Generate SRV records from Services to respect K8s DNS spec

[weihanglo]

What

Generates SRV records from services to respect Kubernetes DNS specification.

Thanks for #559, ExternalDNS already got a basic implementation of generating SRV records from NodePort serivces. However, it is still far away from Kubernetes DNS specification. This pull request tries to implement full part of the spec concerning SRV records.

How

Simply follow the spec. Here are two common rules for all service types:

• Unnamed ports are ignored.
• Each name port, generate one corresponding SRV record.

Below are type specific rules:

• NodePort/LoadBalancer
  • Use Service.spec.nodePort as the port on the target host.
• ClusterIP with a valid ClusterIP
  • Use Service.spec.port as the port on the target host.
• Headless Service
  • Headless Service itself does not generate SRV records.
  • Each endpoint of headless Service, particularly a Pod, generates its own SRV record. That is to say, if we get M named ports with N selected Pods, there would be M x N SRV records.
  • The domain name of each target host would be the corresponding endpoint of querying A record for the headless Service.

Future works

If all changes are valid, I would get more tasks done in the following PRs (or push more commits if we are comfortable with PR bloating 😂).

• Update plan/plan.go#filterRecordsForPlan to filter in SRV records.
  • ⚠️ [Discussion needed] Shall we enable SRV records generating by default, or introduce another config/flag storing a whitelist of record types?
• Add more tests for plan/plan_test.go for SRV records.
• Update document of headless Service for generating SRV records.
• Make sure each provider can generate correct SRV records.
  • A known issue is that on Google Cloud DNS, it would get 400 Bad Request if target hostname in SRV record is not FQDN.
  • ⚠️ [Discussion needed] I've already write a workaround to ensure FQDN of supporting record types with a target hostname. However, current logic is that we ensureTrailingDot on provider-sides. Supposed it's more appropriate to do that at the end of Endpoints() function for each source.

References

• Kubernetes DNS specification
• RFC2782: A DNS RR for specifying the location of services (DNS SRV)
• Google Cloud DNS: Records Format (JSON)

[k8s-ci-robot]

Welcome @weihanglo!

It looks like this is your first PR to kubernetes-sigs/external-dns 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/external-dns has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: weihanglo
To complete the pull request process, please assign njuettner
You can assign the PR to them by writing /assign @njuettner in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[weihanglo]

/assign @njuettner

[weihanglo]

@Raffo Sorry for bothering you. Just want to make sure this PR is queued for reviews. Thanks.

[JoaoBraveCoding]

@weihanglo @Raffo I'm also interested in this pull request since I was about to open a pull request to add support for SRV records with provider rfc2136 and source CRD.

[weihanglo]

Hi, sorry for ping you again. Would this PR be reviewed after my resolving conflicts?
@njuettner @linki

[weihanglo]

@Raffo @hjacobs would you have time to take a look on this? Let me know if this PR should go on or not. Thanks!

[Raffo]

Sorry @weihanglo we totally missed that, apologies. Can you please resolve the conflict so that I can proceed to a review?

[weihanglo]

Sorry @weihanglo we totally missed that, apologies. Can you please resolve the conflict so that I can proceed to a review?

@Raffo Ok. I'll resolve this ASAP.

[weihanglo]

@Raffo
Updated. Please take a look. Thanks 😀

[seanmalloy]

/kind feature

[weihanglo]

@seanmalloy
Thanks for adding the label. This PR has been updated following current master.

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

[k8s-ci-robot]

@weihanglo: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[seanmalloy]

/remove-lifecycle stale

[arianvp]

One thing I noticed with external-dns that it does differently from the kubernetes internal DNS is that when you have headless service + statefulset in k8s then if a Pod goes UnReady it is ONLY removed from the SRV record; but the A record for the pod remains. This is important as the A record is the stable identity used in .e.g distributed databases.

However, external-dns removes my A record my-pod-0.myservice.mydomain.example immediately as soon as pod-0 goes in an NotReady which is very different behavior. Also very unwanted because the reason why databases go unhealthy is for example because they can't reach their peers. If that then causes their stable identity to disappear then the problem only worsens further.

When you gracefully terminate a pod in a distributed database; you don't want its identity to disappear before the pod is gone. So the A-record should stick around until the pod is properly gone instead of just NotReady

It wasn't very clear to me from this PR if this PR addresses this issue as well. But it would be great if it did.

[vanekjar]

I am afraid this won't work for NodePort type. K8s uses unnamed ports when exposing NodePort services.

If you set the type field to NodePort, the Kubernetes control plane allocates a port from a range specified by --service-node-port-range flag (default: 30000-32767).

https://kubernetes.io/docs/concepts/services-networking/service/#nodeport

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

[seanmalloy]

@weihanglo I know this PR has been open for a while now, but are you still interested in getting this merged? If yes then could you please resolve the conflicts?

We can remove the stale label too.

Thanks!

[weihanglo]

I would love to resolve the conflict if it has a chance getting merged. If maintainers think this issue looks reasonable to merge please tell me. I am open to discussion 😃

[fejta-bot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten

[mindw]

/remove-lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[mindw]

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[mindw]

/remove-lifecycle stale

[weihanglo]

Thanks for all your comments so far!
I am going to close it since I don't use this feature anymore. If someone want to push it forward, feel free to take it.