Support ExternalDNS integration by DNSEndpoint

config/crds/bases/externaldns.k8s.io_dnsendpoints.yaml

@@ -0,0 +1,94 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.5.0
+    api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/external-dns/pull/2007"
+  creationTimestamp: null
+  name: dnsendpoints.externaldns.k8s.io
+spec:
+  group: externaldns.k8s.io
+  names:
+    kind: DNSEndpoint
+    listKind: DNSEndpointList
+    plural: dnsendpoints
+    singular: dnsendpoint
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: DNSEndpointSpec defines the desired state of DNSEndpoint
+            properties:
+              endpoints:
+                items:
+                  description: Endpoint is a high-level way of a connection between a service and an IP
+                  properties:
+                    dnsName:
+                      description: The hostname of the DNS record
+                      type: string
+                    labels:
+                      additionalProperties:
+                        type: string
+                      description: Labels stores labels defined for the Endpoint
+                      type: object
+                    providerSpecific:
+                      description: ProviderSpecific stores provider specific config
+                      items:
+                        description: ProviderSpecificProperty holds the name and value of a configuration which is specific to individual DNS providers
+                        properties:
+                          name:
+                            type: string
+                          value:
+                            type: string
+                        type: object
+                      type: array
+                    recordTTL:
+                      description: TTL for the record
+                      format: int64
+                      type: integer
+                    recordType:
+                      description: RecordType type of record, e.g. CNAME, A, SRV, TXT etc
+                      type: string
+                    setIdentifier:
+                      description: Identifier to distinguish multiple records with the same name and type (e.g. Route53 records with routing policies other than 'simple')
+                      type: string
+                    targets:
+                      description: The targets the DNS record points to
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+            type: object
+          status:
+            description: DNSEndpointStatus defines the observed state of DNSEndpoint
+            properties:
+              observedGeneration:
+                description: The generation observed by the external-dns controller.
+                format: int64
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/crds/kustomization.yaml

@@ -4,3 +4,4 @@ resources:
   - bases/k8s-gateway-v0.6.1.yaml
   - bases/multicluster.x-k8s.io_serviceexports.yaml
   - bases/multicluster.x-k8s.io_serviceimports.yaml
+  - bases/externaldns.k8s.io_dnsendpoints.yaml

config/rbac/cluster-role-controller.yaml

@@ -238,3 +238,15 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - externaldns.k8s.io
+  resources:
+  - dnsendpoints
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch

controllers/httproute_controller.go

@@ -45,6 +45,9 @@ import (
 	"github.com/aws/aws-application-networking-k8s/pkg/model/core"
 	latticemodel "github.com/aws/aws-application-networking-k8s/pkg/model/lattice"
 	lattice_runtime "github.com/aws/aws-application-networking-k8s/pkg/runtime"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/client-go/discovery"
+	"sigs.k8s.io/external-dns/endpoint"
 )
 
 // HTTPRouteReconciler reconciles a HTTPRoute object
@@ -336,11 +339,43 @@ func (r *HTTPRouteReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	gwEventHandler := eventhandlers.NewEnqueueRequestGatewayEvent(r.Client)
 	svcEventHandler := eventhandlers.NewEqueueHTTPRequestServiceEvent(r.Client)
 	svcImportEventHandler := eventhandlers.NewEqueueRequestServiceImportEvent(r.Client)
-	return ctrl.NewControllerManagedBy(mgr).
-		// Uncomment the following line adding a pointer to an instance of the controlled resource as an argument
+
+	builder := ctrl.NewControllerManagedBy(mgr).
 		For(&gateway_api.HTTPRoute{}).
 		Watches(&source.Kind{Type: &gateway_api.Gateway{}}, gwEventHandler).
 		Watches(&source.Kind{Type: &corev1.Service{}}, svcEventHandler).
-		Watches(&source.Kind{Type: &mcs_api.ServiceImport{}}, svcImportEventHandler).
-		Complete(r)
+		Watches(&source.Kind{Type: &mcs_api.ServiceImport{}}, svcImportEventHandler)
+
+	if ok, err := isExternalDNSSupported(mgr); ok {
+		builder.Owns(&endpoint.DNSEndpoint{})
+	} else {
+		// This means DNSEndpoint CRD does not exist which is fine, but getting API error is not.
+		if err != nil {
+			glog.V(2).Infof("Unknown error while discovering CRD: %v", err)
+			return err
+		}
+	}
+	return builder.Complete(r)
+}
+
+func isExternalDNSSupported(mgr ctrl.Manager) (bool, error) {
+	discoveryClient, err := discovery.NewDiscoveryClientForConfig(mgr.GetConfig())
+	if err != nil {
+		return false, err
+	}
+	// Query for known OpenShift API resource to verify it is available
+	apiResources, err := discoveryClient.ServerResourcesForGroupVersion("externaldns.k8s.io/v1alpha1")
+	if err != nil {
+		if apierrors.IsNotFound(err) {
+			glog.V(2).Infof("DNSEndpoint CRD is not supported")
+			return false, nil
+		}
+		return false, err
+	}
+	for i := range apiResources.APIResources {
+		if apiResources.APIResources[i].Kind == "DNSEndpoint" {
+			return true, nil
+		}
+	}
+	return false, nil
 }

docs/configure/custom_domain_name.md

@@ -0,0 +1,55 @@
+# Configure a Custom Domain Name for HTTPRoute
+When you create a HTTPRoute under `amazon-vpc-lattice` gatewayclass, the controller creates a AWS VPC Lattice Service during reconciliation.
+VPC Lattice generates a unique Fully Qualified Domain Name (FQDN) for you; however, this auto-generated domain name is not easy to remember.
+
+If you'd prefer to use a custom domain name for a HTTPRoute, you can specify them in hostname field of HTTPRoute.  Here is one example:
+
+```
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: HTTPRoute
+metadata:
+  name: review
+spec:
+  hostnames:
+  - review.my-test.com  <-----------  this is the custom domain name
+  parentRefs:
+  - name: my-hotel
+    sectionName: http
+  rules:    
+  - backendRefs:
+    - name: review2
+      kind: Service
+      port: 8090
+    matches:
+    - path:
+        type: PathPrefix
+        value: /review2
+
+```
+
+
+## Managing DNS records using ExternalDNS
+
+To register custom domain names to your DNS provider, we recommend using [ExternalDNS](https://github.com/kubernetes-sigs/external-dns).
+AWS Gateway API Controller supports ExternalDNS integration through CRD source - the controller will manage `DNSEndpoint` resource for you.
+
+1. Install `DNSEndpoint` CRD. This is bundled with both Gateway API Controller Helm chart and `examples/deploy-*.yaml` manifest, but also can be installed manually by the following command:
+   ```sh
+   kubectl apply -f config/crds/bases/externaldns.k8s.io_dnsendpoints.yaml
+   ```
+   If the CRD does not exist, `DNSEndpoint` resource will not be created or managed by the controller.
+1. Restart the controller if running already.
+1. Run ExternalDNS controller watching `crd` source. 
+   The following example command runs ExternalDNS compiled from source, using AWS Route53 provider:
+   ```sh
+   build/external-dns --source crd --crd-source-apiversion externaldns.k8s.io/v1alpha1 \
+   --crd-source-kind DNSEndpoint --provider aws
+   ```
+1. Create HTTPRoutes and Services. The controller should create `DNSEndpoint` resource owned by the HTTPRoute you created.
+1. ExternalDNS will watch the changes and create DNS record on the configured DNS provider.
+
+## Notes
+
+* You MUST have a registered domain name (e.g. `my-test.com`) in route53 and complete the `Prerequisites` mentioned in [Configure a custom domain name for your service](https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-custom-domain-name.html#dns-associate-custom).
+* If you are not using ExternalDNS, you should manually associate your custom domain name with your service following [Configure a custom domain name for your service](https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-custom-domain-name.html#dns-associate-custom).
+

docs/developer.md

@@ -16,6 +16,7 @@ make presubmit
 kubectl apply -f config/crds/bases/k8s-gateway-v0.6.1.yaml
 kubectl apply -f config/crds/bases/multicluster.x-k8s.io_serviceexports.yaml
 kubectl apply -f config/crds/bases/multicluster.x-k8s.io_serviceimports.yaml
+kubectl apply -f config/crds/bases/externaldns.k8s.io_dnsendpoints.yaml
 kubectl apply -f examples/gatewayclass.yaml
 
 # Run the controller against the Kubernetes cluster pointed to by `kubectl config current-context`
@@ -76,7 +77,17 @@ Notice: the prerequisites for running the end-to-end tests success are:
 
 After all test cases running finished, in the `AfterSuite()` function, it will clean up k8s and vpc lattice resource created by current test cases running.
 
-Before sending a Pull Request, usually you should run the `make e2etest` to make sure all e2e tests pass.
+
+### Contributing
+
+Before sending a Pull Request, you should run unit tests and end-to-end integration tests successfully:
+```sh
+make presubmit
+make e2etest
+```
+
+It is recommended to run `make e2etest` in both environments where `DNSEndpoint` CRD exists and does not exist,
+as the controller is designed to support both use cases.
 
 ### Make Docker Image
 

go.mod

@@ -15,6 +15,7 @@ require (
 	k8s.io/apimachinery v0.26.1
 	k8s.io/client-go v0.26.1
 	sigs.k8s.io/controller-runtime v0.14.1
+	sigs.k8s.io/external-dns v0.13.5
 	sigs.k8s.io/gateway-api v0.6.1
 	sigs.k8s.io/mcs-api v0.1.0
 )
@@ -55,6 +56,7 @@ require (
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/rogpeppe/go-internal v1.8.1 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect

go.sum

@@ -450,6 +450,8 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
@@ -694,6 +696,7 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -953,6 +956,8 @@ sigs.k8s.io/controller-runtime v0.6.1/go.mod h1:XRYBPdbf5XJu9kpS84VJiZ7h/u1hF3gE
 sigs.k8s.io/controller-runtime v0.14.1 h1:vThDes9pzg0Y+UbCPY3Wj34CGIYPgdmspPm2GIpxpzM=
 sigs.k8s.io/controller-runtime v0.14.1/go.mod h1:GaRkrY8a7UZF0kqFFbUKG7n9ICiTY5T55P1RiE3UZlU=
 sigs.k8s.io/controller-tools v0.3.0/go.mod h1:enhtKGfxZD1GFEoMgP8Fdbu+uKQ/cq1/WGJhdVChfvI=
+sigs.k8s.io/external-dns v0.13.5 h1:yJXhttH2SO08bAUxWfzMxhpSKTWr8f57OTDD6Ajq0Z4=
+sigs.k8s.io/external-dns v0.13.5/go.mod h1:X7fyG4FwVFXFavj3XV4LlRs3QM0JgKWg9FnYbsZgmHo=
 sigs.k8s.io/gateway-api v0.6.1 h1:d/nIkhtbU0zVoFsriKi8lXwBYKNopz3EGeSwDqxeTRs=
 sigs.k8s.io/gateway-api v0.6.1/go.mod h1:EYJT+jlPWTeNskjV0JTki/03WX1cyAnBhwBJfYHpV/0=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=