kubernetes
WIP/RFC: Add DNS zone creation support for GCP.
Core question: Is this an okay direction to proceed in for getting GCP DNS integration started? I will build the teardown / terraform code if so!
Done:
- Add GCP's DNS managed zone as a task.
- Add a DNS model for GCP, during cluster configuration lifecycle, which creates a zone if Cluster.Spec.DNSZone is set.
Not Done:
- Does not yet tear down the DNS managed zone or records (autodeleting DNS is spooky!)
- Does not yet export to Terraform
- Currently always uses private managed zones.
Hi @nat-henderson. Thanks for your PR.
I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by:
To complete the pull request process, please assign zetaab after the PR has been reviewed.
You can assign the PR to them by writing /assign @zetaab in a comment when ready.
The full list of commands accepted by this bot can be found here.
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
I think this looks great, particularly if we can reuse cluster.spec.topology.dns.type so that users have to be very intentional that they want private DNS. I'm going to try it out on AWS though, as my first reading of the code makes it look like we don't automatically create the zone on AWS, though I feel like I'm probably missing something there!
I tried it out on AWS and went splunking through the old dns-zone code. I think I introduced the code that required the zone exist (way back in cae256340b0632459f04f4d7034bf5a470e4e30f), because at the time we didn't have private zones so we'd have to set up NS delegation anyway. It looks like we never updated it for private zones.
The tricky thing we have to figure out is ownership. I guess if we create the zone with the full cluster name then we can delete it also. The alternative would be that multiple clusters could share a "parent zone", but in that case we wouldn't want to delete it (and would probably want it to be pre-created).
It does look like ManagedZone supports labels, so we can rely on more than just the name to know if we created it: https://cloud.google.com/dns/docs/reference/v1/managedZones#resource
I don't know of any restrictions in creating multiple non-overlapping private zones.
Is this how you imagine managed zones being used - one per cluster?
I think this generally looks good; we do want to figure out ownership (i.e. should we delete). What did you think about the suggestion of using labels @nat-henderson ?
It sounds good to me - I'll come back around to this next week, I expect! :)
Hey - sorry about that, I had it working locally and thought I'd pushed it up, but must not have. Here it is - let's see how the tests feel post-rebase...
@nat-henderson: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| pull-kops-verify-bazel | 1e680039e75d884e7b9a0472e56d20c851b5169f | link | true | /test pull-kops-verify-bazel |
| pull-kops-bazel-build | 1e680039e75d884e7b9a0472e56d20c851b5169f | link | true | /test pull-kops-bazel-build |
| pull-kops-bazel-test | 1e680039e75d884e7b9a0472e56d20c851b5169f | link | true | /test pull-kops-bazel-test |
| pull-kops-e2e-cni-weave | 93e698ab770e6808f0e3579d31e67f52a17f1d88 | link | true | /test pull-kops-e2e-cni-weave |
| pull-kops-e2e-cni-calico | 93e698ab770e6808f0e3579d31e67f52a17f1d88 | link | true | /test pull-kops-e2e-cni-calico |
| pull-kops-e2e-cni-calico-ipv6 | 93e698ab770e6808f0e3579d31e67f52a17f1d88 | link | true | /test pull-kops-e2e-cni-calico-ipv6 |
| pull-kops-e2e-cni-kuberouter | 93e698ab770e6808f0e3579d31e67f52a17f1d88 | link | true | /test pull-kops-e2e-cni-kuberouter |
| pull-kops-e2e-cni-amazonvpc | 93e698ab770e6808f0e3579d31e67f52a17f1d88 | link | true | /test pull-kops-e2e-cni-amazonvpc |
| pull-kops-e2e-cni-flannel | 93e698ab770e6808f0e3579d31e67f52a17f1d88 | link | true | /test pull-kops-e2e-cni-flannel |
| pull-kops-e2e-cni-cilium | 93e698ab770e6808f0e3579d31e67f52a17f1d88 | link | true | /test pull-kops-e2e-cni-cilium |
| pull-kops-e2e-aws-karpenter | 46f24d05e44b7a82cdb192ce8c2a5ce9f5e1817c | link | true | /test pull-kops-e2e-aws-karpenter |
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle stale - Mark this issue or PR as rotten with
/lifecycle rotten - Close this issue or PR with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
@nat-henderson: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| pull-kops-verify-bazel | 1e680039e75d884e7b9a0472e56d20c851b5169f | link | true | /test pull-kops-verify-bazel |
| pull-kops-bazel-build | 1e680039e75d884e7b9a0472e56d20c851b5169f | link | true | /test pull-kops-bazel-build |
| pull-kops-bazel-test | 1e680039e75d884e7b9a0472e56d20c851b5169f | link | true | /test pull-kops-bazel-test |
| pull-kops-e2e-cni-weave | 93e698ab770e6808f0e3579d31e67f52a17f1d88 | link | true | /test pull-kops-e2e-cni-weave |
| pull-kops-e2e-cni-calico | 93e698ab770e6808f0e3579d31e67f52a17f1d88 | link | true | /test pull-kops-e2e-cni-calico |
| pull-kops-e2e-cni-calico-ipv6 | 93e698ab770e6808f0e3579d31e67f52a17f1d88 | link | true | /test pull-kops-e2e-cni-calico-ipv6 |
| pull-kops-e2e-cni-kuberouter | 93e698ab770e6808f0e3579d31e67f52a17f1d88 | link | true | /test pull-kops-e2e-cni-kuberouter |
| pull-kops-e2e-cni-amazonvpc | 93e698ab770e6808f0e3579d31e67f52a17f1d88 | link | true | /test pull-kops-e2e-cni-amazonvpc |
| pull-kops-e2e-cni-flannel | 93e698ab770e6808f0e3579d31e67f52a17f1d88 | link | true | /test pull-kops-e2e-cni-flannel |
| pull-kops-e2e-cni-cilium | 93e698ab770e6808f0e3579d31e67f52a17f1d88 | link | true | /test pull-kops-e2e-cni-cilium |
| pull-kops-e2e-aws-karpenter | 46f24d05e44b7a82cdb192ce8c2a5ce9f5e1817c | link | true | /test pull-kops-e2e-aws-karpenter |
| pull-kops-e2e-cni-cilium-eni | 46f24d05e44b7a82cdb192ce8c2a5ce9f5e1817c | link | true | /test pull-kops-e2e-cni-cilium-eni |
| pull-kops-e2e-cni-cilium-etcd | 46f24d05e44b7a82cdb192ce8c2a5ce9f5e1817c | link | true | /test pull-kops-e2e-cni-cilium-etcd |
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue or PR as fresh with
/remove-lifecycle rotten - Close this issue or PR with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the PR is closed
You can:
- Reopen this PR with
/reopen - Mark this PR as fresh with
/remove-lifecycle rotten - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/close
@k8s-triage-robot: Closed this PR.
In response to this:
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages PRs according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied- After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied- After 30d of inactivity since
lifecycle/rottenwas applied, the PR is closedYou can:
- Reopen this PR with
/reopen- Mark this PR as fresh with
/remove-lifecycle rotten- Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.