feat: add generic PTR record support for all providers#6232
feat: add generic PTR record support for all providers#6232clwluvw wants to merge 12 commits intokubernetes-sigs:masterfrom
Conversation
Add a provider-agnostic PTR record management layer that automatically creates and deletes PTR records for A and AAAA endpoints. Signed-off-by: Seena Fallah <[email protected]>
Add PTR to the supportedRecords list in the AffixNameMapper so the TXT registry can correctly map between PTR records and their ownership TXT records (e.g. ptr-2.49.168.192.in-addr.arpa -> 2.49.168.192.in-addr.arpa). Without this, extractRecordTypeDefaultPosition cannot recognize the 'ptr-' prefix, causing the TXT registry to skip owner label attachment for PTR records. This prevents PTR record updates and deletions. Signed-off-by: Seena Fallah <[email protected]>
- Add PTR to trailingTypes so EnsureTrailingDot is applied to PTR targets before sending to the PowerDNS API (required format: 'host.example.com.') - Implement GetDomainFilter() on PDNSProvider so the generic PTRProvider wrapper can access the configured domain filter to skip A/AAAA records outside the managed domain set Signed-off-by: Seena Fallah <[email protected]>
Remove the provider-specific PTR implementation (createPTR field, AddReverseRecord, RemoveReverseRecord, GenerateReverseRecord) and all PTR handling from ApplyChanges. PTR management is now handled generically by the PTRProvider wrapper via AdjustEndpoints. Signed-off-by: Seena Fallah <[email protected]>
Add a new --create-ptr flag that enables automatic PTR record management for any provider. When enabled, buildProvider wraps the provider with PTRProvider and automatically adds PTR to ManagedDNSRecordTypes. The existing --rfc2136-create-ptr flag is deprecated in favor of the new provider-agnostic flag but remains functional for backward compatibility. Signed-off-by: Seena Fallah <[email protected]>
Pass --local to ko when building images locally (IMG_PUSH=false) so images are loaded into the local Docker daemon instead of requiring a registry. Signed-off-by: Seena Fallah <[email protected]>
The annotation mode allows fine-grained per-resource control over PTR creation. Backward compatibility: --rfc2136-create-ptr still maps to "always" mode. Signed-off-by: Seena Fallah <[email protected]>
k8s-ci-robot
added
controller
|
Welcome @clwluvw! |
k8s-ci-robot
added
registry
|
Hi @clwluvw. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Tip We noticed you've done this a few times! Consider joining the org to skip this step and gain Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
size/XL
Signed-off-by: Seena Fallah <[email protected]>
k8s-ci-robot
added
size/XXL
ivankatliarchuk
left a comment
ivankatliarchuk
left a comment
There was a problem hiding this comment.
The main challenge is - to test at least in 3-4 different providers.
provider/ptr.go
Outdated
| @@ -0,0 +1,204 @@ | |||
| /* | |||
| Copyright 2025 The Kubernetes Authors. | |||
There was a problem hiding this comment.
Year is not right.
Could you move it to blueprints folder this logic?
There was a problem hiding this comment.
I'm not yet sure, could be even in endpoint package. Hard to say what the correct location is at the moment
There was a problem hiding this comment.
We can't move it to blueprint, PTRProvider wraps provider.Provider and we will endup in circular dependency. Do you want me to put it under its own provider pkg?
There was a problem hiding this comment.
’d say this is a very unusual approach from a coding perspective. If this was AI-generated(we not against it, but worth to mention that), it would be worth spending more time understanding the existing codebase first and consider few design options.
Custom functions for things like reverseaddr, comments that are longer than the code itself, a high degree of coupling, and the introduction of a provider wrapper. Honestly, this approach is very unusual.
Layers and designs explained here https://github.com/kubernetes-sigs/external-dns/tree/master/docs/contributing
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
pkg/apis/externaldns/types.go
Outdated
| Policy: "sync", | ||
| Provider: "", | ||
| ProviderCacheTime: 0, | ||
| CreatePTR: "off", |
There was a problem hiding this comment.
@ivankatliarchuk - the option can take always, annotation, and off as explained in the PR to act differently. it doesn't operate only on two modes.
There was a problem hiding this comment.
You are breaking project contract. Not sure. Will w8 for other reviewers then
There was a problem hiding this comment.
@ivankatliarchuk - I have changed to to boolean. my only concern was to have a control so not always create ptr records as you might want to not have ptr for certain domains and so on. so with what you described in the project contract, now annotation will control it if it is false and will always create ptr records if the flag is there. please check my last commit.
There was a problem hiding this comment.
If there is an annotation on a resource - it should be applied. If the user have a controll over annotation value - it could simply remove the annotation.
So if we have flag --no-create-ptr, the external dns will not create PTR record, unless the resource has specific annotation. If we have --create-ptr with annotation set to false -> ptr record will not be created.
This is very new approach for a project to controll target type over annotation. It will take a while for sure.
There was a problem hiding this comment.
It will take a while for sure.
you mean you agree with the approach or hold a different opinion? :)
There was a problem hiding this comment.
I’m not particularly strong on adding new features - I tend to focus more on redesign and standardisation. It might make sense to introduce a new annotation, but right now there’s a lack of design behind it.
For example, why not consider a more generic name like target-type, which could support multiple values in the future (e.g. PTR, NAPTR, etc.)?
Also, it’s much easier to review and reason about changes when they’re submitted as small, isolated PRs. Otherwise, it becomes difficult to assess the risk and potential impact across millions of deployments.
How I would do it myself
- PR rename flag, and move it out of the rfc provider
- PR to add filter
- PR to propose new annotation. For example use cases are not clear
^ all this chagnes will require testing, and end-2-end testing evidences, this is on top of unit tests coverage
There was a problem hiding this comment.
Also, it’s much easier to review and reason about changes when they’re submitted as small, isolated PRs.
i tried to do that via commits, but fine also to do it via PR if it still makes sense.
^ all this chagnes will require testing, and end-2-end testing evidences, this is on top of unit tests coverage
Right, i also discovered some via testing in real with powerdns which i couldn't find them with unit testing. i thought the project already have a concept to mock other APIs. but if not we need to come with a concept for that otherwise it would be hard to say "i test it and it worked :D"
but right now there’s a lack of design behind it.
Agreed, the current implementation was my original thought about how to tackle it. i submited to get some initial feedback around it. thanks for that. but would be intresting to hear your ideas. I'm basically open to any implementation as my original concern was about PTR records, but i can see how it can be more generic.
provider/ptr.go
Outdated
| @@ -0,0 +1,204 @@ | |||
| /* | |||
| Copyright 2025 The Kubernetes Authors. | |||
There was a problem hiding this comment.
I'm not yet sure, could be even in endpoint package. Hard to say what the correct location is at the moment
| provider.BaseProvider | ||
| client PDNSAPIProvider | ||
| client PDNSAPIProvider | ||
| domainFilter *endpoint.DomainFilter |
There was a problem hiding this comment.
Move this endpoint.DomainFilter support to separate PR please
docs/annotations/annotations.md
Outdated
|
|
||
| If the annotation is not present, use the domains from both the spec and annotations. | ||
|
|
||
| ## external-dns.alpha.kubernetes.io/create-ptr |
There was a problem hiding this comment.
What are the other options, aka annotations names?
There was a problem hiding this comment.
In the last commit, true will opt-in and false will opt-out.
There was a problem hiding this comment.
I mean the annotation name. We are using nouns. But create-ptr starts with a verb (create-), breaking the convention. The closest parallel is alias — you set alias: "true" to create an alias record. We don't call it create-alias. This is why I was asking, which other annotation names you have considered?
The --create-ptr CLI flag name most likley makes sense as a boolean flag, but the annotation doesn't need the create- prefix.
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
Add --create-ptr boolean flag (default: false) that enables automatic PTR record creation for all providers. The create-ptr annotation overrides the flag per resource, following the project's configuration precedence contract. Signed-off-by: Seena Fallah <[email protected]>
clwluvw
force-pushed
the
generic-ptr-provider
branch
from
e40e932 to
cb9687a
Compare
Signed-off-by: Seena Fallah <[email protected]>
Signed-off-by: Seena Fallah <[email protected]>
k8s-ci-robot
added
size/XL
ivankatliarchuk
left a comment
ivankatliarchuk
left a comment
There was a problem hiding this comment.
worth to review where DNSEndpoint supports PTR as well
Signed-off-by: Seena Fallah <[email protected]>
AFAIU, we can use: apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
spec:
endpoints:
- dnsName: 2.49.168.192.in-addr.arpa
recordType: PTR
targets:
- web.example.comalso we can do something like: apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: web
spec:
endpoints:
- dnsName: web.example.com
recordType: A
targets:
- 192.168.49.2
providerSpecific:
- name: record-type
value: ptr |
Yeah, this is where we need other maintainers, but not sure whey someone is free. This case ^ 100% we should support if we do not support, dedicated PR is required, as it is what DNSEndpoint is for. In regards below example, second opinion is needed. |
|
@ivankatliarchuk - thanks let me know if something is still needed from my side. After #6234 is merged I can rebase and do another test like e2e.sh there to test these scenarios on powerdns. |
3 participants
What does it do ?
Introduces a provider-agnostic PTR record mechanism that wraps any provider as a decorator. A new
--create-ptrflag accepts three modes: "off" (default), "always" (PTR for all A/AAAA records), and "annotation" (PTR only when thesource resource is annotated with
external-dns.alpha.kubernetes.io/create-ptr).The RFC2136 provider's built-in PTR logic is removed in favor of this generic approach, and the old
--rfc2136-create-ptrflag is preserved for backward compatibility.Motivation
PTR record creation was previously hardcoded into the RFC2136 provider only. Any other provider managing reverse DNS zones (e.g. PowerDNS) had no way to create PTR records automatically. This change makes PTR support available to all providers.
More