fix(plan): explicitly check for CNAME conflicts #3904
Conversation
This fixes a bug introduced in v0.13.5 in which CNAMEs are no longer treated as another candidate for the same DNS name. Instead, they are their own line in the plan and will always try to be created. Consequently, the plan can result in both A records (or others) and CNAMEs attempting to be created simultaneously, which results in errors. Previously, this behavior was guaranteed by the IsLess function that would always prefer an A or AAAA record over a CNAME for the same domain name. However, that function rarely is reached anymore since you would need to have multiple candidates for the same record type for it to trigger (e.g. 2 IP addresses for an A record). Consequently, the behavior to prefer IP addresses is moot and needs to be addressed elsewhere (i.e. here).
k8s-ci-robot
added
the
cncf-cla: yes
|
Hi @wbh1. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
|
This may already be covered by #3747, but perhaps @johngmyers or @cronik could speak to that. |
|
Hello @wbh1, Thanks for this PR. Would you please add a test to this PR ? |
k8s-ci-robot
added
the
needs-rebase
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
removed
the
needs-rebase
|
This PR is unlikely to move forward as it duplicates #3747 |
|
Closing in favor of #3747, which was merged. |
Description
This fixes a bug introduced in v0.13.5 (via this PR) in which CNAMEs are no longer treated as another candidate for the same DNS name. Instead, they are their own line in the plan and will always try to be created. Consequently, the plan can result in both A records (or others) and CNAMEs attempting to be created simultaneously, which results in errors.
Previously, it would put a CNAME and A record as candidates to the same domain (e.g.
nginx.lke.hegedus.wtf), thenResolveCreatewould choose which record to create (explicitly preferring A records as of #2716).You can see how the data structure changed based on these screenshots from my debugger on v0.13.4 vs v0.13.5 (and main).
Old:
New:
Previously, just the DNS name was the key in the map, but now both the record type and the set identifier are considered part of the key.
Rather than reverting that change or further altering the data structure, I decided to implement the necessary CNAME safeguarding to avoid conflicting records. It feels gross to
rangeover the same data structure multiple times like this, but it ought to always be small enough that it has a negligible impact on performance. Open to suggestions, though.There are a lot of issues I've found related to trying to create CNAMEs instead of A records since v0.13.5. Some of the ones I found in passing that I think this might address:
Fixes #3714
Maybe #3833
Maybe #3787
Maybe #3706
This is another bug related to the data structure change to use
planKey, but I don't think this solves it: #3715Checklist