dnspolicy section name support

api/v1alpha1/dnspolicy_types.go

@@ -26,6 +26,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
@@ -58,7 +59,7 @@ type DNSPolicySpec struct {
 	// targetRef identifies an API object to apply policy to.
 	// +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'"
 	// +kubebuilder:validation:XValidation:rule="self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'Gateway'"
-	TargetRef gatewayapiv1alpha2.LocalPolicyTargetReference `json:"targetRef"`
+	TargetRef gatewayapiv1alpha2.LocalPolicyTargetReferenceWithSectionName `json:"targetRef"`
 
 	// +optional
 	HealthCheck *dnsv1alpha1.HealthCheckSpec `json:"healthCheck,omitempty"`
@@ -190,7 +191,7 @@ func (p *DNSPolicy) GetRulesHostnames() []string {
 }
 
 func (p *DNSPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference {
-	return p.Spec.TargetRef
+	return p.Spec.TargetRef.LocalPolicyTargetReference
 }
 
 func (p *DNSPolicy) GetStatus() kuadrantgatewayapi.PolicyStatus {
@@ -252,7 +253,7 @@ func NewDNSPolicy(name, ns string) *DNSPolicy {
 	}
 }
 
-func (p *DNSPolicy) WithTargetRef(targetRef gatewayapiv1alpha2.LocalPolicyTargetReference) *DNSPolicy {
+func (p *DNSPolicy) WithTargetRef(targetRef gatewayapiv1alpha2.LocalPolicyTargetReferenceWithSectionName) *DNSPolicy {
 	p.Spec.TargetRef = targetRef
 	return p
 }
@@ -290,13 +291,22 @@ func (p *DNSPolicy) WithExcludeAddresses(excluded []string) *DNSPolicy {
 //TargetRef
 
 func (p *DNSPolicy) WithTargetGateway(gwName string) *DNSPolicy {
-	return p.WithTargetRef(gatewayapiv1alpha2.LocalPolicyTargetReference{
-		Group: gatewayapiv1.GroupName,
-		Kind:  "Gateway",
-		Name:  gatewayapiv1.ObjectName(gwName),
+	return p.WithTargetRef(gatewayapiv1alpha2.LocalPolicyTargetReferenceWithSectionName{
+		LocalPolicyTargetReference: gatewayapiv1alpha2.LocalPolicyTargetReference{
+			Group: gatewayapiv1.GroupName,
+			Kind:  "Gateway",
+			Name:  gatewayapiv1.ObjectName(gwName),
+		},
+		SectionName: nil,
 	})
 }
 
+func (p *DNSPolicy) WithTargetGatewayListener(gwName string, lName string) *DNSPolicy {
+	p.WithTargetGateway(gwName)
+	p.Spec.TargetRef.SectionName = ptr.To(gatewayapiv1.SectionName(lName))
+	return p
+}
+
 //HealthCheck
 
 func (p *DNSPolicy) WithHealthCheckFor(endpoint string, port int, protocol string, failureThreshold int) *DNSPolicy {

api/v1alpha1/topology.go

@@ -18,9 +18,9 @@ var _ machinery.Policy = &DNSPolicy{}
 
 func (p *DNSPolicy) GetTargetRefs() []machinery.PolicyTargetReference {
 	return []machinery.PolicyTargetReference{
-		machinery.LocalPolicyTargetReference{
-			LocalPolicyTargetReference: p.Spec.TargetRef,
-			PolicyNamespace:            p.Namespace,
+		machinery.LocalPolicyTargetReferenceWithSectionName{
+			LocalPolicyTargetReferenceWithSectionName: p.Spec.TargetRef,
+			PolicyNamespace: p.Namespace,
 		},
 	}
 }

bundle/manifests/kuadrant-operator.clusterserviceversion.yaml

@@ -106,7 +106,7 @@ metadata:
     capabilities: Basic Install
     categories: Integration & Delivery
     containerImage: quay.io/kuadrant/kuadrant-operator:latest
-    createdAt: "2024-10-22T09:01:33Z"
+    createdAt: "2024-10-25T15:27:18Z"
     description: A Kubernetes Operator to manage the lifecycle of the Kuadrant system
     operators.operatorframework.io/builder: operator-sdk-v1.32.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3

bundle/manifests/kuadrant.io_dnspolicies.yaml

@@ -194,6 +194,25 @@ spec:
                     maxLength: 253
                     minLength: 1
                     type: string
+                  sectionName:
+                    description: |-
+                      SectionName is the name of a section within the target resource. When
+                      unspecified, this targetRef targets the entire resource. In the following
+                      resources, SectionName is interpreted as the following:
+
+
+                      * Gateway: Listener name
+                      * HTTPRoute: HTTPRouteRule name
+                      * Service: Port name
+
+
+                      If a SectionName is specified, but does not exist on the targeted object,
+                      the Policy must fail to attach, and the policy implementation should record
+                      a `ResolvedRefs` or similar Condition in the Policy's status.
+                    maxLength: 253
+                    minLength: 1
+                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                    type: string
                 required:
                 - group
                 - kind

charts/kuadrant-operator/templates/manifests.yaml

@@ -6962,6 +6962,25 @@ spec:
                     maxLength: 253
                     minLength: 1
                     type: string
+                  sectionName:
+                    description: |-
+                      SectionName is the name of a section within the target resource. When
+                      unspecified, this targetRef targets the entire resource. In the following
+                      resources, SectionName is interpreted as the following:
+
+
+                      * Gateway: Listener name
+                      * HTTPRoute: HTTPRouteRule name
+                      * Service: Port name
+
+
+                      If a SectionName is specified, but does not exist on the targeted object,
+                      the Policy must fail to attach, and the policy implementation should record
+                      a `ResolvedRefs` or similar Condition in the Policy's status.
+                    maxLength: 253
+                    minLength: 1
+                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                    type: string
                 required:
                 - group
                 - kind

config/crd/bases/kuadrant.io_dnspolicies.yaml

@@ -193,6 +193,25 @@ spec:
                     maxLength: 253
                     minLength: 1
                     type: string
+                  sectionName:
+                    description: |-
+                      SectionName is the name of a section within the target resource. When
+                      unspecified, this targetRef targets the entire resource. In the following
+                      resources, SectionName is interpreted as the following:
+
+
+                      * Gateway: Listener name
+                      * HTTPRoute: HTTPRouteRule name
+                      * Service: Port name
+
+
+                      If a SectionName is specified, but does not exist on the targeted object,
+                      the Policy must fail to attach, and the policy implementation should record
+                      a `ResolvedRefs` or similar Condition in the Policy's status.
+                    maxLength: 253
+                    minLength: 1
+                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                    type: string
                 required:
                 - group
                 - kind

controllers/effective_dnspolicies_reconciler.go

@@ -138,7 +138,7 @@ func (r *EffectiveDNSPoliciesReconciler) reconcile(ctx context.Context, _ []cont
 
 				existingRecord := existingRecordObj.(*controller.RuntimeObject).Object.(*kuadrantdnsv1alpha1.DNSRecord)
 
-				//Deal with the potential deletion of a record first
+				// Deal with the potential deletion of a record first
 				if !hasAttachedRoute || len(desiredRecord.Spec.Endpoints) == 0 {
 					if !hasAttachedRoute {
 						rLogger.V(1).Info("listener has no attached routes, deleting record for listener")
@@ -149,28 +149,25 @@ func (r *EffectiveDNSPoliciesReconciler) reconcile(ctx context.Context, _ []cont
 					continue
 				}
 
-				if desiredRecord.Spec.RootHost != existingRecord.Spec.RootHost {
-					rLogger.V(1).Info("listener hostname has changed, deleting record for listener")
+				if !canUpdateDNSRecord(ctx, existingRecord, desiredRecord) {
+					rLogger.V(1).Info("unable to update record, deleting record for listener and re-creating")
 					r.deleteRecord(ctx, existingRecordObj)
-					//Break to allow it to try the creation of the desired record
 					break
 				}
 
-				if reflect.DeepEqual(existingRecord.Spec, desiredRecord.Spec) &&
-					reflect.DeepEqual(existingRecord.OwnerReferences, desiredRecord.OwnerReferences) {
+				if reflect.DeepEqual(existingRecord.Spec, desiredRecord.Spec) {
 					rLogger.V(1).Info("dns record is up to date, nothing to do")
 					continue
 				}
 				existingRecord.Spec = desiredRecord.Spec
-				existingRecord.OwnerReferences = desiredRecord.OwnerReferences
 
 				un, err := controller.Destruct(existingRecord)
 				if err != nil {
 					lLogger.Error(err, "unable to destruct dns record")
 					continue
 				}
 
-				rLogger.V(1).Info("updating DNS record for listener")
+				rLogger.V(1).Info("updating record for listener")
 				if _, uErr := resource.Update(ctx, un, metav1.UpdateOptions{}); uErr != nil {
 					rLogger.Error(uErr, "unable to update dns record")
 				}
@@ -300,3 +297,30 @@ func (r *EffectiveDNSPoliciesReconciler) deleteRecord(ctx context.Context, obj m
 		logger.Error(err, "failed to delete DNSRecord", "record", obj.GetLocator())
 	}
 }
+
+// canUpdateDNSRecord returns true if the current record can be updated to the desired.
+func canUpdateDNSRecord(ctx context.Context, current, desired *kuadrantdnsv1alpha1.DNSRecord) bool {
+	logger := controller.LoggerFromContext(ctx)
+
+	// DNSRecord doesn't currently support rootHost changes
+	if current.Spec.RootHost != desired.Spec.RootHost {
+		logger.V(1).Info("root host for existing record has changed")
+		return false
+	}
+
+	// DNSRecord doesn't currently support record type changes due to a limitation of the dns operator
+	// https://github.com/Kuadrant/dns-operator/issues/287
+	for _, curEp := range current.Spec.Endpoints {
+		for _, desEp := range desired.Spec.Endpoints {
+			if curEp.DNSName == desEp.DNSName {
+				if curEp.RecordType != desEp.RecordType {
+					logger.V(1).Info("record type for existing endpoint has changed",
+						"dnsName", curEp.DNSName, "current", curEp.RecordType, "desired", desEp.RecordType)
+					return false
+				}
+			}
+		}
+	}
+
+	return true
+}

controllers/effective_dnspolicies_reconciler_test.go

@@ -0,0 +1,135 @@
+package controllers
+
+import (
+	"context"
+	"testing"
+
+	externaldns "sigs.k8s.io/external-dns/endpoint"
+
+	kuadrantdnsv1alpha1 "github.com/kuadrant/dns-operator/api/v1alpha1"
+)
+
+func Test_canUpdateDNSRecord(t *testing.T) {
+	tests := []struct {
+		name    string
+		current *kuadrantdnsv1alpha1.DNSRecord
+		desired *kuadrantdnsv1alpha1.DNSRecord
+		want    bool
+	}{
+		{
+			name: "different root hosts",
+			current: &kuadrantdnsv1alpha1.DNSRecord{
+				Spec: kuadrantdnsv1alpha1.DNSRecordSpec{
+					RootHost: "foo.example.com",
+				},
+			},
+			desired: &kuadrantdnsv1alpha1.DNSRecord{
+				Spec: kuadrantdnsv1alpha1.DNSRecordSpec{
+					RootHost: "bar.example.com",
+				},
+			},
+			want: false,
+		},
+		{
+			name: "same root hosts",
+			current: &kuadrantdnsv1alpha1.DNSRecord{
+				Spec: kuadrantdnsv1alpha1.DNSRecordSpec{
+					RootHost: "foo.example.com",
+				},
+			},
+			desired: &kuadrantdnsv1alpha1.DNSRecord{
+				Spec: kuadrantdnsv1alpha1.DNSRecordSpec{
+					RootHost: "foo.example.com",
+				},
+			},
+			want: true,
+		},
+		{
+			name: "different record type same dnsnames",
+			current: &kuadrantdnsv1alpha1.DNSRecord{
+				Spec: kuadrantdnsv1alpha1.DNSRecordSpec{
+					Endpoints: []*externaldns.Endpoint{
+						{
+							DNSName:    "foo.example.com",
+							RecordType: "A",
+						},
+					},
+				},
+			},
+			desired: &kuadrantdnsv1alpha1.DNSRecord{
+				Spec: kuadrantdnsv1alpha1.DNSRecordSpec{
+					Endpoints: []*externaldns.Endpoint{
+						{
+							DNSName:    "foo.example.com",
+							RecordType: "CNAME",
+						},
+					},
+				},
+			},
+			want: false,
+		},
+		{
+			name: "same record type same dnsnames",
+			current: &kuadrantdnsv1alpha1.DNSRecord{
+				Spec: kuadrantdnsv1alpha1.DNSRecordSpec{
+					Endpoints: []*externaldns.Endpoint{
+						{
+							DNSName:    "foo.example.com",
+							RecordType: "A",
+						},
+					},
+				},
+			},
+			desired: &kuadrantdnsv1alpha1.DNSRecord{
+				Spec: kuadrantdnsv1alpha1.DNSRecordSpec{
+					Endpoints: []*externaldns.Endpoint{
+						{
+							DNSName:    "foo.example.com",
+							RecordType: "A",
+						},
+					},
+				},
+			},
+			want: true,
+		},
+		{
+			name: "multiple endpoints",
+			current: &kuadrantdnsv1alpha1.DNSRecord{
+				Spec: kuadrantdnsv1alpha1.DNSRecordSpec{
+					Endpoints: []*externaldns.Endpoint{
+						{
+							DNSName:    "foo.example.com",
+							RecordType: "A",
+						},
+						{
+							DNSName:    "baz.example.com",
+							RecordType: "CNAME",
+						},
+					},
+				},
+			},
+			desired: &kuadrantdnsv1alpha1.DNSRecord{
+				Spec: kuadrantdnsv1alpha1.DNSRecordSpec{
+					Endpoints: []*externaldns.Endpoint{
+						{
+							DNSName:    "foo.example.com",
+							RecordType: "A",
+						},
+						{
+							DNSName:    "bar.example.com",
+							RecordType: "CNAME",
+						},
+					},
+				},
+			},
+			want: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := canUpdateDNSRecord(context.Background(), tt.current, tt.desired); got != tt.want {
+				t.Errorf("canUpdateDNSRecord() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}