Open benjamin-bergia opened 2 years ago
There are a few options here.
This is the easiest since the clusters already have an openstack token, no specific credential required to update the landb data - it is also not possible to do this for OpenStack managed nodes, all interactions should be done via the APIs.
https://clouddocs.web.cern.ch/using_openstack/properties.html#landb-alias
You can find sample code here: https://gitlab.cern.ch/cloud/landb-sync/-/blob/master/pkg/landb_sync/state_openstack.go
It does both aliases and landb sets.
This is a bit more problematic for several reasons: you would need special credentials, the nodes are locked so as a regular user you cannot update them, the landb API exposes a WSDL/SOAP interface which is only compatible with old versions of many clients. That said we have a python client we maintain for a few years, and that's what the openstack api is using underneath: https://gitlab.cern.ch/cloud-infrastructure/python-landbclient/-/tree/qa/landbclient
I think option 1. is the best one.
@rochaporto We are starting on this. So from what we found out in the doc we will use the node
source from external-dns. This should be able to return the IP addresses our ingress nodes. Our provider will send create DNS records pointing to our ingress nodes. If you want to use the LBaaS, there is a ingress
source which return the external ip of the ingress.
For example:
If we start external-dns with the domain filter sis.cern.ch
.
We can only create domains like sis.cern.ch
, *.sis.cern.ch
but test.cern.ch
would not be possible.
and since this in in the configuration of external-dns there is no risk of accident
but we need to ensure that people can't use the provider without domain filter.
The goal is to write provider for external-dns. This provider should use the LanDB API to manage cern.ch records based on the annotation and host fields of ingresses and services.