Data["aws_secret_access_key"]),
 			DNS:       dnsConfig,
@@ -145,15 +146,15 @@ func createDNSManager(cl client.Client, operatorConfig operatorconfig.Config, in
 		if err != nil {
 			return nil, fmt.Errorf("failed to create AWS DNS manager: %v", err)
 		}
-		dnsManager = manager
+		dnsProvider = provider
 	case configv1.AzurePlatformType:
 		azureCreds := &corev1.Secret{}
 		err := cl.Get(context.TODO(), types.NamespacedName{Namespace: operatorConfig.Namespace, Name: cloudCredentialsSecretName}, azureCreds)
 		if err != nil {
 			return nil, fmt.Errorf("failed to get azure creds from secret %s/%s: %v", azureCreds.Namespace, azureCreds.Name, err)
 		}
 		log.Info("using azure creds from secret", "namespace", azureCreds.Namespace, "name", azureCreds.Name)
-		manager, err := azuredns.NewManager(azuredns.Config{
+		provider, err := azuredns.NewProvider(azuredns.Config{
 			Environment:    "AzurePublicCloud",
 			ClientID:       string(azureCreds.Data["azure_client_id"]),
 			ClientSecret:   string(azureCreds.Data["azure_client_secret"]),
@@ -164,11 +165,11 @@ func createDNSManager(cl client.Client, operatorConfig operatorconfig.Config, in
 		if err != nil {
 			return nil, fmt.Errorf("failed to create Azure DNS manager: %v", err)
 		}
-		dnsManager = manager
+		dnsProvider = provider
 	default:
-		dnsManager = &dns.NoopManager{}
+		dnsProvider = &dns.FakeProvider{}
 	}
-	return dnsManager, nil
+	return dnsProvider, nil
 }
 
 // TODO: This can be replaced by cluster API when

diff --git a/hack/update-generated-crd.sh b/hack/update-generated-crd.sh
@@ -16,6 +16,11 @@ GO111MODULE=on GOFLAGS=-mod=vendor go run sigs.k8s.io/controller-tools/cmd/contr
   output:crd:dir="$OUTDIR"
 set +x
 
+set -x
+GO111MODULE=on GOFLAGS=-mod=vendor go run sigs.k8s.io/controller-tools/cmd/controller-gen crd:trivialVersions=true paths=./pkg/api/v1 output:crd:dir="$OUTDIR"
+set +x
+
 if [[ -z "${SKIP_COPY+1}" ]]; then
   cp "$OUTDIR/operator.openshift.io_ingresscontrollers.yaml" manifests/00-custom-resource-definition.yaml
+  cp "$OUTDIR/ingress.operator.openshift.io_dnsrecords.yaml" manifests/00-custom-resource-definition-internal.yaml
 fi
diff --git a/hack/verify-generated-crd.sh b/hack/verify-generated-crd.sh
@@ -6,3 +6,4 @@ TMP_DIR="$(mktemp -d)"
 OUTDIR="$TMP_DIR" SKIP_COPY=true ./hack/update-generated-crd.sh
 
 diff -Naup "$TMP_DIR/operator.openshift.io_ingresscontrollers.yaml" manifests/00-custom-resource-definition.yaml
+diff -Naup "$TMP_DIR/ingress.operator.openshift.io_dnsrecords.yaml" manifests/00-custom-resource-definition-internal.yaml
diff --git a/manifests/00-cluster-role.yaml b/manifests/00-cluster-role.yaml
@@ -52,16 +52,17 @@ rules:
   - operator.openshift.io
   resources:
   - ingresscontrollers
+  - ingresscontrollers/status
   verbs:
-  - list
-  - watch
+  - "*"
 
 - apiGroups:
-  - operator.openshift.io
+  - ingress.operator.openshift.io
   resources:
-  - ingresscontrollers/status
+  - dnsrecords
+  - dnsrecords/status
   verbs:
-  - update
+  - "*"
 
 - apiGroups:
   - config.openshift.io