Adapt handling of DNS Providers
MartinWeindel opened this issue · comments
What would you like to be added:
Add new separate dialogs for managing primary DNS provider and the additional DNS providers for the shoot-dns-service extension. These new dialogs should only be available, if the condition for using the new behaviour is fulfilled (see below).
With the new behaviour, the section .spec.dns.providers
will have either 0
or 1
provider. If there is a provider, it must be the primary
one. It will have no includes/excludes for domains and zones. All others will be cleaned up by the Gardenlet.
For existing clusters, the dashboard UI for this primary provider can only update type and secret values.
For new clusters, the dashboards UI could use a single dialog to create the primary provider and an provider for the shoot-dns-service with the same inputs. In this case, includes/excludes for domains and zones still make sense. After shoot creation, the UIs for primary provider and shoot-dns-service providers should be completely separate.
For managing the DNS providers of the shoot-dns-service, a dialog similar to the current one can be used. Only the sections used are changing to .spec.extensions[@type="shoot-dns-service"].providerConfig
and .spec.resources[]
for the secret.
Example for an additional DNS provider for the shoot-dns-service:
spec:
extensions:
- type: shoot-dns-service
providerConfig:
apiVersion: service.dns.extensions.gardener.cloud/v1alpha1
kind: DNSConfig
providers:
- domains:
include:
- wl-owndns.dnstest.dev.k8s.ondemand.com
secretName: shoot-dns-service-my-aws-route53-secret
type: aws-route53
resources:
- name: shoot-dns-service-my-aws-route53-secret
resourceRef:
kind: Secret
name: my-aws-route53-secret
apiVersion: v1
Why is this needed:
Gardener wants to cleanup some DNS legacy fields in the shoot manifest, see [API] Align DNS provider handling. As a consequence, non-primary DNS providers for the shoot-dns-service must be managed in its extension providerConfig, i.e. .spec.extensions[@type="shoot-dns-service"].providerConfig
and the DNS secrets are referenced resources, i.e. at .spec.resources[]
.
Currently, the DNS providers are managed at .spec.dns.providers
and copied to the extension providerConfig section by the mutating webhook of the shoot-dns-service. Both shoot-dns-service webhook and Dashboard UI must change their behaviour using the same condition.
The condition for using the new behaviour should be either .spec.extensions[@type="shoot-dns-service"].syncProvidersFromShootSpecDNS==false
or Gardener Version (.status.gardener.version
) >= v1.XX
(concrete version not decided yet).