ingress-operator icon indicating copy to clipboard operation
ingress-operator copied to clipboard
verified publisher icon openfaas

Add support to ExternalDNS

Open jonatasbaldin opened this issue 6 years ago • 5 comments

Expected Behaviour

It's still needed to manually create a DNS entry when using FunctionIngress. Implementing support to ExternalDNS would allow FunctionIngress to create, delete and update DNS entries automatically.

Current Behaviour

The need to create manually DNS entries each time a new FunctionIngress is deployed.

Possible Solution

Implement support for ExternalDNS to manage DNS entries automatically.

This tutorial shows how to use ExternalDNS with NGINX Ingress. The behaviour is basically synchronising the Ingress domains names with the DNS.

Also, if using with Services, ExternalDNS has annotations to indicate that the DNS entry should be manager, as shown in this example. We could try to enable/disable the ExternalDNS in FunctionIngress with these annotations.

Context

Would be amazing to eliminate one more manual process to get TLS/custom handlers to our functions ⚡️

jonatasbaldin avatar Sep 03 '19 13:09 jonatasbaldin

I'm interested in this 👍

alexellis avatar Sep 06 '19 14:09 alexellis

What would make sense in terms of configuration and the user-experience?

alexellis avatar Sep 06 '19 14:09 alexellis

You could use external-dns annotations:

apiVersion: openfaas.com/v1alpha2
kind: FunctionIngress
metadata:
  name: nodeinfo
  namespace: openfaas
  annotations:
    external-dns.alpha.kubernetes.io/hostname: example.com
    external-dns.alpha.kubernetes.io/ttl: "120" #optional
spec:
  domain: "nodeinfo.myfaas.club"
  function: "nodeinfo"
  ingressType: "nginx"

Or we could add our flag on spec, following the same pattern as ingressType:

apiVersion: openfaas.com/v1alpha2
kind: FunctionIngress
metadata:
  name: nodeinfo
  namespace: openfaas
spec:
  domain: "nodeinfo.myfaas.club"
  function: "nodeinfo"
  ingressType: "nginx"
  
  # this
  externalDns: "true"
  # or
  enableExternalDns: "true"

What do you think?

jonatasbaldin avatar Sep 08 '19 07:09 jonatasbaldin

The first example will work once #7 is merged, could you try that out and then we'll look at the demand for a custom annotation inside the spec after that, depending on demand from the users?

alexellis avatar Sep 08 '19 08:09 alexellis

Wow, that's cool! Personally, I prefer the first one, but if there's demand for a custom flag we can implement it.

I'll test the external-dns and let you know.

As an another discussion (I can open another issue for that if necessary), since the annotations are being copied we could make the FunctionIngress more standard, like this:

apiVersion: openfaas.com/v1alpha2
kind: FunctionIngress
metadata:
  name: nodeinfo-tls
  namespace: openfaas
  annotations:

    # Use standard nginx-ingress annotation
    kubernetes.io/ingress.class: "nginx"

    # Use standard cert-manager annotation
    certmanager.k8s.io/issuer: "letsencrypt-staging"
    # or
    certmanager.k8s.io/cluster-issuer: "letsencrypt-staging"

spec:
  domain: "nodeinfo-tls.myfaas.club"
  function: "nodeinfo"

  # Remove this flag and use standard nginx annotation
  ingressType: "nginx"

  tls:
    enabled: true

    # Remove this flag and use standard cert-manager annotation
    issuerRef:
      name: "letsencrypt-staging"
      kind: "Issuer"

What do you think?

jonatasbaldin avatar Sep 08 '19 08:09 jonatasbaldin