PR to support RFC2136 multiple hosts.

[Jeremy-Boyle]

Description

Details in #4651

Fixes #4651 Fixes #3470

Checklist

• [x] Unit tests updated
• [x] End user documentation updated

[k8s-ci-robot]

Hi @Jeremy-Boyle. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[Jeremy-Boyle]

Work has been completed All tests are succeeding,

I have build and tested the use cases for fail-over and load balancing options within a working lab environment.

Failover

time="2024-08-02T18:27:57Z" level=info msg="Created Dynamic Kubernetes client https://10.96.0.1:443"
time="2024-08-02T18:27:57Z" level=info msg="Configured RFC2136 with zones '[PRIVATE-DNS.com]' and nameservers '[HOST-1 HOST-2]'"
time="2024-08-02T18:27:57Z" level=debug msg="Fetching records for '\"PRIVATE-DNS.com\"'"
time="2024-08-02T18:27:57Z" level=debug msg="Fetching records from nameserver: HOST-1:53"
time="2024-08-02T18:27:59Z" level=warning msg="Last operation failed for nameserver HOST-1:53"
time="2024-08-02T18:27:59Z" level=warning msg="Last operation error message: failed to fetch records via AXFR: failed to connect for transfer: dial tcp HOST-1:53: i/o timeout"
time="2024-08-02T18:27:59Z" level=debug msg="Fetching records from nameserver: HOST-2:53"
time="2024-08-02T18:27:59Z" level=debug msg="Record=PRIVATE-DNS.com.\t86400\tIN\tSOA\topnsense.home.arpa. mail.opnsense.home.arpa. 2407231527 21600 3600 3542400 3600"
time="2024-08-02T18:27:59Z" level=debug msg="Record=PRIVATE-DNS.com.\t86400\tIN\tNS\tns1.PRIVATE-DNS.com."

Load balance

Round Robbin

time="2024-08-02T18:32:43Z" level=info msg="Created Dynamic Kubernetes client https://10.96.0.1:443"
time="2024-08-02T18:32:43Z" level=info msg="Configured RFC2136 with zones '[PRIVATE-DNS.com]' and nameservers '[HOST-1 HOST-2]'"
time="2024-08-02T18:32:43Z" level=debug msg="Fetching records for '\"PRIVATE-DNS.com\"'"
time="2024-08-02T18:32:43Z" level=debug msg="Fetching records from nameserver: HOST-1:53"
time="2024-08-02T18:32:43Z" level=debug msg="Record=PRIVATE-DNS.com.\t86400\tIN\tSOA\topnsense.home.arpa. mail.opnsense.home.arpa. 2407231527 21600 3600 3542400 3600"
time="2024-08-02T18:32:43Z" level=info msg="All records are already up to date"
time="2024-08-02T18:32:53Z" level=debug msg="Fetching records for '\"PRIVATE-DNS.com\"'"
time="2024-08-02T18:32:53Z" level=debug msg="Fetching records from nameserver: HOST-2:53"
time="2024-08-02T18:32:53Z" level=debug msg="Record=PRIVATE-DNS.com.\t86400\tIN\tSOA\topnsense.home.arpa. mail.opnsense.home.arpa. 2407231527 21600 3600 3542400 3600"
time="2024-08-02T18:33:03Z" level=debug msg="Fetching records for '\"PRIVATE-DNS.com\"'"
time="2024-08-02T18:33:03Z" level=debug msg="Fetching records from nameserver: HOST-1:53"
time="2024-08-02T18:33:03Z" level=debug msg="Record=PRIVATE-DNS.com.\t86400\tIN\tSOA\topnsense.home.arpa. mail.opnsense.home.arpa. 2407231527 21600 3600 3542400 3600"
time="2024-08-02T18:33:03Z" level=info msg="All records are already up to date"
time="2024-08-02T18:33:14Z" level=debug msg="Fetching records for '\"PRIVATE-DNS.com\"'"
time="2024-08-02T18:33:14Z" level=debug msg="Fetching records from nameserver: HOST-2:53"
time="2024-08-02T18:33:14Z" level=debug msg="Record=PRIVATE-DNS.com.\t86400\tIN\tSOA\topnsense.home.arpa. mail.opnsense.home.arpa. 2407231527 21600 3600 3542400 3600"
time="2024-08-02T18:33:14Z" level=info msg="All records are already up to date"
time="2024-08-02T18:33:25Z" level=debug msg="Fetching records for '\"PRIVATE-DNS.com\"'"
time="2024-08-02T18:33:25Z" level=debug msg="Fetching records from nameserver: HOST-1:53"
time="2024-08-02T18:33:25Z" level=debug msg="Record=PRIVATE-DNS.com.\t86400\tIN\tSOA\topnsense.home.arpa. mail.opnsense.home.arpa. 2407231527 21600 3600 3542400 3600"
time="2024-08-02T18:33:25Z" level=info msg="All records are already up to date"

###Random

time="2024-08-02T18:38:02Z" level=info msg="Created Dynamic Kubernetes client https://10.96.0.1:443"
time="2024-08-02T18:38:02Z" level=info msg="Configured RFC2136 with zones '[PRIVATE-DNS.com]' and nameservers '[HOST-1 HOST-2 HOST-3]'"
time="2024-08-02T18:38:02Z" level=debug msg="Fetching records for '\"PRIVATE-DNS.com\"'"
time="2024-08-02T18:38:02Z" level=debug msg="Fetching records from nameserver: HOST-3:53"
time="2024-08-02T18:38:02Z" level=debug msg="Record=PRIVATE-DNS.com.\t86400\tIN\tSOA\topnsense.home.arpa. mail.opnsense.home.arpa. 2407231527 21600 3600 3542400 3600"
time="2024-08-02T18:38:02Z" level=info msg="All records are already up to date"
time="2024-08-02T18:38:12Z" level=debug msg="Fetching records for '\"PRIVATE-DNS.com\"'"
time="2024-08-02T18:38:12Z" level=debug msg="Fetching records from nameserver: HOST-2:53"
time="2024-08-02T18:38:12Z" level=debug msg="Record=PRIVATE-DNS.com.\t86400\tIN\tSOA\topnsense.home.arpa. mail.opnsense.home.arpa. 2407231527 21600 3600 3542400 3600"
time="2024-08-02T18:38:12Z" level=info msg="All records are already up to date"
time="2024-08-02T18:38:22Z" level=debug msg="Fetching records for '\"PRIVATE-DNS.com\"'"
time="2024-08-02T18:38:22Z" level=debug msg="Fetching records from nameserver: HOST-2:53"
time="2024-08-02T18:38:22Z" level=debug msg="Record=PRIVATE-DNS.com.\t86400\tIN\tSOA\topnsense.home.arpa. mail.opnsense.home.arpa. 2407231527 21600 3600 3542400 3600"
time="2024-08-02T18:38:22Z" level=info msg="All records are already up to date"
time="2024-08-02T18:38:33Z" level=debug msg="Fetching records for '\"PRIVATE-DNS.com\"'"
time="2024-08-02T18:38:33Z" level=debug msg="Fetching records from nameserver: HOST-3:53"
time="2024-08-02T18:38:33Z" level=debug msg="Record=PRIVATE-DNS.com.\t86400\tIN\tSOA\topnsense.home.arpa. mail.opnsense.home.arpa. 2407231527 21600 3600 3542400 3600"
time="2024-08-02T18:38:33Z" level=info msg="All records are already up to date"
time="2024-08-02T18:38:44Z" level=debug msg="Fetching records for '\"PRIVATE-DNS.com\"'"
time="2024-08-02T18:38:44Z" level=debug msg="Fetching records from nameserver: HOST-3:53"
time="2024-08-02T18:38:44Z" level=debug msg="Record=PRIVATE-DNS.com.\t86400\tIN\tSOA\topnsense.home.arpa. mail.opnsense.home.arpa. 2407231527 21600 3600 3542400 3600"
time="2024-08-02T18:38:55Z" level=info msg="All records are already up to date"

I can provide the image for testing if you would like, however when it goes to staging i believe the image can be used when its build via the ci.

Additionally if all hosts fail then the pod will crash like in its current state in master.

[mloiseleur]

Thanks for this PR @Jeremy-Boyle. It seems you are a big user of this provider. I'm not sure to understand why you didn't use a reverse proxy to load-balance the requests.

Considering the current status of in-tree providers (see README), would you be interested to move this provider out of tree, using webhook ?

[Jeremy-Boyle]

@mloiseleur

Unfortunately, without going into any specifics, making it a webhook provider wouldn't work. No issues with that implementation, however our organization wouldn't be allowed or able to use anything other than the official images provided directly.

The loadblancer in front of the dns server is a valid option for some use cases. However we also use Kerberos, thus with a load balancer you would need to sticky session the entire session to the same server once it gets its session token which neglects the whole reason for this, and same with tsig.

This solution logs you into each host to properly handle sending requests to each individual server.

[Jeremy-Boyle]

@mloiseleur , did you have any other questions or concerns before considering this pr?

[Jeremy-Boyle]

Can i please have a update for this please?

[Jeremy-Boyle]

@mloiseleur Any update ?

[Jeremy-Boyle]

Rebased off master. This is still needed for my ORG.

This also includes fixes and improvements from users reporting issues: https://github.com/kubernetes-sigs/external-dns/issues/3470 .

Please consider this MR. @mloiseleur, @raffo, @szuecs , if this is not something that wants to be improved or fixed, can we please have a discussion on it. I do not personally bandwidth to fully support a webhook based plugin, I can however provide support and fixes as needed for the code above. Tests have been written and no breaking changes have been introduced or made that would conflict with existing configurations.

Additionally, I have been using this patch since august with no issues. This has fixed our issues and has improved load on our system by distributing the requests. However, having to maintain our own port is tiresome, and a few other members have requested some of this functionality.

[mloiseleur]

Thanks for this very complete PR. If you can take time to help us maintain this project, this would be super helpful. See here for more information.

/ok-to-test

[mloiseleur]

/retitle feat(rfc2136): support multiple hosts

[bshouse6]

Any movement on this?

[Jeremy-Boyle]

@mloiseleur I don't mind helping out this project :) i love external-dns

Let me rebase, sorry for the delay.

[mloiseleur]

@Jeremy-Boyle As soon as it is rebased, we can merge it.

[Jeremy-Boyle]

@mloiseleur Should be all good now.

[mloiseleur]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ivankatliarchuk, mloiseleur

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• ~~OWNERS~~ [mloiseleur]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment