Create one DNS nameserver per workspace

cmd/syncer/cmd/dns.go

@@ -19,10 +19,13 @@ package cmd
 import (
 	"github.com/spf13/cobra"
 
+	synceroptions "github.com/kcp-dev/kcp/cmd/syncer/options"
+	"github.com/kcp-dev/kcp/pkg/dns/plugin/nsmap"
 	"github.com/kcp-dev/kcp/third_party/coredns/coremain"
 )
 
 func NewDNSCommand() *cobra.Command {
+	options := synceroptions.NewDNSOptions()
 	dnsCommand := &cobra.Command{
 		Use:   "dns",
 		Short: "Manage kcp dns server",
@@ -33,10 +36,20 @@ func NewDNSCommand() *cobra.Command {
 		Short: "Start the kcp dns server",
 
 		RunE: func(cmd *cobra.Command, args []string) error {
+			if err := options.Complete(); err != nil {
+				return err
+			}
+			if err := options.Validate(); err != nil {
+				return err
+			}
+
+			nsmap.ConfigMapName = options.ConfigMapName
+
 			coremain.Start()
 			return nil
 		},
 	}
+	options.AddFlags(startCmd.Flags())
 
 	dnsCommand.AddCommand(startCmd)
 

cmd/syncer/cmd/syncer.go

@@ -114,7 +114,7 @@ func Run(ctx context.Context, options *synceroptions.Options) error {
 			SyncTargetWorkspace: logicalcluster.New(options.FromClusterName),
 			SyncTargetName:      options.SyncTargetName,
 			SyncTargetUID:       options.SyncTargetUID,
-			DNSServer:           options.DNSServer,
+			DNSImage:            options.DNSImage,
 		},
 		numThreads,
 		options.APIImportPollInterval,

cmd/syncer/options/dnsoptions.go

@@ -0,0 +1,47 @@
+/*
+Copyright 2022 The KCP Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package options
+
+import (
+	"errors"
+
+	"github.com/spf13/pflag"
+)
+
+type DNSOptions struct {
+	ConfigMapName string
+}
+
+func NewDNSOptions() *DNSOptions {
+	return &DNSOptions{}
+}
+
+func (options *DNSOptions) AddFlags(fs *pflag.FlagSet) {
+	fs.StringVar(&options.ConfigMapName, "configmap-name", options.ConfigMapName, "name of the ConfigMap containing namespace mappings")
+}
+
+func (options *DNSOptions) Complete() error {
+	return nil
+}
+
+func (options *DNSOptions) Validate() error {
+	if options.ConfigMapName == "" {
+		return errors.New("--configmap-name is required")
+	}
+
+	return nil
+}

cmd/syncer/options/options.go

@@ -43,7 +43,7 @@ type Options struct {
 	SyncTargetUID       string
 	Logs                *logs.Options
 	SyncedResourceTypes []string
-	DNSServer           string
+	DNSImage            string
 
 	APIImportPollInterval time.Duration
 }
@@ -78,7 +78,7 @@ func (options *Options) AddFlags(fs *pflag.FlagSet) {
 	fs.Var(kcpfeatures.NewFlagValue(), "feature-gates", ""+
 		"A set of key=value pairs that describe feature gates for alpha/experimental features. "+
 		"Options are:\n"+strings.Join(kcpfeatures.KnownFeatures(), "\n")) // hide kube-only gates
-	fs.StringVar(&options.DNSServer, "dns", options.DNSServer, "kcp DNS server name.")
+	fs.StringVar(&options.DNSImage, "dns-image", options.DNSImage, "kcp DNS server image.")
 
 	options.Logs.AddFlags(fs)
 }

hack/logcheck.out

@@ -33,8 +33,8 @@
 /pkg/admission/webhook/generic_webhook.go:142:5: function "Errorf" should not be used, convert to contextual logging
 /pkg/admission/webhook/generic_webhook.go:172:4: function "Errorf" should not be used, convert to contextual logging
 /pkg/authorization/delegated/authorizer.go:45:3: function "Errorf" should not be used, convert to contextual logging
-/pkg/cliplugins/workload/plugin/sync.go:591:4: function "Infof" should not be used, convert to contextual logging
-/pkg/cliplugins/workload/plugin/sync.go:591:4: function "V" should not be used, convert to contextual logging
+/pkg/cliplugins/workload/plugin/sync.go:592:4: function "Infof" should not be used, convert to contextual logging
+/pkg/cliplugins/workload/plugin/sync.go:592:4: function "V" should not be used, convert to contextual logging
 /pkg/dns/plugin/nsmap/namespace.go:68:2: function "Info" should not be used, convert to contextual logging
 /pkg/dns/plugin/nsmap/namespace.go:68:2: function "V" should not be used, convert to contextual logging
 /pkg/embeddedetcd/server.go:44:2: function "Info" should not be used, convert to contextual logging
@@ -97,28 +97,33 @@
 /pkg/server/home_workspaces.go:352:5: Additional arguments to WithValues should always be Key Value pairs. Please check if there is any key or value missing.
 /pkg/server/home_workspaces.go:638:6: Additional arguments to WithValues should always be Key Value pairs. Please check if there is any key or value missing.
 /pkg/server/options/controllers.go:54:3: function "Fatal" should not be used, convert to contextual logging
-/pkg/syncer/namespace/namespace_downstream_process.go:44:11: Key positional arguments are expected to be inlined constant strings. Please replace DownstreamNamespace provided with string value.
-/pkg/syncer/namespace/namespace_downstream_process.go:83:11: Key positional arguments are expected to be inlined constant strings. Please replace &{logging NamespaceKey} provided with string value.
-/pkg/syncer/namespace/namespace_downstream_process.go:83:11: Key positional arguments are expected to be inlined constant strings. Please replace &{logging WorkspaceKey} provided with string value.
+/pkg/syncer/namespace/namespace_downstream_process.go:45:11: Key positional arguments are expected to be inlined constant strings. Please replace DownstreamNamespace provided with string value.
+/pkg/syncer/namespace/namespace_downstream_process.go:90:11: Key positional arguments are expected to be inlined constant strings. Please replace &{logging NamespaceKey} provided with string value.
+/pkg/syncer/namespace/namespace_downstream_process.go:90:11: Key positional arguments are expected to be inlined constant strings. Please replace &{logging WorkspaceKey} provided with string value.
 /pkg/syncer/namespace/namespace_upstream_process.go:41:11: Key positional arguments are expected to be inlined constant strings. Please replace &{logging NameKey} provided with string value.
 /pkg/syncer/namespace/namespace_upstream_process.go:41:11: Key positional arguments are expected to be inlined constant strings. Please replace &{logging WorkspaceKey} provided with string value.
 /pkg/syncer/namespace/namespace_upstream_process.go:79:11: Key positional arguments are expected to be inlined constant strings. Please replace DownstreamNamespace provided with string value.
-/pkg/syncer/spec/spec_controller.go:145:16: Key positional arguments are expected to be inlined constant strings. Please replace DownstreamName provided with string value.
-/pkg/syncer/spec/spec_controller.go:145:16: Key positional arguments are expected to be inlined constant strings. Please replace DownstreamNamespace provided with string value.
+/pkg/syncer/spec/spec_controller.go:179:16: Key positional arguments are expected to be inlined constant strings. Please replace DownstreamName provided with string value.
+/pkg/syncer/spec/spec_controller.go:179:16: Key positional arguments are expected to be inlined constant strings. Please replace DownstreamNamespace provided with string value.
 /pkg/syncer/spec/spec_process.go:117:11: Key positional arguments are expected to be inlined constant strings. Please replace &{logging NameKey} provided with string value.
 /pkg/syncer/spec/spec_process.go:117:11: Key positional arguments are expected to be inlined constant strings. Please replace &{logging NamespaceKey} provided with string value.
 /pkg/syncer/spec/spec_process.go:117:11: Key positional arguments are expected to be inlined constant strings. Please replace &{logging WorkspaceKey} provided with string value.
 /pkg/syncer/spec/spec_process.go:135:4: Key positional arguments are expected to be inlined constant strings. Please replace DownstreamName provided with string value.
 /pkg/syncer/spec/spec_process.go:153:11: Key positional arguments are expected to be inlined constant strings. Please replace DownstreamNamespace provided with string value.
-/pkg/syncer/spec/spec_process.go:358:11: Key positional arguments are expected to be inlined constant strings. Please replace DownstreamName provided with string value.
+/pkg/syncer/spec/spec_process.go:364:11: Key positional arguments are expected to be inlined constant strings. Please replace DownstreamName provided with string value.
+/pkg/syncer/spec/spec_process.go:539:1: A function should accept either a context or a logger, but not both. Having both makes calling the function harder because it must be defined whether the context must contain the logger and callers have to follow that.
+/pkg/syncer/spec/spec_process.go:556:1: A function should accept either a context or a logger, but not both. Having both makes calling the function harder because it must be defined whether the context must contain the logger and callers have to follow that.
+/pkg/syncer/spec/spec_process.go:573:1: A function should accept either a context or a logger, but not both. Having both makes calling the function harder because it must be defined whether the context must contain the logger and callers have to follow that.
+/pkg/syncer/spec/spec_process.go:590:1: A function should accept either a context or a logger, but not both. Having both makes calling the function harder because it must be defined whether the context must contain the logger and callers have to follow that.
+/pkg/syncer/spec/spec_process.go:607:1: A function should accept either a context or a logger, but not both. Having both makes calling the function harder because it must be defined whether the context must contain the logger and callers have to follow that.
 /pkg/syncer/status/status_process.go:137:11: Key positional arguments are expected to be inlined constant strings. Please replace &{logging NameKey} provided with string value.
 /pkg/syncer/status/status_process.go:137:11: Key positional arguments are expected to be inlined constant strings. Please replace &{logging NamespaceKey} provided with string value.
 /pkg/syncer/status/status_process.go:137:11: Key positional arguments are expected to be inlined constant strings. Please replace &{logging WorkspaceKey} provided with string value.
 /pkg/syncer/status/status_process.go:67:11: Key positional arguments are expected to be inlined constant strings. Please replace DownstreamName provided with string value.
 /pkg/syncer/status/status_process.go:67:11: Key positional arguments are expected to be inlined constant strings. Please replace DownstreamNamespace provided with string value.
-/pkg/syncer/syncer.go:168:11: Key positional arguments are expected to be inlined constant strings. Please replace SyncTargetKey provided with string value.
-/pkg/syncer/syncer.go:80:11: Key positional arguments are expected to be inlined constant strings. Please replace SyncTargetName provided with string value.
-/pkg/syncer/syncer.go:80:11: Key positional arguments are expected to be inlined constant strings. Please replace SyncTargetWorkspace provided with string value.
+/pkg/syncer/syncer.go:185:11: Key positional arguments are expected to be inlined constant strings. Please replace SyncTargetKey provided with string value.
+/pkg/syncer/syncer.go:81:11: Key positional arguments are expected to be inlined constant strings. Please replace SyncTargetName provided with string value.
+/pkg/syncer/syncer.go:81:11: Key positional arguments are expected to be inlined constant strings. Please replace SyncTargetWorkspace provided with string value.
 /pkg/tunneler/dialer.go:148:8: function "Infof" should not be used, convert to contextual logging
 /pkg/tunneler/dialer.go:148:8: function "V" should not be used, convert to contextual logging
 /pkg/tunneler/listener.go:157:3: function "Infof" should not be used, convert to contextual logging

pkg/cliplugins/workload/plugin/sync.go

@@ -66,6 +66,7 @@ var embeddedResources embed.FS
 const (
 	SyncerSecretConfigKey   = "kubeconfig"
 	SyncerIDPrefix          = "kcp-syncer-"
+	DNSIDPrefix             = "kcp-dns-"
 	MaxSyncTargetNameLength = validation.DNS1123SubdomainMaxLength - (9 + len(SyncerIDPrefix))
 )
 
@@ -174,7 +175,8 @@ func (o *SyncOptions) Validate() error {
 		errs = append(errs, errors.New("--output-file is required"))
 	}
 
-	if len(o.SyncTargetName)+len(SyncerIDPrefix)+8 > 254 {
+	// see pkg/syncer/shared/GetDNSID
+	if len(o.SyncTargetName)+len(DNSIDPrefix)+8+8+2 > 254 {
 		errs = append(errs, fmt.Errorf("the maximum length of the sync-target-name is %d", MaxSyncTargetNameLength))
 	}
 
@@ -687,21 +689,17 @@ type templateArgs struct {
 	// ServiceAccount is the name of the service account to create in the syncer
 	// namespace on the pcluster.
 	ServiceAccount string
-	// DNSServiceAccount is the name of the DNS service account to create in the syncer
-	// namespace on the pcluster.
-	DNSServiceAccount string
 	// ClusterRole is the name of the cluster role to create for the syncer on the
 	// pcluster.
 	ClusterRole string
-	// ClusterRoleBinding is the name of the DNS cluster role binding to create for the
-	// syncer on the pcluster.
-	DNSClusterRole string
 	// ClusterRoleBinding is the name of the cluster role binding to create for the
 	// syncer on the pcluster.
 	ClusterRoleBinding string
-	// ClusterRoleBinding is the name of the DNS cluster role binding to create for the
+	// DnsRole is the name of the DNS role to create for the syncer on the pcluster.
+	DNSRole string
+	// DNSRoleBinding is the name of the DNS role binding to create for the
 	// syncer on the pcluster.
-	DNSClusterRoleBinding string
+	DNSRoleBinding string
 	// GroupMappings is the mapping of api group to resources that will be used to
 	// define the cluster role rules for the syncer in the pcluster. The syncer will be
 	// granted full permissions for the resources it will synchronize.
@@ -718,8 +716,6 @@ type templateArgs struct {
 	// DeploymentApp is the label value that the syncer's deployment will select its
 	// pods with.
 	DeploymentApp string
-	// DNSAppName is the name of the deployment that will run the kcp dns resolver
-	DNSAppName string
 }
 
 // renderSyncerResources renders the resources required to deploy a syncer to a pcluster.
@@ -731,19 +727,17 @@ func renderSyncerResources(input templateInput, syncerID string, resourceForPerm
 	dnsSyncerID := strings.Replace(syncerID, "syncer", "dns", 1)
 
 	tmplArgs := templateArgs{
-		templateInput:         input,
-		ServiceAccount:        syncerID,
-		DNSServiceAccount:     dnsSyncerID,
-		ClusterRole:           syncerID,
-		DNSClusterRole:        dnsSyncerID,
-		ClusterRoleBinding:    syncerID,
-		DNSClusterRoleBinding: dnsSyncerID,
-		GroupMappings:         getGroupMappings(resourceForPermission),
-		Secret:                syncerID,
-		SecretConfigKey:       SyncerSecretConfigKey,
-		Deployment:            syncerID,
-		DeploymentApp:         syncerID,
-		DNSAppName:            dnsSyncerID,
+		templateInput:      input,
+		ServiceAccount:     syncerID,
+		ClusterRole:        syncerID,
+		ClusterRoleBinding: syncerID,
+		DNSRole:            dnsSyncerID,
+		DNSRoleBinding:     dnsSyncerID,
+		GroupMappings:      getGroupMappings(resourceForPermission),
+		Secret:             syncerID,
+		SecretConfigKey:    SyncerSecretConfigKey,
+		Deployment:         syncerID,
+		DeploymentApp:      syncerID,
 	}
 
 	syncerTemplate, err := embeddedResources.ReadFile("syncer.yaml")