Promote DisableDNSProviderManagement to GA

[MartinWeindel]

How to categorize this PR?

/area open-source
/kind cleanup

What this PR does / why we need it:
The DisableDNSProviderManagement feature gate is promoted to GA and is now unconditionally enabled.
Code has been cleaned up regarding usage of DNSEntry and DNSProvider which is not used anymore since UseDNSRecord was promoted to GA or now with promotion of DisableDNSProviderManagement.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:
Follow-up of #6142
Part of #5270

Release note:

The `DisableDNSProviderManagement` feature gate has been promoted to GA and is now unconditionally enabled. If the `shoot-dns-service` extension is deployed, please make sure following prerequistes are given for a smoothly transition:
 - The `shoot-dns-service` extension must be installed in a version >= `v1.20.0`.
 - The controller deployment of the `shoot-dns-service` sets `providerConfig.values.dnsProviderManagement.enabled=true`
 - Its admission controller (`gardener-extension-admission-shoot-dns-service`) is deployed on the garden cluster
 - the `dns-external` extension must still be installed

[vpnachev]

/uncc

[ary1992]

/assign

[rfranzke]

There are a few more occurrences of the external-dns-management dependency. What about them? Can they be dropped as well now?

[MartinWeindel]

I still have problems to run the e2e tests locally to understand the failure of the managed seed test.

There are a few more occurrences of the external-dns-management dependency. What about them? Can they be dropped as well now?

I will take a look at them after I fixed the e2e test. Any hint is welcome.

[ary1992]

Thank you for the PR!.
While doing joint review with @acumino, we have the following comments:

gardener/example/20-componentconfig-gardenlet.yaml

Line 124 in d19de58

DisableDNSProviderManagement: false

DisableDNSProviderManagement should be set to true or this can be removed.

gardener/pkg/features/features.go

Line 113 in b7d9ffa

// beta: v1.50

// GA: v1.52.0 needs to be added after this line.

gardener/docs/extensions/dns.md

Lines 76 to 102 in 788e942

	```yaml
	apiVersion: dns.gardener.cloud/v1alpha1
	kind: DNSProvider
	...
	status:
	state: Ready
	message: everything ok
	```
	Other possible states are `Pending`, `Error`, and `Invalid`.
	The DNS controller may provide an explanation of the `.status.state` in the `.status.message` field.
	Now Gardener may create `DNSEntry` objects that represent the ask to create an actual external DNS record:
	```yaml
	---
	apiVersion: dns.gardener.cloud/v1alpha1
	kind: DNSEntry
	metadata:
	name: dns
	namespace: default
	spec:
	dnsName: apiserver.cluster1.dev.my-fancy-domain.com
	ttl: 600
	targets:
	- 8.8.8.8
	```

Do we still need these in the documents ?

[MartinWeindel]

Thank you for the PR!. While doing joint review with @acumino, we have the following comments:

...

@ary1992 Thanks for your review. All requested changes have been addressed.
The failing e2e test ManagedSeeds worked for me locally, let's wait and see if Prow gets the same result.

[MartinWeindel]

There are a few more occurrences of the external-dns-management dependency. What about them? Can they be dropped as well now?

@rfranzke

The remaining external-dns-management imports are related to the calculation of the required extensions.
The DNSProvider related parts cannot be dropped without loosing the ControllerInstallations for the dns-external extension. It is still needed for the shoot-dns-service and shoot-cert-service.
I see three alternatives:

• Provide some dependency mechanism for extensions to other extensions. I.e if shoot-dns-service is installed, also install the dns-external extension.
• Change the deployment policy to Always in its ControllerRegistration
• The dns-controller-manager could be deployed by the shoot-dns-service. But this would cause substantial migration, configuration and testing efforts.

We need also to discuss which component should be responsible for deploying the CRDs for DNSProvider, DNSEntry, and DNSOwner.

[rfranzke]

@MartinWeindel I think we should drop support for registering external-dns-management via ControllerRegistration since it's no longer a supported extension for Gardener (only indirectly via shoot-dns-service).

I think the clean solution would be that shoot-dns-service itself deploys external-dns-management. Introducing a dependency mechanism or using Always policy are workarounds FMPOV. If you think this is too much of an effort for now, then I propose to go ahead with Always deployment policy of external-dns-management but remove all .spec.resources from the ControllerRegistration (Gardener shall not understand DNSProvider any longer).

We need also to discuss which component should be responsible for deploying the CRDs for DNSProvider, DNSEntry, and DNSOwner.

Same like above, it should be shoot-dns-service.

[MartinWeindel]

@rfranzke
I suggest to move the cleanup work for the DNSProvider registration to a separate PR, after either the ControllerRegistration has been changed to policy Always or the deployment has moved completely to the shoot-dns-service extension.

[rfranzke]

@rfranzke I suggest to move the cleanup work for the DNSProvider registration to a separate PR, after either the ControllerRegistration has been changed to policy Always or the deployment has moved completely to the shoot-dns-service extension.

Sure. For now, probably it makes sense to still document (or at least announce via release note) that external-dns-management must still be registered as an extension via dedicated ControllerRegistration in case shoot-dns-service is used.

[ary1992]

Thank you for the PR!. While doing joint review with @acumino, we have the following comments:
...

@ary1992 Thanks for your review. All requested changes have been addressed. The failing e2e test ManagedSeeds worked for me locally, let's wait and see if Prow gets the same result.

Thank you for the changes. I don't have any further comments. Please rebase the PR.
/lgtm

[rfranzke]

ping @MartinWeindel, please rebase so that we can go ahead with this PR

[rfranzke]

/assign

[rfranzke]

We don't need this struct anymore now, or?

[MartinWeindel]

The struct still has one field record used to create the managed Ingress DNSRecord.
See https://github.com/gardener/gardener/blob/master/pkg/operation/seed/seed.go#L1615

[rfranzke]

Making it more clear: My point was about dropping

gardener/pkg/operation/seed/types.go

Lines 46 to 51 in 5ac7715

	// DNS contains all necessary DNS components for the Seed cluster.
	type DNS struct {
	entry component.DeployWaiter
	owner component.DeployWaiter
	record component.DeployMigrateWaiter
	}

and changing

gardener/pkg/operation/seed/types.go

Lines 41 to 44 in 5ac7715

	// Components contains different components deployed in the Seed cluster.
	type Components struct {
	dns *DNS
	}

to

// Components contains different components deployed in the Seed cluster.[29 days ago • Tim Usner [Add CA rotation support for multi-node etcd c…]](https://sourcegraph.com/github.com/gardener/gardener/-/commit/bdd5621e4e882be510d08ae01bc1f7774803efbb)
type Components struct {
	dnsRecord component. DeployMigrateWaiter
}

[MartinWeindel]

done

[rfranzke]

/lgtm
/approve

Thank you @MartinWeindel !

[gardener-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rfranzke

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [rfranzke]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[rfranzke]

/milestone v1.52