Remove ExternalDNS contour ingress workaround #635
Conversation
knrt10
requested review from
invidian,
ipochi,
johananl,
pothos and
surajssd
as code owners
knrt10
force-pushed
the
knrt10/fix-contour-ingress-workaround
branch
3 times, most recently
from
4436f05
to
17ac285
Compare
|
@knrt10 Just one comment, we have a component |
knrt10
force-pushed
the
knrt10/fix-contour-ingress-workaround
branch
2 times, most recently
from
babaa68
to
e805e58
Compare
|
@knrt10 just a small spell mistake in the commit message: -Due to upstream issue in contour, address fiels was not setting on
-ingress resource. We introduces a workaround to solve that issue.
+Due to upstream issue in contour, address fields were not setting on
+ingress resource. We introduced a workaround to solve that issue. |
|
@surajssd applied the httpbin component too. You can verify now |
|
Removing cluster now |
knrt10
force-pushed
the
knrt10/fix-contour-ingress-workaround
branch
2 times, most recently
from
f4d5702
to
2899f1b
Compare
There was a problem hiding this comment.
thanks for the PR @knrt10
There are a couple of things that needs to be taken care of:
Since we remove the ingress_hosts from contour configuration, creation of DNS entries has become a manual process, which we want external-dns to pick up.
Update Ingress manifests for Dex and Gangway with annotation
external-dns.alpha.kubernetes.io/hostname:.
The value of the annotation will be IngressHost field of dex and gangway i.e:
external-dns.alpha.kubernetes.io/hostname: {{ .IngressHost }}.
Also we need to change external-dns component configuration:
Instead of default source = ["service"] , it should be source=["ingress"]
This way when you deploy dex and gangway, external-dns will pick up the hosts in Ingress objects and create all those DNS entries.
knrt10
force-pushed
the
knrt10/fix-contour-ingress-workaround
branch
from
2899f1b
to
b676c29
Compare
|
@ipochi updated. Please review |
knrt10
force-pushed
the
knrt10/fix-contour-ingress-workaround
branch
from
b676c29
to
3593fb4
Compare
|
Updated |
| @@ -12,9 +12,6 @@ metadata: | |||
| # for information about enabling the PROXY protocol on the ELB to recover | |||
| # the original remote IP address. | |||
| service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp | |||
| {{- if .Values.ingressHosts }} | |||
| external-dns.alpha.kubernetes.io/hostname: '{{- join "," .Values.ingressHosts }}' | |||
There was a problem hiding this comment.
I have some doubts whether there should be a field in contour configuration that would create a DNS entry for the envoy service. The new field in contour would act as the value of the external-dns annotation.
Not sure if this is necessary, would like others to chime in.
knrt10
force-pushed
the
knrt10/fix-contour-ingress-workaround
branch
2 times, most recently
from
00a5066
to
0b8adc0
Compare
|
@invidian what tests do you suggest for this? |
We should test, that the ingress host (either newly created one as part of testing or one from other component) resolves to the IP address in Ingress object. |
knrt10
force-pushed
the
knrt10/fix-contour-ingress-workaround
branch
from
0b8adc0
to
d1e3b6c
Compare
|
@invidian can you please review |
knrt10
force-pushed
the
knrt10/fix-contour-ingress-workaround
branch
3 times, most recently
from
bf8c21f
to
4cdf7c8
Compare
There was a problem hiding this comment.
Thanks @knrt10 for adding tests, the implementation looks almost correct to me. I added some comments what needs to be changed, but nothing major. Overall things looks good, nice work :) Please have a look.
Also note, that currently the CI do not gets triggered, so please run tests locally to make sure things are working as expected, until we fix the CI.
|
Thanks @invidian for reviewing. Updating the PR |
knrt10
force-pushed
the
knrt10/fix-contour-ingress-workaround
branch
from
4cdf7c8
to
89273cd
Compare
|
e2e tests works fine. |
knrt10
force-pushed
the
knrt10/fix-contour-ingress-workaround
branch
from
89273cd
to
0c5283b
Compare
Due to upstream issue in contour, address fields were not setting on ingress resource. We introduced a workaround to solve that issue. Previously we were explicitly using `IngressHosts` to work with external-dns. Now since the upstream issue has been fixed in contour we have removed optional field `IngressHosts`. See projectcontour/contour#403 and 71c19e0 Signed-off-by: knrt10 <kautilya@kinvolk.io>
Since `ingress_hosts` from contour configuration is removed, now we have added a new annotation for external-dns to pickup and add it automatically to DNS entries. external-dns default source is changes to `ingress`. Signed-off-by: knrt10 <kautilya@kinvolk.io>
knrt10
force-pushed
the
knrt10/fix-contour-ingress-workaround
branch
from
0c5283b
to
2306e5e
Compare
knrt10
force-pushed
the
knrt10/fix-contour-ingress-workaround
branch
from
2306e5e
to
82fb910
Compare
|
@invidian can you please approve, stale review got removed on latest push to check CI |
Signed-off-by: knrt10 <kautilya@kinvolk.io>
invidian
force-pushed
the
knrt10/fix-contour-ingress-workaround
branch
from
82fb910
to
57d9314
Compare
|
@knrt10 I pushed again last commit to trigger the CI one more time, as while doing some other tests I unpaused PacketARM pipeline, which is going to fail. |
|
@invidian PacketARM did not get trigerred. |
This PR closes #589. It has been tested.
Component Tested