DNS Groups

Signed-off-by: Phil Brookes <pbrookes@redhat.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED

Author: philbrookes

.gitignore

@@ -25,6 +25,7 @@ Dockerfile.cross
 *.swp
 *.swo
 *~
+examples/*
 
 # Helm chart packages
 *operator*.tgz*

api/v1alpha1/conditions.go

@@ -18,3 +18,8 @@ const ConditionReasonUnhealthy ConditionReason = "HealthChecksFailed"
 
 const ConditionTypeReadyForDelegation ConditionType = "ReadyForDelegation"
 const ConditionReasonFinalizersSet ConditionReason = "FinalizersSet"
+
+const ConditionTypeActive ConditionType = "Active"
+const ConditionReasonNotInActiveGroup ConditionReason = "NotMemberOfActiveGroup"
+const ConditionReasonInActiveGroup ConditionReason = "MemberOfActiveGroup"
+const ConditionReasonNoActiveGroups ConditionReason = "NoActiveGroupsSet"

api/v1alpha1/dnsrecord_types.go

@@ -180,6 +180,9 @@ type DNSRecordStatus struct {
 
 	// Group displays the group which the dns-operator belongs to, if set.
 	Group types.Group `json:"group,omitempty"`
+
+	// ActiveGroups displays the last read list of active groups
+	ActiveGroups string `json:"activeGroups,omitempty"`
 }
 
 // GetRemoteRecordStatuses returns any remote record statuses in the current status.
@@ -340,6 +343,14 @@ func (s *DNSRecord) IsDeleting() bool {
 	return s.DeletionTimestamp != nil && !s.DeletionTimestamp.IsZero()
 }
 
+// IsActive always returns true for base DNSRecord instances.
+// This method is part of the DNSRecordAccessor interface and is overridden
+// by GroupAdapter to provide group-aware behavior. The base implementation
+// ensures that non-grouped records are always considered active.
+func (s *DNSRecord) IsActive() bool {
+	return true
+}
+
 // ProviderAccessor impl
 
 var _ ProviderAccessor = &DNSRecord{}

bundle/manifests/kuadrant.io_dnsrecords.yaml

@@ -228,6 +228,9 @@ spec:
           status:
             description: DNSRecordStatus defines the observed state of DNSRecord
             properties:
+              activeGroups:
+                description: ActiveGroups displays the last read list of active groups
+                type: string
               conditions:
                 description: |-
                   conditions are any conditions associated with the record in the dns provider.

charts/dns-operator/templates/manifests.yaml

@@ -354,6 +354,9 @@ spec:
           status:
             description: DNSRecordStatus defines the observed state of DNSRecord
             properties:
+              activeGroups:
+                description: ActiveGroups displays the last read list of active groups
+                type: string
               conditions:
                 description: |-
                   conditions are any conditions associated with the record in the dns provider.

cmd/main.go

@@ -264,6 +264,7 @@ func main() {
 			ProviderFactory: providerFactory,
 			DelegationRole:  delegationRole,
 			Group:           group,
+			TXTResolver:     &controller.DefaultTXTResolver{},
 		},
 		Client: mgr.GetClient(),
 	}
@@ -280,6 +281,7 @@ func main() {
 				ProviderFactory: providerFactory,
 				DelegationRole:  delegationRole,
 				Group:           group,
+				TXTResolver:     &controller.DefaultTXTResolver{},
 			},
 			RemoteClusterCollector: remoteClusterCollector,
 		}

cmd/plugin/get-zone-records.go

@@ -81,7 +81,7 @@ func init() {
 	}
 
 	getZoneRecordsCMD.Flags().StringVar(&providerRef, "providerRef", noDefault,
-		fmt.Sprintf("A provider reference to the secert to use when querying. This can only be used with the type of %s. Format = '<namespace>/<name>'", host))
+		fmt.Sprintf("A provider reference to the secret to use when querying. This can only be used with the type of %s. Format = '<namespace>/<name>'", host))
 
 	getZoneRecordsCMD.Flags().StringVarP(&namespace, "namespace", "n", "dns-operator-system", "namespace where resources exist")
 }

cmd/plugin/secret_generation.go

@@ -439,7 +439,7 @@ func saveSecret(log logr.Logger, secret Secret, dirPath string) (*os.File, error
 }
 
 func applySecretToCluser(log logr.Logger, secretFile string) error {
-	log.V(1).Info("Write secert to main cluster")
+	log.V(1).Info("Write secret to main cluster")
 	args := []string{
 		"apply",
 		"--filename",
@@ -460,7 +460,7 @@ func applySecretToCluser(log logr.Logger, secretFile string) error {
 		return errors.New("unable to write secret to cluster")
 	}
 
-	log.Info(fmt.Sprintf("Secert %s created in namespace %s", generateSecretFlags.name, generateSecretFlags.namespace))
+	log.Info(fmt.Sprintf("secret %s created in namespace %s", generateSecretFlags.name, generateSecretFlags.namespace))
 
 	return nil
 }

config/coredns/Corefile

@@ -1,11 +1,15 @@
 k.example.com {
     debug
     errors
+    log
+    
+    rewrite name regex kuadrant-active-groups\.(.*)k.example\.com kuadrant-active-groups-coredns.pb.hcpapps.net
+    forward kuadrant-active-groups-coredns.pb.hcpapps.net /etc/resolv.conf
+
     health {
         lameduck 5s
     }
     ready
-    log
     geoip GeoLite2-City-demo.mmdb {
         edns-subnet
     }
@@ -15,4 +19,4 @@ k.example.com {
     }
     kuadrant
     prometheus 0.0.0.0:9153
-}
+}

config/crd/bases/kuadrant.io_dnsrecords.yaml

@@ -228,6 +228,9 @@ spec:
           status:
             description: DNSRecordStatus defines the observed state of DNSRecord
             properties:
+              activeGroups:
+                description: ActiveGroups displays the last read list of active groups
+                type: string
               conditions:
                 description: |-
                   conditions are any conditions associated with the record in the dns provider.