New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support dynamic records in Azure DNS #706
Conversation
baf6321
to
d619025
Compare
If single-value pools have a weight defined, it will be lost by this optimization. Next time octodns-sync is run, it will show an update for setting the weight on remote. To overcome this, this commit includes a change to Record object that ignores the weight in single-value pools.
alright done with force pushes (sorry!) and more commits, this is ready for review. |
I originally looked at Azure dynamic support and bailed b/c they didn't support transparently having That was more of a specific product decision at the time (didn't want it visible for github.com etc.) and Azure lost out in the selection as a result. I really wish they'd address that, but I'm not opposed having support that does it (I just wouldn't use it for "big" things.) 😁
Cool. Will aim to dig into this today. |
I am not CNAMEing to the traffic manager, I am using 'Nested' endpoint to select the target traffic manager from a dropdown. This makes the CNAME hop visible, no way around it. Azure might rollout a feature to hide that CNAME hop at some point.
Agreed, it's not a uniform behavior across providers and you'd be better off without the extra CNAME hop. |
Oh that would have been a blocker if I'd known/realized it back when I evaled things. At the time I couldn't point it at a Geo TM so I stopped there. Amazingly I could point it at something else that was supported and then go in and change the TM to be a Geo and it seemed to work, but I wasn't actually going to try hijinks like that with a real/production setup. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Made a first pass through and added a few comments/questions. Will look more deeply 🔜
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think things are good here if it's working for you and you're happy with it. I don't really have an Azure setup to test this with currently so sort of going to take your word for it 😁
Couple more questions inline I'll let you review/ack. Once that's done we can
Adds support for dynamic records in Azure DNS by using Azure Traffic Managers (ATMs).
An ATM can be one of 'Geographic', 'Priority' or 'Weighted' (among others). So a single ATM can only do one of geo-fencing, failover and weighted round-robin. All types support TCP, HTTP and HTTPS health-checks with customizable host, port and path.
To achieve the full functionality of dynamic records, multiple ATMs need to be created (one for each pool, each rule and failover chains) and nested together. This PR implements dynamic records by creating 3 layers of nested ATMs: DNS record -> Geographic -> Priority -> Weighted. Each pool gets a Weighted ATM, which are nested within another Priority ATM for failovers corresponding to each rule, which are further nested inside a top-level Geographic ATM which does geo-fencing. The top-level ATM then gets aliased to a record inside the DNS zone (this is not an ALIAS record, it's a Azure-specific "nesting" which is called 'alias' on the portal).
Here's my attempt at a graphical representation:
becomes:
Each ATM gets the heathcheck config as defined in octodns. This works fairly well in my testing.
Now some caveats:
foo.trafficmanager.net
CNAMEs to send DNS clients to each other. This introduces extra CNAME hops in DNS resolution of user's dynamic records, and poses all risks associated with single-DNS due to*.trafficmanager.net
CNAMEs. The above example will result in this CNAME chain for Europe:I believe this is still somewhat functional if someone wanted to pursue dynamic records on Azure DNS.