external-dns icon indicating copy to clipboard operation
external-dns copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

New features: migrate txt-owner

Open Inorysky opened this issue 3 years ago • 12 comments

Description

When changing --txt-owner-id on an existing external-dns resource, it does not update the existing TXT records it owns, therefore losing ownership. Meaning that we have to manually delete the records in order to have external-dns take ownership again.
To solve this problem, I added the ability to update the original txt-owner by setting -- migrate-txt-owner to overwrite the old txt-owner. I have successfully modified thousands of pieces of data using this code, so far without any bugs.

Fixes #ISSUE https://github.com/kubernetes-sigs/external-dns/issues/2036

Inorysky avatar Dec 07 '21 09:12 Inorysky

CLA Signed

The committers are authorized under a signed CLA.

  • :white_check_mark: Inorysky (2c3bb01f1b090b8ae95122475c5316636ca6f5a2)

linux-foundation-easycla[bot] avatar Dec 07 '21 09:12 linux-foundation-easycla[bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Inorysky To complete the pull request process, please assign raffo after the PR has been reviewed. You can assign the PR to them by writing /assign @raffo in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

k8s-ci-robot avatar Dec 07 '21 09:12 k8s-ci-robot

Unknown CLA label state. Rechecking for CLA labels.

Send feedback to sig-contributor-experience at kubernetes/community.

/check-cla

k8s-triage-robot avatar Dec 07 '21 11:12 k8s-triage-robot

@Inorysky The idea of having such a switch is great! As far as I understand the code, it will overwrite any txt-owner it finds in DNS records. I believe that there are many users outside running multiple external-dns deployments in several clusters but each of them operating probably within the same DNS zone. There would be clashes if one of them does a txt-owner migration! You could extend your current code with a from-txt-owner (holding the old txt-owner value) to play it safe.

jgrumboe avatar Dec 10 '21 08:12 jgrumboe

@Inorysky The idea of having such a switch is great! As far as I understand the code, it will overwrite any txt-owner it finds in DNS records. I believe that there are many users outside running multiple external-dns deployments in several clusters but each of them operating probably within the same DNS zone. There would be clashes if one of them does a txt-owner migration! You could extend your current code with a from-txt-owner (holding the old txt-owner value) to play it safe.

Thank you for your suggestion, I have now made a change according to your suggestion: the from-txt-owner tag has been added to support modifying the old txt-owner specified. :)

Inorysky avatar Dec 13 '21 09:12 Inorysky

@Inorysky I like it 👍 Thanks. I'm not a maintainer thus you need to wait for others to review this PR.

jgrumboe avatar Dec 13 '21 09:12 jgrumboe

@Inorysky I like it 👍 Thanks. I'm not a maintainer thus you need to wait for others to review this PR.

Thank you very much!(・ω・)ノ

Inorysky avatar Dec 17 '21 02:12 Inorysky

cc @Raffo, could help review this? we adopt this feature in 30 of our clusters, it helps a lot

runzexia avatar Dec 29 '21 03:12 runzexia

@runzexia Same here. I have about 400 domains that need to be updated. Doing it by hand would be a huge pain in the rear. ;)

darkpixel avatar Feb 22 '22 18:02 darkpixel

@Inorysky: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Apr 19 '22 18:04 k8s-ci-robot

+1

sebastiangaiser avatar Jun 29 '22 12:06 sebastiangaiser

We at @swisspost would really apreciate this feature since we are already in such a scenario where migration of the owner is needed.

mkilchhofer avatar Jul 26 '22 15:07 mkilchhofer

Also waiting for this MR to be merged!

CarpathianUA avatar Oct 04 '22 11:10 CarpathianUA

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Jan 02 '23 12:01 k8s-triage-robot

Not stale. 😢

We @swisspost still wait for this feature.

mkilchhofer avatar Jan 03 '23 13:01 mkilchhofer

/remove-lifecycle stale

seanmalloy avatar Jan 03 '23 13:01 seanmalloy

Wish this was merged

erimerdal avatar Jan 19 '23 16:01 erimerdal

@seanmalloy @njuettner @Raffo @szuecs How can we push this further?

mkilchhofer avatar Jan 19 '23 17:01 mkilchhofer

This PR needs:

  1. A rebase
  2. some unit tests

I suggest pinging someone on #external-dns on kubernetes slack, so they can provide some feedback on it :)

Thanks!

rikatz avatar Jan 19 '23 18:01 rikatz

@rikatz we are seeing this here, too. I see all GH notifications, but if the PR is not green I won't review, because use the time elsewhere is more efficient for the project.

szuecs avatar Jan 23 '23 15:01 szuecs

Yes agreed. Let's wait some return of the author here

rikatz avatar Jan 23 '23 15:01 rikatz

Hi took this PR changes and built docker image and used that, i could see those migrate-txt-owner --from-txt-owner option , but still it is skipping the updation of record saying owner id does not match, found: default and resquired: abc,

can you confirm if this works, or am i missing something,?

i ran the external-dns with below options

external-dns --dry-run --metrics-address=":7979" --log-level=debug --log-format=text --interval=30m --source=service --source=ingress --source=istio-virtualservice --source=istio-gateway --policy=upsert-only --registry=txt --domain-filter=example.com --provider=aws --aws-assume-role=arn:aws:iam::1234567890:role/route53role --txt-owner-id=abc --from-txt-owner=default --migrate-txt-owner

cc: @Inorysky

ashuec90 avatar Feb 23 '23 14:02 ashuec90

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar May 24 '23 14:05 k8s-triage-robot

/remove-lifecycle stale

mkilchhofer avatar May 24 '23 14:05 mkilchhofer

FYI: I tried to take over the work from here / @Inorysky and filed a new PR over there:

  • https://github.com/kubernetes-sigs/external-dns/pull/3631

Rebased @Inorysky 's work and added some unit tests.

mkilchhofer avatar May 25 '23 11:05 mkilchhofer

Since #3631 supersede this PR, I'm closing it. /close

mloiseleur avatar Oct 11 '23 15:10 mloiseleur

@mloiseleur: Closed this PR.

In response to this:

Since #3631 supersede this PR, I'm closing it. /close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Oct 11 '23 15:10 k8s-ci-robot