Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(Gateway API): improve annotations support #4870

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

Dadeos-Menlo
Copy link

Description

The generation of DNS records from Gateway API resources involves combining information from a …Route resource and a Gateway resource. The current implementation, for the most part, only considers annotations from the Route resource. There are potential scenarios whereby it may be more convenient to assign annotations to the Gateway resource, thus ensuring that all DNS records associated with the given Gateway are similarly effected. An extreme example of such a scenario being when no Hostname information is specified (i.e. the given Gateway should accept any communication, irrespective of the DNS name used to establish it) but that a DNS record is desired to cover all Routes associated with the Gateway; in which case it would be convenient to apply an external-dns.alpha.kubernetes.io/hostname annotation to the Gateway itself, rather than having to apply annotations to every associated Route and having to deal with the potential confusion arising from precisely which Route owns the shared DNS record.

The proposed changes include:

  • Adding validation of resource endpoint label ownership to all of the Gateway related unit-tests
  • Refactor the process of Endpoint generation in order to preserve the relationship between Route and Gateway resources
  • Consider annotations from both Route and Gateway resources when generating an Endpoint
    • In cases where the same annotation is present on both Route and Gateway resources, the Route derived value is used in preference
    • external-dns.alpha.kubernetes.io/ttl annotations are merged to yield the lowest specified value
    • In the case where external-dns.alpha.kubernetes.io/hostname is specified on a Gateway and that Gateway is the only Gateway contributing to an Endpoint the resource label is recorded as referring to the Gateway rather than the Route

No changes to the documentation are proposed because it currently implies that annotations on Gateway resources are supported, whereas in reality such annotations are only honoured when specified on Route resources.

Checklist

  • Unit tests updated
  • End user documentation updated

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Nov 13, 2024
@k8s-ci-robot
Copy link
Contributor

Welcome @Dadeos-Menlo!

It looks like this is your first PR to kubernetes-sigs/external-dns 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/external-dns has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Nov 13, 2024
@k8s-ci-robot
Copy link
Contributor

Hi @Dadeos-Menlo. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Nov 13, 2024
@mloiseleur
Copy link
Contributor

/ok-to-test
Would you please add documentation on this feature ?

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Nov 13, 2024
@mloiseleur
Copy link
Contributor

@abursavich do you think you can do a first review on this PR ?

@Dadeos-Menlo Dadeos-Menlo force-pushed the gateway_annotations branch 2 times, most recently from b632a81 to cc10e6d Compare November 13, 2024 14:50
@Dadeos-Menlo
Copy link
Author

Would you please add documentation on this feature ?

What additional documentation do you feel would add clarity?

In my opinion the proposed changes merely bring the implementation in line with the existing documentation.

No changes to the documentation are proposed because it currently implies that annotations on Gateway resources are supported, whereas in reality such annotations are only honoured when specified on Route resources.

@mloiseleur
Copy link
Contributor

What additional documentation do you feel would add clarity?

In current documentation, the behavior when there are annotations on both Gateway & HTTPRoute is not detailed: no explanation and no example.

@mloiseleur
Copy link
Contributor

/retitle feat(Gateway API): improve annotations support

@k8s-ci-robot k8s-ci-robot changed the title Improve support for Gateway API annotations feat(Gateway API): improve annotations support Nov 14, 2024
@ivankatliarchuk
Copy link
Contributor

Hi @Dadeos-Menlo . Nice work. Would it be possible to extract the refactoring into a separate pull-request to simplify a review and reduce blast radius?

Refactor the process of Endpoint generation in order to preserve the relationship between Route and Gateway resources

You could add tests as well that highlights current/incorrect behaviour to it.

@Dadeos-Menlo
Copy link
Author

Hi Ivan,

In the interests of easing any review I separated the proposed changes into stand-alone commits. The sequence of which were broadly described by the bullet points provided in the initial description. My intention with these stand-alone commits was to mutate the pre-existing implementation, step-by-step, into one that exhibits what I consider to be more desirable behaviour (i.e. the consistent honouring of annotations assigned to Gateway resources).

The initial commit seeks to introduce additional unit-tests/expectations, regarding the Labels associated with every Endpoint generated from the various …Route/Gateway combinations exercised by the pre-existing tests. This commit avoids making any changes to the existing implementation, thus demonstrating that the asserted behaviour is representative of the current/existing behaviour.

The second commit seeks to refactor the existing implementation into a form conducive to tracking the relationship between …Route and Gateway resources throughout the processing required to generate the Endpoint objects. This commit avoids making any changes to the unit-tests, thus demonstrating that the asserted behaviour of the proposed, refactored, implementation is equivalent to that provided by the original implementation.

The third commit builds upon the refactored implementation in order to provide the intended additional functionality; namely the consistent honouring of annotations assigned to Gateway resources. This commit introduces new unit-test scenarios, associated with annotations being assigned to Gateway resources and in support of the proposed new behaviours, whilst avoiding modification of existing unit-test scenarios, thus demonstrating no regressions with respect to pre-existing asserted behaviours (NB: The essence of the "DualStack" tests were incorporated into the Gateway annotation orientated unit-test scenarios introduced).

The forth, and final, commit modifies the documentation as requested.

In direct response to your questions:

Would it be possible to extract the refactoring into a separate pull-request to simplify a review and reduce blast radius?

Whilst this would be possible, I consider that the proposed changes belong together in a single pull-request, and have made efforts to separate the mutations applied as outlined above.

You could add tests as well that highlights current/incorrect behaviour to it.

I consider that unit-test scenarios asserting the intended behaviour of annotations assigned to Gateway resources have been introduced, as part of the behavioural modifications proposed in commit three.

I hope that the explanation offered above aids your understanding and consideration. Thank you for your interest in these proposed changes.

Regards,

Peter

@ivankatliarchuk
Copy link
Contributor

Thanks for the explanation. I agree with the overall direction of this change, so I won't raise any objections. However, given the complexity of the changes, (I do not possess maintainer access), I will be unable to formally approve this pull request, which is not an issue anyway.

Whilst this would be possible, I consider that the proposed changes belong together in a single pull-request, and have made efforts to separate the mutations applied as outlined above.

This make sense. To potentially accelerate the approval process, consider splitting the refactoring from the new functionality in the next pull request. This would allow community members to contribute more easily by focusing on smaller, more manageable changes.

hosts[host] = struct{}{}
}
}
// TODO: The ignore-hostname-annotation flag help says "valid only when using fqdn-template"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The help is valid.
This option has been introduced with PR #745.
As you can see, it's still checked:
https://github.com/kubernetes-sigs/external-dns/blob/master/pkg/apis/externaldns/validation/validation.go#L84

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment was merely relocated from the pre-existing sources

I suspect that the observation being made by its original author is that the referenced help states that:

"Ignore hostname annotation when generating DNS names, valid only when --fqdn-template is set (default: false)"

and yet various implementations, including this one, do not check that the value of FQDNTemplate has been specified. However, they may not have appreciated the additional validation to which you refer that appears to preclude the IgnoreHostnameAnnotation value being true whilst the FQDNTemplate is empty.

Would you like me to eliminate the "TODO: …" comment?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, please

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed referenced comment, and associated comment, in 6ee2dc6.

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign mloiseleur for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants