source: explicitly handle default annotations

This commit fixes a bug that causes the Cloudflare provider to delete
and recreate all records every minute.
The controller is running into trouble when reconciling endpoints with
values with implicit defaults. This is caused because the providers
produce records with all values explicitly set, however the sources
generate endpoints with implicit provider-specific values, i.e. when an
annotation is not set. This causes the planner to always detect a diff.

xref: #1540

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>

main.go

@@ -120,6 +120,7 @@ func main() {
 		ContourLoadBalancerService:     cfg.ContourLoadBalancerService,
 		SkipperRouteGroupVersion:       cfg.SkipperRouteGroupVersion,
 		RequestTimeout:                 cfg.RequestTimeout,
+		DefaultAnnotations:             source.DefaultAnnotations(cfg.CloudflareProxied),
 	}
 
 	// Lookup all the selected sources by names and pass them the desired configuration.
@@ -194,7 +195,7 @@ func main() {
 	case "vultr":
 		p, err = vultr.NewVultrProvider(domainFilter, cfg.DryRun)
 	case "cloudflare":
-		p, err = cloudflare.NewCloudFlareProvider(domainFilter, zoneIDFilter, cfg.CloudflareZonesPerPage, cfg.CloudflareProxied, cfg.DryRun)
+		p, err = cloudflare.NewCloudFlareProvider(domainFilter, zoneIDFilter, cfg.CloudflareZonesPerPage, cfg.DryRun)
 	case "rcodezero":
 		p, err = rcode0.NewRcodeZeroProvider(domainFilter, cfg.DryRun, cfg.RcodezeroTXTEncrypt)
 	case "google":

provider/cloudflare/cloudflare.go

@@ -105,7 +105,6 @@ type CloudFlareProvider struct {
 	// only consider hosted zones managing domains ending in this suffix
 	domainFilter      endpoint.DomainFilter
 	zoneIDFilter      provider.ZoneIDFilter
-	proxiedByDefault  bool
 	DryRun            bool
 	PaginationOptions cloudflare.PaginationOptions
 }
@@ -117,7 +116,7 @@ type cloudFlareChange struct {
 }
 
 // NewCloudFlareProvider initializes a new CloudFlare DNS based Provider.
-func NewCloudFlareProvider(domainFilter endpoint.DomainFilter, zoneIDFilter provider.ZoneIDFilter, zonesPerPage int, proxiedByDefault bool, dryRun bool) (*CloudFlareProvider, error) {
+func NewCloudFlareProvider(domainFilter endpoint.DomainFilter, zoneIDFilter provider.ZoneIDFilter, zonesPerPage int, dryRun bool) (*CloudFlareProvider, error) {
 	// initialize via chosen auth method and returns new API object
 	var (
 		config *cloudflare.API
@@ -133,11 +132,10 @@ func NewCloudFlareProvider(domainFilter endpoint.DomainFilter, zoneIDFilter prov
 	}
 	provider := &CloudFlareProvider{
 		//Client: config,
-		Client:           zoneService{config},
-		domainFilter:     domainFilter,
-		zoneIDFilter:     zoneIDFilter,
-		proxiedByDefault: proxiedByDefault,
-		DryRun:           dryRun,
+		Client:       zoneService{config},
+		domainFilter: domainFilter,
+		zoneIDFilter: zoneIDFilter,
+		DryRun:       dryRun,
 		PaginationOptions: cloudflare.PaginationOptions{
 			PerPage: zonesPerPage,
 			Page:    1,
@@ -200,13 +198,16 @@ func (p *CloudFlareProvider) Records(ctx context.Context) ([]*endpoint.Endpoint,
 
 // ApplyChanges applies a given set of changes in a given zone.
 func (p *CloudFlareProvider) ApplyChanges(ctx context.Context, changes *plan.Changes) error {
-	proxiedByDefault := p.proxiedByDefault
+	for i := range changes.UpdateOld {
+		fmt.Println(changes.UpdateOld[i].String())
+		fmt.Println(changes.UpdateNew[i].String())
+	}
 
 	combinedChanges := make([]*cloudFlareChange, 0, len(changes.Create)+len(changes.UpdateNew)+len(changes.Delete))
 
-	combinedChanges = append(combinedChanges, newCloudFlareChanges(cloudFlareCreate, changes.Create, proxiedByDefault)...)
-	combinedChanges = append(combinedChanges, newCloudFlareChanges(cloudFlareUpdate, changes.UpdateNew, proxiedByDefault)...)
-	combinedChanges = append(combinedChanges, newCloudFlareChanges(cloudFlareDelete, changes.Delete, proxiedByDefault)...)
+	combinedChanges = append(combinedChanges, newCloudFlareChanges(cloudFlareCreate, changes.Create)...)
+	combinedChanges = append(combinedChanges, newCloudFlareChanges(cloudFlareUpdate, changes.UpdateNew)...)
+	combinedChanges = append(combinedChanges, newCloudFlareChanges(cloudFlareDelete, changes.Delete)...)
 
 	return p.submitChanges(ctx, combinedChanges)
 }
@@ -305,19 +306,19 @@ func (p *CloudFlareProvider) getRecordIDs(records []cloudflare.DNSRecord, record
 }
 
 // newCloudFlareChanges returns a collection of Changes based on the given records and action.
-func newCloudFlareChanges(action string, endpoints []*endpoint.Endpoint, proxiedByDefault bool) []*cloudFlareChange {
+func newCloudFlareChanges(action string, endpoints []*endpoint.Endpoint) []*cloudFlareChange {
 	changes := make([]*cloudFlareChange, 0, len(endpoints))
 
 	for _, endpoint := range endpoints {
-		changes = append(changes, newCloudFlareChange(action, endpoint, proxiedByDefault))
+		changes = append(changes, newCloudFlareChange(action, endpoint))
 	}
 
 	return changes
 }
 
-func newCloudFlareChange(action string, endpoint *endpoint.Endpoint, proxiedByDefault bool) *cloudFlareChange {
+func newCloudFlareChange(action string, endpoint *endpoint.Endpoint) *cloudFlareChange {
 	ttl := defaultCloudFlareRecordTTL
-	proxied := shouldBeProxied(endpoint, proxiedByDefault)
+	proxied := shouldBeProxied(endpoint)
 
 	if endpoint.RecordTTL.IsConfigured() {
 		ttl = int(endpoint.RecordTTL)
@@ -341,8 +342,8 @@ func newCloudFlareChange(action string, endpoint *endpoint.Endpoint, proxiedByDe
 	}
 }
 
-func shouldBeProxied(endpoint *endpoint.Endpoint, proxiedByDefault bool) bool {
-	proxied := proxiedByDefault
+func shouldBeProxied(endpoint *endpoint.Endpoint) bool {
+	var proxied bool
 
 	for _, v := range endpoint.ProviderSpecific {
 		if v.Name == source.CloudflareProxiedKey {

provider/cloudflare/cloudflare_test.go

@@ -346,30 +346,6 @@ func TestCloudflareCustomTTL(t *testing.T) {
 	})
 }
 
-func TestCloudflareProxiedDefault(t *testing.T) {
-	endpoints := []*endpoint.Endpoint{
-		{
-			RecordType: "A",
-			DNSName:    "bar.com",
-			Targets:    endpoint.Targets{"127.0.0.1"},
-		},
-	}
-
-	AssertActions(t, &CloudFlareProvider{proxiedByDefault: true}, endpoints, []MockAction{
-		{
-			Name:   "Create",
-			ZoneId: "001",
-			RecordData: cloudflare.DNSRecord{
-				Type:    "A",
-				Name:    "bar.com",
-				Content: "127.0.0.1",
-				TTL:     1,
-				Proxied: true,
-			},
-		},
-	})
-}
-
 func TestCloudflareProxiedOverrideTrue(t *testing.T) {
 	endpoints := []*endpoint.Endpoint{
 		{
@@ -415,7 +391,7 @@ func TestCloudflareProxiedOverrideFalse(t *testing.T) {
 		},
 	}
 
-	AssertActions(t, &CloudFlareProvider{proxiedByDefault: true}, endpoints, []MockAction{
+	AssertActions(t, &CloudFlareProvider{}, endpoints, []MockAction{
 		{
 			Name:   "Create",
 			ZoneId: "001",
@@ -445,7 +421,7 @@ func TestCloudflareProxiedOverrideIllegal(t *testing.T) {
 		},
 	}
 
-	AssertActions(t, &CloudFlareProvider{proxiedByDefault: true}, endpoints, []MockAction{
+	AssertActions(t, &CloudFlareProvider{}, endpoints, []MockAction{
 		{
 			Name:   "Create",
 			ZoneId: "001",
@@ -454,7 +430,7 @@ func TestCloudflareProxiedOverrideIllegal(t *testing.T) {
 				Name:    "bar.com",
 				Content: "127.0.0.1",
 				TTL:     1,
-				Proxied: true,
+				Proxied: false,
 			},
 		},
 	})
@@ -558,8 +534,7 @@ func TestCloudflareProvider(t *testing.T) {
 		endpoint.NewDomainFilter([]string{"bar.com"}),
 		provider.NewZoneIDFilter([]string{""}),
 		25,
-		false,
-		true)
+		false)
 	if err != nil {
 		t.Errorf("should not fail, %s", err)
 	}
@@ -570,8 +545,7 @@ func TestCloudflareProvider(t *testing.T) {
 		endpoint.NewDomainFilter([]string{"bar.com"}),
 		provider.NewZoneIDFilter([]string{""}),
 		1,
-		false,
-		true)
+		false)
 	if err != nil {
 		t.Errorf("should not fail, %s", err)
 	}
@@ -581,8 +555,7 @@ func TestCloudflareProvider(t *testing.T) {
 		endpoint.NewDomainFilter([]string{"bar.com"}),
 		provider.NewZoneIDFilter([]string{""}),
 		50,
-		false,
-		true)
+		false)
 	if err == nil {
 		t.Errorf("expected to fail")
 	}

source/gateway.go

@@ -50,6 +50,7 @@ type gatewaySource struct {
 	combineFQDNAnnotation    bool
 	ignoreHostnameAnnotation bool
 	serviceInformer          coreinformers.ServiceInformer
+	defaultAnnotations       map[string]string
 }
 
 // NewIstioGatewaySource creates a new gatewaySource with the given config.
@@ -61,6 +62,7 @@ func NewIstioGatewaySource(
 	fqdnTemplate string,
 	combineFqdnAnnotation bool,
 	ignoreHostnameAnnotation bool,
+	defaultAnnotations map[string]string,
 ) (Source, error) {
 	var (
 		tmpl *template.Template
@@ -110,6 +112,7 @@ func NewIstioGatewaySource(
 		combineFQDNAnnotation:    combineFqdnAnnotation,
 		ignoreHostnameAnnotation: ignoreHostnameAnnotation,
 		serviceInformer:          serviceInformer,
+		defaultAnnotations:       defaultAnnotations,
 	}, nil
 }
 
@@ -200,7 +203,7 @@ func (sc *gatewaySource) endpointsFromTemplate(config *istiomodel.Config) ([]*en
 		}
 	}
 
-	providerSpecific, setIdentifier := getProviderSpecificAnnotations(config.Annotations)
+	providerSpecific, setIdentifier := getProviderSpecificAnnotations(annotationsWithDefaults(config.Annotations, sc.defaultAnnotations))
 
 	var endpoints []*endpoint.Endpoint
 	// splits the FQDN template and removes the trailing periods
@@ -300,7 +303,7 @@ func (sc *gatewaySource) endpointsFromGatewayConfig(config istiomodel.Config) ([
 
 	gateway := config.Spec.(*istionetworking.Gateway)
 
-	providerSpecific, setIdentifier := getProviderSpecificAnnotations(config.Annotations)
+	providerSpecific, setIdentifier := getProviderSpecificAnnotations(annotationsWithDefaults(config.Annotations, sc.defaultAnnotations))
 
 	for _, server := range gateway.Servers {
 		for _, host := range server.Hosts {

source/gateway_test.go

@@ -79,6 +79,7 @@ func (suite *GatewaySuite) SetupTest() {
 		"{{.Name}}",
 		false,
 		false,
+		DefaultAnnotations(false),
 	)
 	suite.NoError(err, "should initialize gateway source")
 
@@ -152,6 +153,7 @@ func TestNewIstioGatewaySource(t *testing.T) {
 				ti.fqdnTemplate,
 				ti.combineFQDNAndAnnotation,
 				false,
+				DefaultAnnotations(false),
 			)
 			if ti.expectError {
 				assert.Error(t, err)
@@ -1113,6 +1115,7 @@ func testGatewayEndpoints(t *testing.T) {
 				ti.fqdnTemplate,
 				ti.combineFQDNAndAnnotation,
 				ti.ignoreHostnameAnnotation,
+				DefaultAnnotations(false),
 			)
 			require.NoError(t, err)
 
@@ -1149,6 +1152,7 @@ func newTestGatewaySource(loadBalancerList []fakeIngressGatewayService) (*gatewa
 		"{{.Name}}",
 		false,
 		false,
+		DefaultAnnotations(false),
 	)
 	if err != nil {
 		return nil, err

source/ingress.go

@@ -57,10 +57,11 @@ type ingressSource struct {
 	ignoreHostnameAnnotation bool
 	ingressInformer          extinformers.IngressInformer
 	runner                   *async.BoundedFrequencyRunner
+	defaultAnnotations       map[string]string
 }
 
 // NewIngressSource creates a new ingressSource with the given config.
-func NewIngressSource(kubeClient kubernetes.Interface, namespace, annotationFilter string, fqdnTemplate string, combineFqdnAnnotation bool, ignoreHostnameAnnotation bool) (Source, error) {
+func NewIngressSource(kubeClient kubernetes.Interface, namespace, annotationFilter string, fqdnTemplate string, combineFqdnAnnotation bool, ignoreHostnameAnnotation bool, defaultAnnotations map[string]string) (Source, error) {
 	var (
 		tmpl *template.Template
 		err  error
@@ -106,6 +107,7 @@ func NewIngressSource(kubeClient kubernetes.Interface, namespace, annotationFilt
 		combineFQDNAnnotation:    combineFqdnAnnotation,
 		ignoreHostnameAnnotation: ignoreHostnameAnnotation,
 		ingressInformer:          ingressInformer,
+		defaultAnnotations:       defaultAnnotations,
 	}
 	return sc, nil
 }
@@ -133,7 +135,7 @@ func (sc *ingressSource) Endpoints() ([]*endpoint.Endpoint, error) {
 			continue
 		}
 
-		ingEndpoints := endpointsFromIngress(ing, sc.ignoreHostnameAnnotation)
+		ingEndpoints := sc.endpointsFromIngress(ing, sc.ignoreHostnameAnnotation)
 
 		// apply template if host is missing on ingress
 		if (sc.combineFQDNAnnotation || len(ingEndpoints) == 0) && sc.fqdnTemplate != nil {
@@ -188,7 +190,7 @@ func (sc *ingressSource) endpointsFromTemplate(ing *v1beta1.Ingress) ([]*endpoin
 		targets = targetsFromIngressStatus(ing.Status)
 	}
 
-	providerSpecific, setIdentifier := getProviderSpecificAnnotations(ing.Annotations)
+	providerSpecific, setIdentifier := getProviderSpecificAnnotations(annotationsWithDefaults(ing.Annotations, sc.defaultAnnotations))
 
 	var endpoints []*endpoint.Endpoint
 	// splits the FQDN template and removes the trailing periods
@@ -241,7 +243,7 @@ func (sc *ingressSource) setDualstackLabel(ingress *v1beta1.Ingress, endpoints [
 }
 
 // endpointsFromIngress extracts the endpoints from ingress object
-func endpointsFromIngress(ing *v1beta1.Ingress, ignoreHostnameAnnotation bool) []*endpoint.Endpoint {
+func (sc *ingressSource) endpointsFromIngress(ing *v1beta1.Ingress, ignoreHostnameAnnotation bool) []*endpoint.Endpoint {
 	var endpoints []*endpoint.Endpoint
 
 	ttl, err := getTTLFromAnnotations(ing.Annotations)
@@ -255,7 +257,7 @@ func endpointsFromIngress(ing *v1beta1.Ingress, ignoreHostnameAnnotation bool) [
 		targets = targetsFromIngressStatus(ing.Status)
 	}
 
-	providerSpecific, setIdentifier := getProviderSpecificAnnotations(ing.Annotations)
+	providerSpecific, setIdentifier := getProviderSpecificAnnotations(annotationsWithDefaults(ing.Annotations, sc.defaultAnnotations))
 
 	for _, rule := range ing.Spec.Rules {
 		if rule.Host == "" {

source/ingress_test.go

@@ -52,6 +52,7 @@ func (suite *IngressSuite) SetupTest() {
 		"{{.Name}}",
 		false,
 		false,
+		DefaultAnnotations(false),
 	)
 	suite.NoError(err, "should initialize ingress source")
 
@@ -134,6 +135,7 @@ func TestNewIngressSource(t *testing.T) {
 				ti.fqdnTemplate,
 				ti.combineFQDNAndAnnotation,
 				false,
+				DefaultAnnotations(false),
 			)
 			if ti.expectError {
 				assert.Error(t, err)
@@ -221,7 +223,7 @@ func testEndpointsFromIngress(t *testing.T) {
 	} {
 		t.Run(ti.title, func(t *testing.T) {
 			realIngress := ti.ingress.Ingress()
-			validateEndpoints(t, endpointsFromIngress(realIngress, false), ti.expected)
+			validateEndpoints(t, (&ingressSource{}).endpointsFromIngress(realIngress, false), ti.expected)
 		})
 	}
 }
@@ -1008,6 +1010,7 @@ func testIngressEndpoints(t *testing.T) {
 				ti.fqdnTemplate,
 				ti.combineFQDNAndAnnotation,
 				ti.ignoreHostnameAnnotation,
+				DefaultAnnotations(false),
 			)
 			for _, ingress := range ingresses {
 				_, err := fakeClient.Extensions().Ingresses(ingress.Namespace).Create(ingress)

source/ingressroute.go

@@ -52,6 +52,7 @@ type ingressRouteSource struct {
 	combineFQDNAnnotation      bool
 	ignoreHostnameAnnotation   bool
 	ingressRouteInformer       extinformers.IngressRouteInformer
+	defaultAnnotations         map[string]string
 }
 
 // NewContourIngressRouteSource creates a new contourIngressRouteSource with the given config.
@@ -64,6 +65,7 @@ func NewContourIngressRouteSource(
 	fqdnTemplate string,
 	combineFqdnAnnotation bool,
 	ignoreHostnameAnnotation bool,
+	defaultAnnotations map[string]string,
 ) (Source, error) {
 	var (
 		tmpl *template.Template
@@ -120,6 +122,7 @@ func NewContourIngressRouteSource(
 		combineFQDNAnnotation:      combineFqdnAnnotation,
 		ignoreHostnameAnnotation:   ignoreHostnameAnnotation,
 		ingressRouteInformer:       ingressRouteInformer,
+		defaultAnnotations:         defaultAnnotations,
 	}, nil
 }
 
@@ -210,7 +213,7 @@ func (sc *ingressRouteSource) endpointsFromTemplate(ingressRoute *contourapi.Ing
 		}
 	}
 
-	providerSpecific, setIdentifier := getProviderSpecificAnnotations(ingressRoute.Annotations)
+	providerSpecific, setIdentifier := getProviderSpecificAnnotations(annotationsWithDefaults(ingressRoute.Annotations, sc.defaultAnnotations))
 
 	var endpoints []*endpoint.Endpoint
 	// splits the FQDN template and removes the trailing periods
@@ -303,7 +306,7 @@ func (sc *ingressRouteSource) endpointsFromIngressRoute(ingressRoute *contourapi
 		}
 	}
 
-	providerSpecific, setIdentifier := getProviderSpecificAnnotations(ingressRoute.Annotations)
+	providerSpecific, setIdentifier := getProviderSpecificAnnotations(annotationsWithDefaults(ingressRoute.Annotations, sc.defaultAnnotations))
 
 	if virtualHost := ingressRoute.Spec.VirtualHost; virtualHost != nil {
 		if fqdn := virtualHost.Fqdn; fqdn != "" {