BREAKING CHANGE: Improve default targets management #5316
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
cncf-cla: yes
|
Welcome @alen-z! |
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @alen-z. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
the
size/L
|
As far as I know, that's not in our current plans, but things might have shifted. A breaking CRD change usually means a new API version, and we're not there yet. To explore this further, could you help us understand the underlying issue by providing example manifests and any alternative solutions you've considered? Breaking changes are generally something we try to avoid, so I'm not going to review that. |
|
I can switch the script to keep current behavior and allow new flag (Default: With set apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: demo
labels:
demo: foo
annotations:
external-dns.demo.io/access: public
spec:
endpoints:
- dnsName: demo.example.com
recordTTL: 300
recordType: CNAME
targets:
- placeholderI'd like to avoid placeholders while allowing to override Expected CRD that should be allowed with apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: demo
labels:
demo: foo
annotations:
external-dns.demo.io/access: public
spec:
endpoints:
- dnsName: demo.example.com
recordTTL: 300
recordType: CNAME |
|
I'm working on path to beta at the moment #5243 |
|
For this case Which provider you using, and what the result DNS is expected |
|
It's Cloudflare: Result DNS with In PR, you can see if we do set |
|
Not sure about practicality, may need some time to re-think. How this DNSEndpoint(s) created? I'm using helm, example relevant part {{- range $hostNames }}
{{- if .name }}
{{- $target := printf "eks-cluster-%s-ingress-%s.%s" $.Values.cluster.env $accessType $defaultDomainName }}
{{- $subdomain := printf "%s-%s-eks" .name $accessType }}
{{- if and (eq (include "this.allPortsAreGrpc" $) "false") (ne .protocol "gRPC") }}
- dnsName: {{ $subdomain }}.{{ $defaultDomainName }}
recordTTL: 60
recordType: CNAME
targets:
- {{ $target }}
{{- end }}
{{- if and (eq $accessType "internal") (eq (include "this.http2Enabled" $) "true") }}
- dnsName: {{ $subdomain }}.http2.{{ $defaultDomainName }}
recordTTL: 60
recordType: CNAME
targets:
- {{ $target }}
{{- end }}
{{- end }}
{{- end }}
or
- dnsName: {{ .Values.dns.host }}
recordTTL: 60
recordType: CNAME
targets:
- {{ include "common.dns.target" . }} # target or default targetI may missing some other use case Or similar with kustomize or kyverno admission webhooks. |
|
It's simple:
This is PR to improve 4th step. Another approach I'm using is different starting with 3rd step, which is setting annotations on Service of type Both approaches have product teams using DNSEndpoint resources, while load balancer DNS records and ExternalDNS instances are maintained by operations team. Product team just creates proper DNSEndpoint with annotation for public or private (again, bummer is it needs to contain |
If I understand correctly, we have exactly same cases in environments I look after. For the use case you shared, I'm not sure how you setting annotations, but if annotations on ALB are set with helm, you could add a template for DNSEndpoint as well and set all required values, use kustomize and any other tools. The targets are static, so it works. If teams using Crossplane, it could manage DNSEndpoint targets as well at runtime. Regardless of how DNSEndpoint manifests are generated (Helm, Kustomize, Admission WebHooks, ArgoCD, Jsonnet, etc.), any DNSEndpoint with the I apologise, but I don't understand the proposed approach and don't see any clear benefits. However, other contributors or maintainers might have a different perspective and see value in this feature. |
|
Again, it's simple proposition: No need for Additional comment on your suggestion that it's easy to add |
|
We have differing opinions on this. In my view, the number of DNSEndpoints shouldn't matter – automation tools exist to handle scaling so 1, 100, 10000 should not be matter. If other maintainers or contributors believe external-dns should support this specific scenario, I don't see a fundamental conflict as consensus is not needed. However, from my perspective, this problem seems too niche and is better addressed with dedicated tools. This is just my personal opinion, and others may have different views. |
|
Maybe CRD should support FQDN templating |
|
All good. I'm not attached to this, only offered a fix to make it better for our use case. I can close the PR. |
|
@alen-z do you wanna try FQDN approach? @mloiseleur wdyt? |
|
@ivankatliarchuk To me, this use case is quite straightforward and valid. We are using the same pattern on some clusters: a single target (the LB) with as many CNAME as we need. So, setting it once in the CLI arg looks better to me than set the same value in all the CR. It's also consistent: that's how other sources works. Since there is no CEL validation ATM in the CRD, I'm not sure if this is really a breaking change. With current version, it will fail without target so, to me, a warning in release notes should be enough. But maybe I missed something, I need to double check that. |
|
@mloiseleur, in terms of looking at breaking change, depends on the approach (current PR or one other possible non-breaking). Challenge is, to make current ExternalDNS work, many have put placeholders in CRD To me, it's best to be able to upgrade to new version, clean DNSEndpoint under the flag, remove the flag. This actually requires this PR to be a bit more improved to allow empty If you folks align on the approach, I can prepare PR. |
Description
Improved
default-targetsbehavior to allow empty CRDtargetssection in case default targets are set. Default targets are overridden if it's set anywhere else. Since it introduces breaking change in situations where targets are set, we offerforce-default-targetsflag to keep current behavior (hopefully easing migration).Breaking change should be stated in release documentation.
Fixes #3163
Checklist