How the default DNSProvider should be created?

gardener / external-dns-management

Environment to manage external DNS entries for a kubernetes cluster

Apache License 2.0

80 stars 67 forks source link

How the default DNSProvider should be created? #289

Closed kmadac closed 1 year ago

kmadac commented 1 year ago

Hi,

This is not a bug or request, but rather a question. It is not clear to me if default DNSProvider should be create manually or it should be created automatically? I have shoot cluster created via gardener dashboard, where I added DNS secret my-openstack-designate-secret2. Then I added shoot dns extension in Shoot object:

  dns:
    domain: psh-mcm12.test.t-sov.live
    providers:
      - primary: true
        secretName: my-openstack-designate-secret2
        type: openstack-designate
  extensions:
    - type: shoot-dns-service
      providerConfig:
        apiVersion: service.dns.extensions.gardener.cloud/v1alpha1
        kind: DNSConfig
        dnsProviderReplication:
          enabled: true

I would expect that DNSProvider specified in Shoot object will be created automatically, but it is not. Is my expectation correct?

Thanks

MartinWeindel commented 1 year ago

For the records: this is more a question for the shoot-dns-service extension

But back to your question:

I would expect that DNSProvider specified in Shoot object will be created automatically, but it is not. Is my expectation correct?

Yes, you should see something like

  extensions:
    - type: shoot-dns-service
      providerConfig:
        apiVersion: service.dns.extensions.gardener.cloud/v1alpha1
        kind: DNSConfig
        dnsProviderReplication:
          enabled: true
        providers:
          - secretName: shoot-dns-service-my-openstack-designate-secret2
            type: openstack-designate
        syncProvidersFromShootSpecDNS: true

The providerConfig.providers section is updated by the shoot-dns-service admission controller. You should check if it is running on the Gardener cluster. Additionally, there is one important line missing in your snippet: syncProvidersFromShootSpecDNS: true Without this line, the admission controller will not consider changes from the spec.dns.providers section.

kmadac commented 1 year ago

Thanks for response. I adjusted the Shoot configuration but providerConfig.providers was not updated. I investigated the admission controller you mentioned and it seems it is not running. Did you mean admission controller from gardener-extension-shoot-dns-service project here - https://github.com/gardener/gardener-extension-shoot-dns-service/tree/master/cmd/gardener-extension-admission-shoot-dns-service?

I wasn't able to find any documentation on this topic (automatic creation of DNSProviders with admission controller) ? Is there any documentation available somewhere?

Thank you.

MartinWeindel commented 1 year ago

You may take a look how the garden-setup project is installing this components. See

In the end you have to apply the charts https://github.com/gardener/gardener-extension-shoot-dns-service/tree/master/charts/gardener-extension-admission-shoot-dns-service/charts/application to the Garden runtime cluster and https://github.com/gardener/gardener-extension-shoot-dns-service/tree/master/charts/gardener-extension-admission-shoot-dns-service/charts/virtual to the virtual garden.

kmadac commented 1 year ago

Thank you veru much for all the information. I'm closing the issue.