DNS Groups.

.gitignore

@@ -25,6 +25,7 @@ Dockerfile.cross
 *.swp
 *.swo
 *~
+examples/*
 
 # Helm chart packages
 *operator*.tgz*

api/v1alpha1/conditions.go

@@ -18,3 +18,8 @@ const ConditionReasonUnhealthy ConditionReason = "HealthChecksFailed"
 
 const ConditionTypeReadyForDelegation ConditionType = "ReadyForDelegation"
 const ConditionReasonFinalizersSet ConditionReason = "FinalizersSet"
+
+const ConditionTypeActive ConditionType = "Active"
+const ConditionReasonNotInActiveGroup ConditionReason = "NotMemberOfActiveGroup"
+const ConditionReasonInActiveGroup ConditionReason = "MemberOfActiveGroup"
+const ConditionReasonNoActiveGroups ConditionReason = "NoActiveGroupsSet"

api/v1alpha1/dnsrecord_types.go

@@ -180,6 +180,9 @@ type DNSRecordStatus struct {
 
 	// Group displays the group which the dns-operator belongs to, if set.
 	Group types.Group `json:"group,omitempty"`
+
+	// ActiveGroups displays the last read list of active groups
+	ActiveGroups string `json:"activeGroups,omitempty"`
 }
 
 // GetRemoteRecordStatuses returns any remote record statuses in the current status.
@@ -340,6 +343,14 @@ func (s *DNSRecord) IsDeleting() bool {
 	return s.DeletionTimestamp != nil && !s.DeletionTimestamp.IsZero()
 }
 
+// IsActive always returns true for base DNSRecord instances.
+// This method is part of the DNSRecordAccessor interface and is overridden
+// by GroupAdapter to provide group-aware behavior. The base implementation
+// ensures that non-grouped records are always considered active.
+func (s *DNSRecord) IsActive() bool {
+	return true
+}
+
 // ProviderAccessor impl
 
 var _ ProviderAccessor = &DNSRecord{}

bundle/manifests/kuadrant.io_dnsrecords.yaml

@@ -228,6 +228,9 @@ spec:
           status:
             description: DNSRecordStatus defines the observed state of DNSRecord
             properties:
+              activeGroups:
+                description: ActiveGroups displays the last read list of active groups
+                type: string
               conditions:
                 description: |-
                   conditions are any conditions associated with the record in the dns provider.

charts/dns-operator/templates/manifests.yaml

@@ -354,6 +354,9 @@ spec:
           status:
             description: DNSRecordStatus defines the observed state of DNSRecord
             properties:
+              activeGroups:
+                description: ActiveGroups displays the last read list of active groups
+                type: string
               conditions:
                 description: |-
                   conditions are any conditions associated with the record in the dns provider.

cmd/main.go

@@ -264,6 +264,7 @@ func main() {
 			ProviderFactory: providerFactory,
 			DelegationRole:  delegationRole,
 			Group:           group,
+			TXTResolver:     &controller.DefaultTXTResolver{},
 		},
 		Client: mgr.GetClient(),
 	}
@@ -280,6 +281,7 @@ func main() {
 				ProviderFactory: providerFactory,
 				DelegationRole:  delegationRole,
 				Group:           group,
+				TXTResolver:     &controller.DefaultTXTResolver{},
 			},
 			RemoteClusterCollector: remoteClusterCollector,
 		}

cmd/plugin/get-zone-records.go

@@ -81,7 +81,7 @@ func init() {
 	}
 
 	getZoneRecordsCMD.Flags().StringVar(&providerRef, "providerRef", noDefault,
-		fmt.Sprintf("A provider reference to the secert to use when querying. This can only be used with the type of %s. Format = '<namespace>/<name>'", host))
+		fmt.Sprintf("A provider reference to the secret to use when querying. This can only be used with the type of %s. Format = '<namespace>/<name>'", host))
 
 	getZoneRecordsCMD.Flags().StringVarP(&namespace, "namespace", "n", "dns-operator-system", "namespace where resources exist")
 }

cmd/plugin/secret_generation.go

@@ -439,7 +439,7 @@ func saveSecret(log logr.Logger, secret Secret, dirPath string) (*os.File, error
 }
 
 func applySecretToCluser(log logr.Logger, secretFile string) error {
-	log.V(1).Info("Write secert to main cluster")
+	log.V(1).Info("Write secret to main cluster")
 	args := []string{
 		"apply",
 		"--filename",
@@ -460,7 +460,7 @@ func applySecretToCluser(log logr.Logger, secretFile string) error {
 		return errors.New("unable to write secret to cluster")
 	}
 
-	log.Info(fmt.Sprintf("Secert %s created in namespace %s", generateSecretFlags.name, generateSecretFlags.namespace))
+	log.Info(fmt.Sprintf("secret %s created in namespace %s", generateSecretFlags.name, generateSecretFlags.namespace))
 
 	return nil
 }

config/coredns/Corefile

@@ -1,11 +1,15 @@
 k.example.com {
     debug
     errors
+    log
+
+    rewrite name regex kuadrant-active-groups\.(.*)k.example\.com kuadrant-active-groups-coredns.pb.hcpapps.net
+    forward kuadrant-active-groups-coredns.pb.hcpapps.net /etc/resolv.conf
+
     health {
         lameduck 5s
     }
     ready
-    log
     geoip GeoLite2-City-demo.mmdb {
         edns-subnet
     }
@@ -15,4 +19,4 @@ k.example.com {
     }
     kuadrant
     prometheus 0.0.0.0:9153
-}
+}

config/crd/bases/kuadrant.io_dnsrecords.yaml

@@ -228,6 +228,9 @@ spec:
           status:
             description: DNSRecordStatus defines the observed state of DNSRecord
             properties:
+              activeGroups:
+                description: ActiveGroups displays the last read list of active groups
+                type: string
               conditions:
                 description: |-
                   conditions are any conditions associated with the record in the dns provider.

config/local-setup/dns-provider/coredns/kustomization.yaml

@@ -5,6 +5,7 @@ generatorOptions:
   labels:
     app.kubernetes.io/part-of: dns-operator
     app.kubernetes.io/managed-by: kustomize
+    kuadrant.io/default-provider: "true"
 
 secretGenerator:
   - name: dns-provider-credentials

coredns/examples/Corefile

@@ -1,11 +1,22 @@
 k.example.com {
-   debug
-   errors
-   log
-   geoip GeoLite2-City-demo.mmdb
-   metadata
-   transfer {
-     to *
-   }
-   kuadrant
-}
+    debug
+    errors
+    log
+
+    rewrite name regex kuadrant-active-groups\.(.*)k.example\.com kuadrant-active-groups-coredns.pb.hcpapps.net
+    forward kuadrant-active-groups-coredns.pb.hcpapps.net /etc/resolv.conf
+
+    health {
+        lameduck 5s
+    }
+    ready
+    geoip GeoLite2-City-demo.mmdb {
+        edns-subnet
+    }
+    metadata
+    transfer {
+        to *
+    }
+    kuadrant
+    prometheus 0.0.0.0:9153
+}

internal/controller/base_dnsrecord_reconciler.go

@@ -26,11 +26,16 @@ import (
 	"github.com/kuadrant/dns-operator/types"
 )
 
+const (
+	activeGroupsTXTRecordName = "kuadrant-active-groups"
+)
+
 type BaseDNSRecordReconciler struct {
 	Scheme          *runtime.Scheme
 	ProviderFactory provider.Factory
 	DelegationRole  string
 	Group           types.Group
+	TXTResolver     TXTResolver
 }
 
 func (r *BaseDNSRecordReconciler) IsPrimary() bool {
@@ -106,7 +111,7 @@ func (r *BaseDNSRecordReconciler) publishRecord(ctx context.Context, dnsRecord D
 	if err != nil {
 		return hadChanges, err
 	}
-	logger.Info("Published DNSRecord to zone")
+	logger.Info("Published DNSRecord to zone", "hadChanges?", hadChanges)
 
 	return hadChanges, nil
 }
@@ -129,9 +134,11 @@ func (r *BaseDNSRecordReconciler) applyChanges(ctx context.Context, dnsRecord DN
 		return false, err
 	}
 
-	recordRegistry = registry.GroupRegistry{
-		Registry: recordRegistry,
-		Group:    r.Group,
+	if !dnsRecord.GetDNSRecord().IsAuthoritativeRecord() {
+		recordRegistry = registry.GroupRegistry{
+			Registry: recordRegistry,
+			Group:    dnsRecord.GetGroup(),
+		}
 	}
 
 	policyID := "sync"
@@ -192,7 +199,12 @@ func (r *BaseDNSRecordReconciler) applyChanges(ctx context.Context, dnsRecord DN
 }
 
 func (r *BaseDNSRecordReconciler) updateStatus(ctx context.Context, client client.Client, previous, current DNSRecordAccessor, err error) (reconcile.Result, error) {
-	result, uErr := r.updateStatusAndRequeue(ctx, client, previous, current, 0)
+	_, requeueTime := recordReceivedPrematurely(current)
+	if !current.IsActive() {
+		requeueTime = InactiveGroupRequeueTime
+	}
+	result, uErr := r.updateStatusAndRequeue(ctx, client, previous, current, requeueTime)
+
 	if uErr != nil {
 		err = uErr
 	}

internal/controller/dnsrecord_accessor.go

@@ -41,17 +41,21 @@ type DNSRecordAccessor interface {
 	GetStatus() *v1alpha1.DNSRecordStatus
 	SetStatusConditions(hadChanges bool)
 	SetStatusCondition(conditionType string, status metav1.ConditionStatus, reason, message string)
+	ClearStatusCondition(conditionType string)
+	GetStatusCondition(conditionType string) *metav1.Condition
 	SetStatusOwnerID(id string)
 	SetStatusZoneID(id string)
 	SetStatusZoneDomainName(domainName string)
 	SetStatusDomainOwners(owners []string)
 	SetStatusEndpoints(endpoints []*externaldns.Endpoint)
 	SetStatusObservedGeneration(observedGeneration int64)
 	SetStatusGroup(types.Group)
+	SetStatusActiveGroups(types.Groups)
 	HasOwnerIDAssigned() bool
 	HasDNSZoneAssigned() bool
 	HasProviderSecretAssigned() bool
 	IsDeleting() bool
+	IsActive() bool
 }
 
 type DNSRecord struct {
@@ -92,7 +96,14 @@ func (s *DNSRecord) GetStatus() *v1alpha1.DNSRecordStatus {
 
 func (s *DNSRecord) SetStatusConditions(_ bool) {
 	//We do nothing here at the moment!!
-	return
+}
+
+func (s *DNSRecord) GetStatusCondition(conditionType string) *metav1.Condition {
+	return meta.FindStatusCondition(s.GetStatus().Conditions, conditionType)
+}
+
+func (s *DNSRecord) ClearStatusCondition(conditionType string) {
+	meta.RemoveStatusCondition(&s.GetStatus().Conditions, conditionType)
 }
 
 func (s *DNSRecord) SetStatusCondition(conditionType string, status metav1.ConditionStatus, reason, message string) {
@@ -136,6 +147,10 @@ func (s *DNSRecord) SetStatusGroup(group types.Group) {
 	s.GetStatus().Group = group
 }
 
+func (s *DNSRecord) SetStatusActiveGroups(groups types.Groups) {
+	s.GetStatus().ActiveGroups = groups.String()
+}
+
 type RemoteDNSRecord struct {
 	*v1alpha1.DNSRecord
 	ClusterID string
@@ -182,7 +197,16 @@ func (s *RemoteDNSRecord) GetStatus() *v1alpha1.DNSRecordStatus {
 
 func (s *RemoteDNSRecord) SetStatusConditions(_ bool) {
 	//We do nothing here at the moment!!
-	return
+}
+
+func (s *RemoteDNSRecord) GetStatusCondition(conditionType string) *metav1.Condition {
+	return meta.FindStatusCondition(s.Status.Conditions, conditionType)
+}
+
+func (s *RemoteDNSRecord) ClearStatusCondition(conditionType string) {
+	conditions := s.GetStatus().Conditions
+	meta.RemoveStatusCondition(&conditions, conditionType)
+	s.GetStatus().Conditions = conditions
 }
 
 func (s *RemoteDNSRecord) SetStatusCondition(conditionType string, status metav1.ConditionStatus, reason, message string) {
@@ -231,6 +255,11 @@ func (s *RemoteDNSRecord) SetStatusGroup(_ types.Group) {
 	panic("cannot set Group on remote record")
 }
 
+func (s *RemoteDNSRecord) SetStatusActiveGroups(groups types.Groups) {
+	s.GetStatus().ActiveGroups = groups.String()
+	s.setStatus()
+}
+
 func (s *RemoteDNSRecord) setStatus() {
 	s.DNSRecord.Status.SetRemoteRecordStatus(s.ClusterID, *s.status)
 }