cmd/{k8s-operator,k8s-nameserver}: generate DNSConfig CRD for charts, append to static manifests

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2 months ago · 21ced0f7f6
parent 54a1381192
commit 21ced0f7f6
6 changed files with 132 additions and 21 deletions
--- a/cmd/k8s-nameserver/main.go
+++ b/cmd/k8s-nameserver/main.go
@ -86,8 +86,8 @@ func main() {
 	dns.HandleFunc(tsNetDomain, ns.handleFunc())

 	// Listen for DNS queries over UDP and TCP.
-	udpSig := make(chan any)
-	tcpSig := make(chan any)
+	udpSig := make(chan os.Signal)
+	tcpSig := make(chan os.Signal)
 	go listenAndServe("udp", addr, udpSig)
 	go listenAndServe("tcp", addr, tcpSig)
 	sig := make(chan os.Signal, 1)
@ -248,7 +248,7 @@ func (n *nameserver) resetRecords() error {
 }

 // listenAndServe starts a DNS server for the provided network and address.
-func listenAndServe(net, addr string, shutdown chan any) {
+func listenAndServe(net, addr string, shutdown chan os.Signal) {
 	s := &dns.Server{Addr: addr, Net: net}
 	go func() {
 		<-shutdown
--- a/cmd/k8s-nameserver/main_test.go
+++ b/cmd/k8s-nameserver/main_test.go
@ -24,7 +24,7 @@ func TestNameserver(t *testing.T) {
 	}{
 		{
 			name: "A record query, record exists",
-			ip4:  map[dnsname.FQDN][]net.IP{dnsname.FQDN("foo.bar.com."): []net.IP{{1, 2, 3, 4}}},
+			ip4:  map[dnsname.FQDN][]net.IP{dnsname.FQDN("foo.bar.com."): {{1, 2, 3, 4}}},
 			query: &dns.Msg{
 				Question: []dns.Question{{Name: "foo.bar.com", Qtype: dns.TypeA}},
 				MsgHdr:   dns.MsgHdr{Id: 1, RecursionDesired: true},
@ -46,7 +46,7 @@ func TestNameserver(t *testing.T) {
 		},
 		{
 			name: "A record query, record does not exist",
-			ip4:  map[dnsname.FQDN][]net.IP{dnsname.FQDN("foo.bar.com."): []net.IP{{1, 2, 3, 4}}},
+			ip4:  map[dnsname.FQDN][]net.IP{dnsname.FQDN("foo.bar.com."): {{1, 2, 3, 4}}},
 			query: &dns.Msg{
 				Question: []dns.Question{{Name: "baz.bar.com", Qtype: dns.TypeA}},
 				MsgHdr:   dns.MsgHdr{Id: 1},
@ -64,7 +64,7 @@ func TestNameserver(t *testing.T) {
 		},
 		{
 			name: "A record query, but the name is not a valid FQDN",
-			ip4:  map[dnsname.FQDN][]net.IP{dnsname.FQDN("foo.bar.com."): []net.IP{{1, 2, 3, 4}}},
+			ip4:  map[dnsname.FQDN][]net.IP{dnsname.FQDN("foo.bar.com."): {{1, 2, 3, 4}}},
 			query: &dns.Msg{
 				Question: []dns.Question{{Name: "foo..bar.com", Qtype: dns.TypeA}},
 				MsgHdr:   dns.MsgHdr{Id: 1},
@ -80,7 +80,7 @@ func TestNameserver(t *testing.T) {
 		},
 		{
 			name: "AAAA record query",
-			ip4:  map[dnsname.FQDN][]net.IP{dnsname.FQDN("foo.bar.com."): []net.IP{{1, 2, 3, 4}}},
+			ip4:  map[dnsname.FQDN][]net.IP{dnsname.FQDN("foo.bar.com."): {{1, 2, 3, 4}}},
 			query: &dns.Msg{
 				Question: []dns.Question{{Name: "foo.bar.com", Qtype: dns.TypeAAAA}},
 				MsgHdr:   dns.MsgHdr{Id: 1},
@ -96,7 +96,7 @@ func TestNameserver(t *testing.T) {
 		},
 		{
 			name: "AAAA record query",
-			ip4:  map[dnsname.FQDN][]net.IP{dnsname.FQDN("foo.bar.com."): []net.IP{{1, 2, 3, 4}}},
+			ip4:  map[dnsname.FQDN][]net.IP{dnsname.FQDN("foo.bar.com."): {{1, 2, 3, 4}}},
 			query: &dns.Msg{
 				Question: []dns.Question{{Name: "foo.bar.com", Qtype: dns.TypeAAAA}},
 				MsgHdr:   dns.MsgHdr{Id: 1},
@ -112,7 +112,7 @@ func TestNameserver(t *testing.T) {
 		},
 		{
 			name: "CNAME record query",
-			ip4:  map[dnsname.FQDN][]net.IP{dnsname.FQDN("foo.bar.com."): []net.IP{{1, 2, 3, 4}}},
+			ip4:  map[dnsname.FQDN][]net.IP{dnsname.FQDN("foo.bar.com."): {{1, 2, 3, 4}}},
 			query: &dns.Msg{
 				Question: []dns.Question{{Name: "foo.bar.com", Qtype: dns.TypeCNAME}},
 				MsgHdr:   dns.MsgHdr{Id: 1},
@ -153,29 +153,29 @@ func TestResetRecords(t *testing.T) {
 		{
 			name:     "previously empty nameserver.ip4 gets set",
 			config:   []byte(`{"version": "v1alpha1", "ip4": {"foo.bar.com": ["1.2.3.4"]}}`),
-			wantsIp4: map[dnsname.FQDN][]net.IP{"foo.bar.com.": []net.IP{{1, 2, 3, 4}}},
+			wantsIp4: map[dnsname.FQDN][]net.IP{"foo.bar.com.": {{1, 2, 3, 4}}},
 		},
 		{
 			name:     "nameserver.ip4 gets reset",
-			hasIp4:   map[dnsname.FQDN][]net.IP{"baz.bar.com.": []net.IP{{1, 1, 3, 3}}},
+			hasIp4:   map[dnsname.FQDN][]net.IP{"baz.bar.com.": {{1, 1, 3, 3}}},
 			config:   []byte(`{"version": "v1alpha1", "ip4": {"foo.bar.com": ["1.2.3.4"]}}`),
-			wantsIp4: map[dnsname.FQDN][]net.IP{"foo.bar.com.": []net.IP{{1, 2, 3, 4}}},
+			wantsIp4: map[dnsname.FQDN][]net.IP{"foo.bar.com.": {{1, 2, 3, 4}}},
 		},
 		{
 			name:     "configuration with incompatible version",
-			hasIp4:   map[dnsname.FQDN][]net.IP{"baz.bar.com.": []net.IP{{1, 1, 3, 3}}},
+			hasIp4:   map[dnsname.FQDN][]net.IP{"baz.bar.com.": {{1, 1, 3, 3}}},
 			config:   []byte(`{"version": "v1beta1", "ip4": {"foo.bar.com": ["1.2.3.4"]}}`),
-			wantsIp4: map[dnsname.FQDN][]net.IP{"baz.bar.com.": []net.IP{{1, 1, 3, 3}}},
+			wantsIp4: map[dnsname.FQDN][]net.IP{"baz.bar.com.": {{1, 1, 3, 3}}},
 			wantsErr: true,
 		},
 		{
 			name:     "nameserver.ip4 gets reset to empty config when no configuration is provided",
-			hasIp4:   map[dnsname.FQDN][]net.IP{"baz.bar.com.": []net.IP{{1, 1, 3, 3}}},
+			hasIp4:   map[dnsname.FQDN][]net.IP{"baz.bar.com.": {{1, 1, 3, 3}}},
 			wantsIp4: make(map[dnsname.FQDN][]net.IP),
 		},
 		{
 			name:     "nameserver.ip4 gets reset to empty config when the provided configuration is empty",
-			hasIp4:   map[dnsname.FQDN][]net.IP{"baz.bar.com.": []net.IP{{1, 1, 3, 3}}},
+			hasIp4:   map[dnsname.FQDN][]net.IP{"baz.bar.com.": {{1, 1, 3, 3}}},
 			config:   []byte(`{"version": "v1alpha1", "ip4": {}}`),
 			wantsIp4: make(map[dnsname.FQDN][]net.IP),
 		},
--- a/cmd/k8s-operator/deploy/manifests/operator.yaml
+++ b/cmd/k8s-operator/deploy/manifests/operator.yaml
@ -159,6 +159,103 @@ spec:
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
+metadata:
+    annotations:
+        controller-gen.kubebuilder.io/version: v0.13.0
+    name: dnsconfigs.tailscale.com
+spec:
+    group: tailscale.com
+    names:
+        kind: DNSConfig
+        listKind: DNSConfigList
+        plural: dnsconfigs
+        shortNames:
+            - dc
+        singular: dnsconfig
+    scope: Cluster
+    versions:
+        - additionalPrinterColumns:
+            - description: Service IP address of the nameserver
+              jsonPath: .status.nameserverStatus.ip
+              name: NameserverIP
+              type: string
+          name: v1alpha1
+          schema:
+            openAPIV3Schema:
+                properties:
+                    apiVersion:
+                        description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                        type: string
+                    kind:
+                        description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                    metadata:
+                        type: object
+                    spec:
+                        properties:
+                            nameserver:
+                                properties:
+                                    image:
+                                        properties:
+                                            repo:
+                                                type: string
+                                            tag:
+                                                type: string
+                                        type: object
+                                type: object
+                        required:
+                            - nameserver
+                        type: object
+                    status:
+                        properties:
+                            conditions:
+                                items:
+                                    description: ConnectorCondition contains condition information for a Connector.
+                                    properties:
+                                        lastTransitionTime:
+                                            description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
+                                            format: date-time
+                                            type: string
+                                        message:
+                                            description: Message is a human readable description of the details of the last transition, complementing reason.
+                                            type: string
+                                        observedGeneration:
+                                            description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Connector.
+                                            format: int64
+                                            type: integer
+                                        reason:
+                                            description: Reason is a brief machine readable explanation for the condition's last transition.
+                                            type: string
+                                        status:
+                                            description: Status of the condition, one of ('True', 'False', 'Unknown').
+                                            type: string
+                                        type:
+                                            description: Type of the condition, known values are (`SubnetRouterReady`).
+                                            type: string
+                                    required:
+                                        - status
+                                        - type
+                                    type: object
+                                type: array
+                                x-kubernetes-list-map-keys:
+                                    - type
+                                x-kubernetes-list-type: map
+                            nameserverStatus:
+                                properties:
+                                    ip:
+                                        type: string
+                                type: object
+                        type: object
+                required:
+                    - spec
+                type: object
+          served: true
+          storage: true
+          subresources:
+            status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
 metadata:
    annotations:
        controller-gen.kubebuilder.io/version: v0.13.0
--- a/cmd/k8s-operator/generate/main.go
+++ b/cmd/k8s-operator/generate/main.go
@ -22,9 +22,11 @@ const (
 	operatorDeploymentFilesPath   = "cmd/k8s-operator/deploy"
 	connectorCRDPath              = operatorDeploymentFilesPath + "/crds/tailscale.com_connectors.yaml"
 	proxyClassCRDPath             = operatorDeploymentFilesPath + "/crds/tailscale.com_proxyclasses.yaml"
+	dnsConfigCRDPath              = operatorDeploymentFilesPath + "/crds/tailscale.com_dnsconfigs.yaml"
 	helmTemplatesPath             = operatorDeploymentFilesPath + "/chart/templates"
 	connectorCRDHelmTemplatePath  = helmTemplatesPath + "/connector.yaml"
 	proxyClassCRDHelmTemplatePath = helmTemplatesPath + "/proxyclass.yaml"
+	dnsConfigCRDHelmTemplatePath  = helmTemplatesPath + "/dnsconfig.yaml"

 	helmConditionalStart = "{{ if .Values.installCRDs -}}\n"
 	helmConditionalEnd   = "{{- end -}}"
@ -108,7 +110,7 @@ func main() {
 	}
 }

-// generate places tailscale.com CRDs (currently Connector and ProxyClass) into
+// generate places tailscale.com CRDs (currently Connector, ProxyClass and DNSConfig) into
 // the Helm chart templates behind .Values.installCRDs=true condition (true by
 // default).
 func generate(baseDir string) error {
@ -140,6 +142,9 @@ func generate(baseDir string) error {
 	if err := addCRDToHelm(proxyClassCRDPath, proxyClassCRDHelmTemplatePath); err != nil {
 		return fmt.Errorf("error adding ProxyClass CRD to Helm templates: %w", err)
 	}
+	if err := addCRDToHelm(dnsConfigCRDPath, dnsConfigCRDHelmTemplatePath); err != nil {
+		return fmt.Errorf("error adding DNSConfig CRD to Helm templates: %w", err)
+	}
 	return nil
 }

@ -151,5 +156,8 @@ func cleanup(baseDir string) error {
 	if err := os.Remove(filepath.Join(baseDir, proxyClassCRDHelmTemplatePath)); err != nil && !os.IsNotExist(err) {
 		return fmt.Errorf("error cleaning up ProxyClass CRD template: %w", err)
 	}
+	if err := os.Remove(filepath.Join(baseDir, dnsConfigCRDHelmTemplatePath)); err != nil && !os.IsNotExist(err) {
+		return fmt.Errorf("error cleaning up DNSConfig CRD template: %w", err)
+	}
 	return nil
 }
--- a/cmd/k8s-operator/generate/main_test.go
+++ b/cmd/k8s-operator/generate/main_test.go
@ -56,6 +56,9 @@ func Test_generate(t *testing.T) {
 	if !strings.Contains(installContentsWithCRD.String(), "name: proxyclasses.tailscale.com") {
 		t.Errorf("ProxyClass CRD not found in default chart install")
 	}
+	if !strings.Contains(installContentsWithCRD.String(), "name: dnsconfigs.tailscale.com") {
+		t.Errorf("DNSConfig CRD not found in default chart install")
+	}

 	// Test that CRDs can be excluded from Helm chart install
 	installContentsWithoutCRD := bytes.NewBuffer([]byte{})
@ -71,4 +74,7 @@ func Test_generate(t *testing.T) {
 	if strings.Contains(installContentsWithoutCRD.String(), "name: connectors.tailscale.com") {
 		t.Errorf("ProxyClass CRD found in chart install that should not contain a CRD")
 	}
+	if strings.Contains(installContentsWithoutCRD.String(), "name: dnsconfigs.tailscale.com") {
+		t.Errorf("DNSConfig CRD found in chart install that should not contain a CRD")
+	}
 }
--- a/cmd/k8s-operator/nameserver_test.go
+++ b/cmd/k8s-operator/nameserver_test.go
@ -69,7 +69,7 @@ func TestNameserverReconciler(t *testing.T) {
 	wantsDeploy.Namespace = "tailscale"
 	labels := nameserverResourceLabels("test", "tailscale")
 	wantsDeploy.ObjectMeta.Labels = labels
-	expectEqual(t, fc, wantsDeploy)
+	expectEqual(t, fc, wantsDeploy, nil)

 	// Verify that DNSConfig advertizes the nameserver's Service IP address,
 	// has the ready status condition and tailscale finalizer.
@ -88,7 +88,7 @@ func TestNameserverReconciler(t *testing.T) {
 		Message:            reasonNameserverCreated,
 		LastTransitionTime: &metav1.Time{Time: cl.Now().Truncate(time.Second)},
 	})
-	expectEqual(t, fc, dnsCfg)
+	expectEqual(t, fc, dnsCfg, nil)

 	// // Verify that nameserver image gets updated to match DNSConfig spec.
 	mustUpdate(t, fc, "", "test", func(dnsCfg *tsapi.DNSConfig) {
@ -96,7 +96,7 @@ func TestNameserverReconciler(t *testing.T) {
 	})
 	expectReconciled(t, nr, "", "test")
 	wantsDeploy.Spec.Template.Spec.Containers[0].Image = "test:v0.0.2"
-	expectEqual(t, fc, wantsDeploy)
+	expectEqual(t, fc, wantsDeploy, nil)

 	// Verify that when another actor sets ConfigMap data, it does not get
 	// overwritten by nameserver reconciler.
@ -114,5 +114,5 @@ func TestNameserverReconciler(t *testing.T) {
 		TypeMeta: metav1.TypeMeta{Kind: "ConfigMap", APIVersion: "v1"},
 		Data:     map[string]string{"dns.json": string(bs)},
 	}
-	expectEqual(t, fc, wantCm)
+	expectEqual(t, fc, wantCm, nil)
 }