Validate external-dns spec

pkg/apis/kops/validation/validation.go

@@ -35,6 +35,7 @@ import (
 	utilvalidation "k8s.io/apimachinery/pkg/util/validation"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/kops/pkg/apis/kops"
+	"k8s.io/kops/pkg/dns"
 	"k8s.io/kops/pkg/model/components"
 	"k8s.io/kops/pkg/model/iam"
 	"k8s.io/kops/upup/pkg/fi"
@@ -153,6 +154,10 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
 		allErrs = append(allErrs, validateClusterAutoscaler(c, spec.ClusterAutoscaler, fieldPath.Child("clusterAutoscaler"))...)
 	}
 
+	if spec.ExternalDNS != nil {
+		allErrs = append(allErrs, validateExternalDNS(c, spec.ExternalDNS, fieldPath.Child("externalDNS"))...)
+	}
+
 	if spec.NodeTerminationHandler != nil {
 		allErrs = append(allErrs, validateNodeTerminationHandler(c, spec.NodeTerminationHandler, fieldPath.Child("nodeTerminationHandler"))...)
 	}
@@ -1464,6 +1469,25 @@ func validateClusterAutoscaler(cluster *kops.Cluster, spec *kops.ClusterAutoscal
 	return allErrs
 }
 
+func validateExternalDNS(cluster *kops.Cluster, spec *kops.ExternalDNSConfig, fldPath *field.Path) (allErrs field.ErrorList) {
+	allErrs = append(allErrs, IsValidValue(fldPath.Child("provider"), (*string)(&spec.Provider), []string{"", "dns-controller", "external-dns"})...)
+
+	if spec.WatchNamespace != "" {
+		if spec.WatchNamespace != "kube-system" {
+			allErrs = append(allErrs, field.Forbidden(fldPath.Child("watchNamespace"), "externalDNS must watch either all namespaces or only kube-system"))
+		}
+	}
+
+	if spec.Provider == kops.ExternalDNSProviderExternalDNS {
+		if dns.IsGossipHostname(cluster.Spec.MasterInternalName) {
+			allErrs = append(allErrs, field.Forbidden(fldPath.Child("provider"), "external-dns does not supprot gossip clusters"))
+		}
+	}
+
+	return allErrs
+
+}
+
 func validateNodeTerminationHandler(cluster *kops.Cluster, spec *kops.NodeTerminationHandlerConfig, fldPath *field.Path) (allErrs field.ErrorList) {
 	if kops.CloudProviderID(cluster.Spec.CloudProvider) != kops.CloudProviderAWS {
 		allErrs = append(allErrs, field.Forbidden(fldPath, "Node Termination Handler supports only AWS"))

tests/integration/update_cluster/external_dns/data/aws_s3_bucket_object_cluster-completed.spec_content

@@ -46,7 +46,7 @@ spec:
     provider: Manager
     version: 3.4.13
   externalDns:
-    provider: dns-controller
+    provider: external-dns
   iam:
     legacy: false
   keyStore: memfs://clusters.example.com/minimal.example.com/pki

tests/integration/update_cluster/external_dns/data/aws_s3_bucket_object_minimal.example.com-addons-bootstrap_content

@@ -34,11 +34,11 @@ spec:
     selector:
       k8s-addon: limit-range.addons.k8s.io
   - id: k8s-1.12
-    manifest: dns-controller.addons.k8s.io/k8s-1.12.yaml
-    manifestHash: 7557767927ab9cbbc5a0bc200c773efd0b6cd31084d2e8dff905e68d5b74e799
-    name: dns-controller.addons.k8s.io
+    manifest: external-dns.addons.k8s.io/k8s-1.12.yaml
+    manifestHash: 28d9eae60d92399c9316208d6cca6d96920446de60872395f1743d8908439129
+    name: external-dns.addons.k8s.io
     selector:
-      k8s-addon: dns-controller.addons.k8s.io
+      k8s-addon: external-dns.addons.k8s.io
   - id: v1.15.0
     manifest: storage-aws.addons.k8s.io/v1.15.0.yaml
     manifestHash: 065ae832ddac8d0931e9992d6a76f43a33a36975a38003b34f4c5d86a7d42780

tests/integration/update_cluster/external_dns/data/aws_s3_bucket_object_minimal.example.com-addons-external-dns.addons.k8s.io-k8s-1.12_content

@@ -0,0 +1,131 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  labels:
+    addon.kops.k8s.io/name: external-dns.addons.k8s.io
+    app.kubernetes.io/managed-by: kops
+    k8s-addon: external-dns.addons.k8s.io
+    k8s-app: external-dns
+    version: v0.9.0
+  name: external-dns
+  namespace: kube-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      k8s-app: external-dns
+  template:
+    metadata:
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ""
+      labels:
+        k8s-addon: external-dns.addons.k8s.io
+        k8s-app: external-dns
+        version: v0.9.0
+    spec:
+      containers:
+      - args:
+        - --provider=aws
+        - --events
+        - --source=pod
+        - --source=service
+        - --compatibility=kops-dns-controller
+        - --registry=txt
+        - --txt-owner-id=kops-minimal.example.com
+        - --zone-id-filter=Z1AFAKE1ZON3YO
+        env:
+        - name: KUBERNETES_SERVICE_HOST
+          value: 127.0.0.1
+        - name: KUBERNETES_SERVICE_PORT
+          value: "443"
+        image: k8s.gcr.io/external-dns/external-dns:v0.9.0
+        imagePullPolicy: Always
+        name: external-dns
+        resources:
+          requests:
+            cpu: 50m
+            memory: 50Mi
+      dnsPolicy: Default
+      hostNetwork: true
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      priorityClassName: system-cluster-critical
+      serviceAccount: external-dns
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+      - effect: NoSchedule
+        key: node.kubernetes.io/not-ready
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  creationTimestamp: null
+  labels:
+    addon.kops.k8s.io/name: external-dns.addons.k8s.io
+    app.kubernetes.io/managed-by: kops
+    k8s-addon: external-dns.addons.k8s.io
+  name: external-dns
+  namespace: kube-system
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    addon.kops.k8s.io/name: external-dns.addons.k8s.io
+    app.kubernetes.io/managed-by: kops
+    k8s-addon: external-dns.addons.k8s.io
+  name: kops:external-dns
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - endpoints
+  - pods
+  verbs:
+  - get
+  - watch
+  - list
+- apiGroups:
+  - extensions
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - get
+  - watch
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - list
+  - watch
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    addon.kops.k8s.io/name: external-dns.addons.k8s.io
+    app.kubernetes.io/managed-by: kops
+    k8s-addon: external-dns.addons.k8s.io
+  name: kops:external-dns
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kops:external-dns
+subjects:
+- kind: ServiceAccount
+  name: external-dns
+  namespace: kube-system

tests/integration/update_cluster/external_dns/in-v1alpha2.yaml

@@ -18,7 +18,7 @@ spec:
     - instanceGroup: master-us-test-1a
       name: us-test-1a
     name: events
-  externalDNS:
+  externalDns:
     provider: "external-dns"
   iam: {}
   kubelet:

tests/integration/update_cluster/external_dns/kubernetes.tf

@@ -550,10 +550,10 @@ resource "aws_s3_bucket_object" "minimal-example-com-addons-coredns-addons-k8s-i
   server_side_encryption = "AES256"
 }
 
-resource "aws_s3_bucket_object" "minimal-example-com-addons-dns-controller-addons-k8s-io-k8s-1-12" {
+resource "aws_s3_bucket_object" "minimal-example-com-addons-external-dns-addons-k8s-io-k8s-1-12" {
   bucket                 = "testingBucket"
-  content                = file("${path.module}/data/aws_s3_bucket_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content")
-  key                    = "clusters.example.com/minimal.example.com/addons/dns-controller.addons.k8s.io/k8s-1.12.yaml"
+  content                = file("${path.module}/data/aws_s3_bucket_object_minimal.example.com-addons-external-dns.addons.k8s.io-k8s-1.12_content")
+  key                    = "clusters.example.com/minimal.example.com/addons/external-dns.addons.k8s.io/k8s-1.12.yaml"
   server_side_encryption = "AES256"
 }