-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Webhook provider #3063
Webhook provider #3063
Conversation
@Raffo in general I like the idea. I added some small nits as comments. |
Left to do:
|
I like the idea and I think it's the only way to keep ExternalDNS maintainable. However, I would take a different approach: Instead of using a custom HTTP interface between ExternalDNS and its Provider plugins, I would use a
Before actually separating anything the approach can be tested by running two ExternalDNS instances with the following flags:
Then you can go ahead and extract just the code that you need to make A similar thing you can then do on the Source side. For example, core ExternalDNS would process core Kubernetes resources (Ingress, Service) and turn it into CRD objects. External resources, such as At the heart of all the different projects would be the CRD, so it needs to be very well defined. |
@linki thank you for commenting, it's an interesting idea. I think what you are proposing is a lot more work compared to this proposal and would require having people implementing a controller (with kubebuilder or similar, doesn't matter) which is frankly a ton more work than just implementing an http server that runs as a sidecar, without even getting to think about RBAC and so on. I agree that it would be more "kubernetes native", but I'm not sure what the benefit would really be. Nevertheless, I want to think more about it, but I am not sure it makes sense to push more CRDs where there is something simple that can be done with just an http server and a simple json marshal. |
Let's discuss it on maintainers meeting. Maybe @linki can join? |
@szuecs ok, I will send a message next week to schedule the meeting, I can't at the usual time and I know you have trouble at that time too. |
Is this still being worked on? Anywhere we can follow the discussion on this? Others seem to be curious too like in #2921.
Thank you guys for the hard work |
Agreed. While I don't have a concrete proposal (although, like @jobstoit said, I'd like a cert-manager style webook system), it seems to me that the number of in-tree providers is too big for the project to maintain. |
@jobstoit We have been discussing this today and decided the following:
/cc @szuecs @njuettner @linki |
@linki merged master, added headers and fixed the tests, with no logical changes with respect to the original PR. |
@Raffo as I am more strong against grpc, because of random errors all over the place (Opentracing and all of this for example, but not limited to that case) that I had to figure out and this does not need to have efficiency in that sense (parsing json will be good enough), I would stick with a simple json API. |
@linki do you think you can do a review of this one soon? |
provider/plugin/plugin.go
Outdated
return nil, err | ||
} | ||
|
||
fmt.Println(string(b)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is a leftover, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, 100%, let me re-review this.
provider/plugin/plugin.go
Outdated
) | ||
|
||
type PluginProvider struct { | ||
provider.BaseProvider |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BaseProvider has no domainfilter feature as far as I see GetDomainFilter. Do you intend that the 3rd party provider filters for us?
If it would be a generic feature we can add it here which frees the 3rd party providers from that code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, I need to think about how this will be 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at this, the issue is really that the provider interface has GetDomainFilter() endpoint.DomainFilterInterface
which returns an object that does the filter operation and that wouldn't really make sense to do over HTTP.
The other problem, is also that we need to add the two other functions:
PropertyValuesEqual
AdjustEndpoints
My thinking is that we can add those two, but GetDomainFilter
's logic needs to be implemented by the providers. WDYT @szuecs ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As discussed in person:
- PropertyValuesEqual
- AdjustEndpoints
will be part of the webhook interface.
DomainFilter somehow needs to be done by the provider itself and is out of scope right now.
Maybe we can think about a list of regexp domain filter in the plugin provider and expose config via cli or configmap, not sure if this would be sufficient. This can be also done as an enhancement later.
Signed-off-by: Raffaele Di Fazio <[email protected]>
Signed-off-by: Raffaele Di Fazio <[email protected]>
@johngmyers PTAL when you have time. |
/lgtm |
/lgtm |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Raffo The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Thanks for the great work! Is some template repository in the style of https://github.com/cert-manager/webhook-example planned? I think it would be useful to get people started writing their own external-dns webhook. |
@waldner I have a reference implementation that I have used for the initial testing in https://github.com/Raffo/external-dns-aws-plugin , but I still have to update that with the latest content of this PR. The folks at IONOS have done a good work at writing a very well documented provider: https://github.com/ionos-cloud/external-dns-ionos-webhook . |
@Raffo Do you have an idea when this PR will be released ? |
@akrieg-ionos We have made a release 3 weeks ago, haven't planned a new one yet. You can start using the images from https://gcr.io/k8s-staging-external-dns/external-dns if you don't want to build one, but I will need to consult the other maintainers to see what else we want/need to merge before cutting a release. |
@Raffo are there already any updates on when the next release is planned? |
This was released as part of v0.14.0. Great job @Raffo @johngmyers @mloiseleur 👏 |
Added reference to webhook provider, after looking at PR [kubernetes-sigs#3063](kubernetes-sigs#3063)
Description
This is the trivial implementation of a webhook provider. The whole idea of the webhook is so that we can add new providers without having to merge them in the core repository of external-dns and make it easy to maintain while lowering the burden for the maintainers. Like this, we can focus on the core functionality on the project and save countless hours spent in code review to review/maintain new providers.
As I said, this is a trivial implementation, there are probably a million corner cases to be discussed and it only implements a strict subset of the
Provider
interface, due to some details of how that can be implemented today. I post it early because I would love some feedback on this approach and idea, especially from @njuettner @szuecs @vinny-sabatini .I tested this with an extracted
aws
provider, the code is in https://github.com/Raffo/external-dns-aws-plugin . The development approach was the following:aws.go
to a different repo.I could achieve the following:
ExternalDNS log:
Extracted plugin:
Which proves the functionality of the webhook.
With this PR, I'm not really looking for a code review, rather for a general feedback on the idea. PR needs work and has conflict, but that's okay for now.