Giters

gardener / dashboard

Web-based GUI for Gardener installations.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Adapt handling of DNS Providers

MartinWeindel opened this issue · comments

commented

What would you like to be added:
Add new separate dialogs for managing primary DNS provider and the additional DNS providers for the shoot-dns-service extension. These new dialogs should only be available, if the condition for using the new behaviour is fulfilled (see below).
With the new behaviour, the section .spec.dns.providers will have either 0 or 1 provider. If there is a provider, it must be the primary one. It will have no includes/excludes for domains and zones. All others will be cleaned up by the Gardenlet.
For existing clusters, the dashboard UI for this primary provider can only update type and secret values.
For new clusters, the dashboards UI could use a single dialog to create the primary provider and an provider for the shoot-dns-service with the same inputs. In this case, includes/excludes for domains and zones still make sense. After shoot creation, the UIs for primary provider and shoot-dns-service providers should be completely separate.

For managing the DNS providers of the shoot-dns-service, a dialog similar to the current one can be used. Only the sections used are changing to .spec.extensions[@type="shoot-dns-service"].providerConfig and .spec.resources[] for the secret.

Example for an additional DNS provider for the shoot-dns-service:

spec:
  extensions:
  - type: shoot-dns-service
    providerConfig:
      apiVersion: service.dns.extensions.gardener.cloud/v1alpha1
      kind: DNSConfig
      providers:
        - domains:
            include:
              - wl-owndns.dnstest.dev.k8s.ondemand.com
          secretName: shoot-dns-service-my-aws-route53-secret
          type: aws-route53
  resources:
  	- name: shoot-dns-service-my-aws-route53-secret
  	  resourceRef:
  		kind: Secret
  		name: my-aws-route53-secret
  		apiVersion: v1

Why is this needed:
Gardener wants to cleanup some DNS legacy fields in the shoot manifest, see [API] Align DNS provider handling. As a consequence, non-primary DNS providers for the shoot-dns-service must be managed in its extension providerConfig, i.e. .spec.extensions[@type="shoot-dns-service"].providerConfig and the DNS secrets are referenced resources, i.e. at .spec.resources[].
Currently, the DNS providers are managed at .spec.dns.providers and copied to the extension providerConfig section by the mutating webhook of the shoot-dns-service. Both shoot-dns-service webhook and Dashboard UI must change their behaviour using the same condition.

The condition for using the new behaviour should be either .spec.extensions[@type="shoot-dns-service"].syncProvidersFromShootSpecDNS==false or Gardener Version (.status.gardener.version) >= v1.XX(concrete version not decided yet).