handle apex domain through gandi ALIAS #3855
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @tommy31. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
size/L
|
Hello @tommy31, Thanks for this PR. Alias seems tested. |
|
Hey @mloiseleur, thank for reaching me. TXTPrefix and TXTSuffix are only used in inferZone function, to infer requested zone by removing prefix and suffix from TXT record name. Usage should be trivial. // inferZone determines the zone based on the RrsetName
func inferZone(RrsetName string, TXTPrefix string, TXTSuffix string) string {
cleanRrsetName := strings.Replace(RrsetName, TXTPrefix, "", 1)
cleanRrsetName = strings.Replace(cleanRrsetName, TXTSuffix, "", 1)
cleanRrsetName = strings.Replace(cleanRrsetName, "cname-", "", 1)
return cleanRrsetName
} To better answer your question, of course we should add more tests, but my understanding of gandi_test.go... is near 0. Maybe you could help as gandi provider miss mainteners. |
provider/gandi/gandi.go
Outdated
| sharingID, _ := os.LookupEnv("GANDI_SHARING_ID") | ||
| _, PreferALIAS := os.LookupEnv("GANDI_PREFER_ALIAS") |
There was a problem hiding this comment.
Why are we taking configuration from environment variables? Shouldn't we be using the flags mechanism that everything else uses?
There was a problem hiding this comment.
The "PREFER_ALIAS" config was added to be "retro-compatible" with previous behaviour - which is to fail and raise an error. If it's alright we'd like to get rid of this config altogether and use the "CNAME is an ALIAS in gandi" feature by default
(I'll be working on this PR with @tommy31 - thanks for your review!)
There was a problem hiding this comment.
Updated in 2892142 - the fixed behaviour is now the default, and we stopped using an extra environment variable for this
provider/gandi/gandi.go
Outdated
|
|
||
| // isGandiAlias determines if a given endpoint is supposed to create an Gandi Alias record | ||
| func isGandiAlias(r livedns.DomainRecord, preferALIAS bool) bool { | ||
| return preferALIAS && r.RrsetType == RecordTypeALIAS |
There was a problem hiding this comment.
Why does the setting of preferAlias affect whether an existing DomainRecord is an alias?
There was a problem hiding this comment.
Since we removed the "prefer alias" mechanism, I think this is no longer an issue?
| @@ -113,16 +151,24 @@ func (p *GandiProvider) Records(ctx context.Context) ([]*endpoint.Endpoint, erro | |||
| } | |||
|
|
|||
| for _, r := range records { | |||
| if isGandiAlias(r, p.PreferALIAS) { | |||
| // Convert back ALIAS to CNAME | |||
| r.RrsetType = endpoint.RecordTypeCNAME | |||
There was a problem hiding this comment.
Shouldn't this set a provider-specific property to indicate the underlying record is an alias?
There was a problem hiding this comment.
This is already manipulating a provider-specific object - Gandi's livedns.DomainRecord
Do you think this should be set before in the endpoint.ProviderSpecificProperty prop and reused later?
provider/gandi/gandi.go
Outdated
| func inferZone(RrsetName string, TXTPrefix string, TXTSuffix string) string { | ||
| cleanRrsetName := strings.Replace(RrsetName, TXTPrefix, "", 1) | ||
| cleanRrsetName = strings.Replace(cleanRrsetName, TXTSuffix, "", 1) | ||
| cleanRrsetName = strings.Replace(cleanRrsetName, "cname-", "", 1) |
There was a problem hiding this comment.
This just screams layering violation to me. Why is the provider mucking about with things that are in the purview of the TXT registry? Why is this only removing a prefix of cname-?
There was a problem hiding this comment.
There probably is a better way to do it but not sure how - the issue is that gandi's API requires us explicitly declare which "zone" the records we are manipulating are in.
When working on a CNAME on an apex domain, TXTRegistry creates the old and new txt records, with and without the type prefix. When we receive the endpoint with value cname-example.com 0 IN TXT \"heritage=external-dns,external-dns/owner=default\" [], we have no way to reliability find the zone without this kind of tomfoolery, do we?
There was a problem hiding this comment.
I have tried to improve this with 83a1fcd - I still feel like we have no better way to compute a "zone" from an Endpoint
We can spin this change in a new PR if you think it is necessary?
provider/gandi/gandi.go
Outdated
| if change.Record.RrsetType == endpoint.RecordTypeCNAME && !strings.HasSuffix(change.Record.RrsetValues[0], ".") { | ||
| change.Record.RrsetValues[0] += "." | ||
| } | ||
|
|
||
| // Prepare record name | ||
| recordName := strings.TrimSuffix(change.Record.RrsetName, "."+change.ZoneName) | ||
| if recordName == change.ZoneName { |
There was a problem hiding this comment.
If the zone is example.com and the change.Record.RrsetName is example.com.example.com, then this code will incorrectly replace recordName with @.
There was a problem hiding this comment.
To reduce noise on this PR, I have fixed this in #3893
k8s-ci-robot
added
the
needs-rebase
gfaugere
force-pushed
the
feat/gandi_apex_domain
branch
from
83a1fcd
to
8704636
Compare
|
|
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
cncf-cla: no
gfaugere
force-pushed
the
feat/gandi_apex_domain
branch
from
8704636
to
84990a9
Compare
k8s-ci-robot
added
cncf-cla: yes
|
This has been updated with new tests following #3893 ! |
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
|
Regarding MX records, I think the current doc (https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/mx-record.md) is clear enough about the providers that support this record type? |
|
Thanks for your work on the TXT registry side! It is the only confusing thing about external-dns for me I have added test cases (in 48e9d6d), I think we are handling them correctly? |
During which actions? Not sure what you mean here |
I agree with @johngmyers that we should try our best to avoid dependency between Txt Registry logic and provider logic. Following this, adding Gandi constraints you described:
The idea would be instead of adding the zone (L174) name := r.RrsetName + "." + zoneand removing it a few lines after if/when it comes from TXT registry. Something like if ! strings.HasSuffix(r.RrsetName, zone) {
r.RrsetName := r.RrsetName + "." + zone
}Without any need to check wheither it's coming from TXT Registry or not. It seems quite a naive idea, so I'm unsure and I feel I missed something. |
|
(sorry for the delay, and thanks so much for your feedback!) This works for most cases and allows us to drop our weird To me the root of the issue is this: let's say the my provider receives this Endpoint{
DNSName: "a-example__suffix.com",
Targets: endpoint.Targets{"\"heritage=external-dns,external-dns/owner=default\""},
RecordType: "TXT",
RecordTTL: 600,
}This is the TXT record flagging that there is an A record on example.com that was created by external-dns, with I really don't think there is a way for me to work out this belongs to the |
|
You're right, this is hair-pulling for no benefits - I'll update this today to drop the prefix/suffix part Should we mark this as holding for #3774? I feel like it is cleaner to wait for it to drop |
|
/hold for #3774 |
k8s-ci-robot
added
the
do-not-merge/hold
gfaugere
force-pushed
the
feat/gandi_apex_domain
branch
2 times, most recently
from
95003c4
to
53dbf49
Compare
k8s-ci-robot
added
size/M
Co-Authored-By: vinhas tommy <tommy.vinhas@gmail.com>
gfaugere
force-pushed
the
feat/gandi_apex_domain
branch
from
53dbf49
to
ff45612
Compare
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
k8s-ci-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
|
@k8s-triage-robot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Description
This PR allow gandi provider to redirect apex domain to an FQDN.
From my understanding, CNAME record only can be used for subdomains and external-dns force CNAME if record value is an FQDN. To fill this gap some DNS provider introduce a new record type ALIAS. ALIAS record is a type of DNS record that points your domain name to a hostname instead of an IP address. The ALIAS record is similar to a CNAME record, which is used to point subdomains to a hostname. This allow us to register a record an apex domain
@with a FQDN.So back on this PR, the fix convert an CNAME to an ALIAS, if the
record.RrsetName == "@" and record.RrsetType == "CNAME". And env var (GANDI_PREFER_ALIAS) has been added to keep old things working as expected.What Are ALIAS Records?
This fix has been tested in our preproduction environment and work as expected.
Checklist