Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add service annotation to set public/private iface for NodePort #1310

Merged
merged 2 commits into from
Sep 21, 2020
Merged

add service annotation to set public/private iface for NodePort #1310

merged 2 commits into from
Sep 21, 2020

Conversation

rbtr
Copy link
Contributor

@rbtr rbtr commented Dec 5, 2019

Scenario: in AWS with a private hosted zone, and instances with both public and private IPs, I would like some NodePort services to be registered in DNS with the node's private IP so that they're only resolvable within my VPC.

This is my reattempt at #898 since it appears abandoned, and I think that having the public/private interface selection should happen on a per-service basis rather than globally.

I'm open to suggestions on what the annotation should be renamed to, consider "access" a placeholder...
Finally, this change should be backwards compatible - if the annotation is not present we fall through to the previous behavior.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Dec 5, 2019
@k8s-ci-robot
Copy link
Contributor

Welcome @rbtr!

It looks like this is your first PR to kubernetes-sigs/external-dns 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/external-dns has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Dec 5, 2019
@rbtr
Copy link
Contributor Author

rbtr commented Dec 5, 2019

/assign @linki

@rbtr
Copy link
Contributor Author

rbtr commented Dec 5, 2019

honestly, this could be the start of a larger story on being able to appropriately segregate private/public IPs and zones - like maybe if the aws-zone-type is set to public use public IPs and if it's set to private use private IPs, or maybe the zone type could be detected, or maybe I could set multiple zones and different hostname per zone in a single service for split horizon configs...
but this seems like the minimally invasive change required to be able to create records with the instance private IPs, in a private zone, when those instances also have public IPs

@rbtr rbtr force-pushed the feature/public-private-ip branch 8 times, most recently from 1d134b5 to 5150850 Compare December 20, 2019 13:39
@rbtr
Copy link
Contributor Author

rbtr commented Jan 13, 2020

bump? @linki @hjacobs @njuettner

@jonathan-mothership
Copy link

Duplicate of #1212?

@rbtr
Copy link
Contributor Author

rbtr commented Jan 23, 2020

@jonathan-mothership yeah, this and that PR are very similar in effect, if not identical.

i won't close this yet because i think, conceptually, saying "ignore public" is not the best way to characterize this datapath - it would be better to allow the user to be explicit in saying "use public" or "use private" - and that's a significant distinction in our implementations.

but i think it's safe to say neither PR author thinks that the current behavior of external-dns assuming which interface we want to use for us is correct either 😅

@jonathan-mothership
Copy link

I agree with you completely, @rbtr, this feature is useful for private EKS clusters. FWIW I've taken the other PR and modified the annotation name and value to be nodePortTarget="internal". Hopefully one of these PRs gets merged soon!
#1212 (comment)

@rbtr
Copy link
Contributor Author

rbtr commented Mar 6, 2020

@linki @hjacobs @njuettner
does this have any chance of making it in? it's the only way external-dns works for me

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 6, 2020
@rbtr rbtr force-pushed the feature/public-private-ip branch from 5150850 to 0fa6ad5 Compare March 6, 2020 16:42
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 6, 2020
@rbtr rbtr force-pushed the feature/public-private-ip branch 2 times, most recently from 8a4f385 to 6dab832 Compare March 6, 2020 16:45
@mthssdrbrg mthssdrbrg mentioned this pull request Apr 24, 2020
Closed
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 4, 2020
@seanmalloy
Copy link
Member

@seanmalloy any updates here?

@rbtr no updates yet. It is in my queue to review. It looks like there is conflict in source/service_test.go. Thanks for your patience.

@vinny-sabatini
Copy link
Contributor

/assign
/unassign @seanmalloy

vinny-sabatini
vinny-sabatini reviewed Sep 16, 2020
View reviewed changes
Copy link
Contributor

@vinny-sabatini vinny-sabatini left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @rbtr !
I gave this a review and the code change looks good to me. Thanks for the clear update of the docs and including the necessary test cases.

If you can fix the merge conflicts and rebase, I'll throw my LGTM label on there and will work with the official maintainers to get this reviewed and hopefully merged soon.

@rbtr
Copy link
Contributor Author

rbtr commented Sep 16, 2020

Wilco, thanks for the update

@rbtr
add service annotation to set public/private iface for NodePort
b75151e 
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Sep 16, 2020
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Sep 16, 2020
@rbtr
Copy link
Contributor Author

rbtr commented Sep 16, 2020

@vinny-sabatini rebased

@rbtr
Copy link
Contributor Author

rbtr commented Sep 16, 2020

/assign @Raffo

vinny-sabatini
vinny-sabatini approved these changes Sep 16, 2020
View reviewed changes
Copy link
Contributor

@vinny-sabatini vinny-sabatini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 16, 2020
@vinny-sabatini
Copy link
Contributor

/assign @njuettner

@Raffo
Copy link
Contributor

Raffo commented Sep 21, 2020

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Raffo, rbtr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 21, 2020
@k8s-ci-robot k8s-ci-robot merged commit 4a0406c into kubernetes-sigs:master Sep 21, 2020
@rbtr
Copy link
Contributor Author

rbtr commented Sep 21, 2020

thanks all!

@rbtr rbtr deleted the feature/public-private-ip branch September 21, 2020 20:18
@Timoses Timoses mentioned this pull request Oct 23, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vinny-sabatini vinny-sabatini vinny-sabatini approved these changes

@hjacobs hjacobs Awaiting requested review from hjacobs

@njuettner njuettner Awaiting requested review from njuettner

Assignees

@linki linki

@Raffo Raffo

@njuettner njuettner

@vinny-sabatini vinny-sabatini

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@rbtr @k8s-ci-robot @jonathan-mothership @fejta-bot @seanmalloy @vinny-sabatini @Raffo @linki @njuettner