controller implementation continued (still unfinished)

Author: Diaphteiros

api/crds/manifests/dns.openmcp.cloud_dnsserviceconfigs.yaml

@@ -4,6 +4,11 @@ import (
 	"slices"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+
+	fluxv1 "github.com/fluxcd/source-controller/api/v1"
+
+	commonapi "github.com/openmcp-project/openmcp-operator/api/common"
 )
 
 // DNSServiceConfigSpec defines the desired state of DNSServiceConfig
@@ -13,13 +18,34 @@ type DNSServiceConfigSpec struct {
 	// +optional
 	Selector *metav1.LabelSelector `json:"selector,omitempty"`
 
+	// ExternalDNSSource is the source of the external-dns helm chart.
+	ExternalDNSSource ExternalDNSSource `json:"externalDNSSource"`
+
 	// ExternalDNSForPurposes is a list of DNS configurations in combination with purpose selectors.
 	// The first matching purpose selector will be applied to the Cluster.
 	// If no selector matches, no configuration will be applied.
 	// +optional
 	ExternalDNSForPurposes []ExternalDNSPurposeConfig `json:"externalDNSForPurposes,omitempty"`
 }
 
+// ExternalDNSSource defines the source of the external-dns helm chart in form of a Flux source.
+// Exactly one of 'HelmRepository', 'GitRepository' or 'OCIRepository' must be set.
+// If 'copyAuthSecret' is set, the referenced source secret is copied into the namespace where the Flux resources are created with the specified target name.
+// +kubebuilder:validation:XValidation:rule=`size(self.filter(property, (property != "copyAuthSecret") && (size(self[property]) > 0))) == 1`, message="Exactly one of 'helm', 'git', or 'oci' must be set"
+type ExternalDNSSource struct {
+	Helm           *fluxv1.HelmRepositorySpec `json:"helm,omitempty"`
+	Git            *fluxv1.GitRepositorySpec  `json:"git,omitempty"`
+	OCI            *fluxv1.OCIRepositorySpec  `json:"oci,omitempty"`
+	CopyAuthSecret *SecretCopy                `json:"copyAuthSecret,omitempty"`
+}
+
+// SecretCopy defines the name of the secret to copy and the name of the copied secret.
+// If target is nil or target.name is empty, the secret will be copied with the same name as the source secret.
+type SecretCopy struct {
+	Source commonapi.ObjectReference  `json:"source"`
+	Target *commonapi.ObjectReference `json:"target"`
+}
+
 // ExternalDNSPurposeConfig holds a purpose selector and the DNS configuration to apply if the selector matches.
 type ExternalDNSPurposeConfig struct {
 	// Name is an optional name.
@@ -30,8 +56,9 @@ type ExternalDNSPurposeConfig struct {
 	// If not set, all Clusters are matched.
 	// +optional
 	PurposeSelector *PurposeSelector `json:"purposeSelector,omitempty"`
-	// Config is the DNS configuration to apply if the selector matches.
-	Config ExternalDNSConfig `json:"config"`
+	// HelmValues are the helm values to deploy external-dns with, if the purpose selector matches.
+	// +kubebuilder:validation:Schemaless
+	HelmValues runtime.RawExtension `json:"config"`
 }
 
 // PurposeSelector is a selector to match against the list of purposes of a Cluster.
@@ -54,10 +81,6 @@ type PurposeSelectorRequirement struct {
 	Name string                       `json:"name,omitempty"`
 }
 
-type ExternalDNSConfig struct {
-	// TODO
-}
-
 // +kubebuilder:object:root=true
 // +kubebuilder:metadata:labels="openmcp.cloud/cluster=platform"
 // +kubebuilder:resource:scope=Cluster,shortName=dnscfg

api/dns/v1alpha1/config_types.go

@@ -6,4 +6,6 @@ import (
 
 const (
 	OperationAnnotation = "dns." + openmcpconst.OperationAnnotation
+
+	ExternalDNSFinalizerOnCluster = "platformservice." + openmcpconst.OpenMCPGroupName + "/dns"
 )

api/dns/v1alpha1/constants.go

@@ -3,6 +3,7 @@ module github.com/openmcp-project/platform-service-dns/api
 go 1.25.1
 
 require (
+	github.com/fluxcd/source-controller/api v1.6.2
 	github.com/openmcp-project/openmcp-operator/api v0.14.0
 	k8s.io/apiextensions-apiserver v0.34.0
 	k8s.io/apimachinery v0.34.0
@@ -11,6 +12,8 @@ require (
 )
 
 require (
+	github.com/fluxcd/pkg/apis/acl v0.7.0 // indirect
+	github.com/fluxcd/pkg/apis/meta v1.12.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect

api/dns/v1alpha1/zz_generated.deepcopy.go

@@ -3,6 +3,12 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fluxcd/pkg/apis/acl v0.7.0 h1:dMhZJH+g6ZRPjs4zVOAN9vHBd1DcavFgcIFkg5ooOE0=
+github.com/fluxcd/pkg/apis/acl v0.7.0/go.mod h1:uv7pXXR/gydiX4MUwlQa7vS8JONEDztynnjTvY3JxKQ=
+github.com/fluxcd/pkg/apis/meta v1.12.0 h1:XW15TKZieC2b7MN8VS85stqZJOx+/b8jATQ/xTUhVYg=
+github.com/fluxcd/pkg/apis/meta v1.12.0/go.mod h1:+son1Va60x2eiDcTwd7lcctbI6C+K3gM7R+ULmEq1SI=
+github.com/fluxcd/source-controller/api v1.6.2 h1:UmodAeqLIeF29HdTqf2GiacZyO+hJydJlepDaYsMvhc=
+github.com/fluxcd/source-controller/api v1.6.2/go.mod h1:ZJcAi0nemsnBxjVgmJl0WQzNvB0rMETxQMTdoFosmMw=
 github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
 github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=

api/go.mod

@@ -5,6 +5,7 @@ go 1.25.1
 replace github.com/openmcp-project/platform-service-dns/api => ./api
 
 require (
+	github.com/fluxcd/source-controller/api v1.6.2
 	github.com/openmcp-project/controller-utils v0.19.0
 	github.com/openmcp-project/openmcp-operator/api v0.14.0
 	github.com/openmcp-project/openmcp-operator/lib v0.14.1-0.20250910074108-2166b543cee3
@@ -28,6 +29,8 @@ require (
 	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
 	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/fluxcd/pkg/apis/acl v0.7.0 // indirect
+	github.com/fluxcd/pkg/apis/meta v1.12.0 // indirect
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect

api/go.sum

@@ -25,6 +25,12 @@ github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjT
 github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/fluxcd/pkg/apis/acl v0.7.0 h1:dMhZJH+g6ZRPjs4zVOAN9vHBd1DcavFgcIFkg5ooOE0=
+github.com/fluxcd/pkg/apis/acl v0.7.0/go.mod h1:uv7pXXR/gydiX4MUwlQa7vS8JONEDztynnjTvY3JxKQ=
+github.com/fluxcd/pkg/apis/meta v1.12.0 h1:XW15TKZieC2b7MN8VS85stqZJOx+/b8jATQ/xTUhVYg=
+github.com/fluxcd/pkg/apis/meta v1.12.0/go.mod h1:+son1Va60x2eiDcTwd7lcctbI6C+K3gM7R+ULmEq1SI=
+github.com/fluxcd/source-controller/api v1.6.2 h1:UmodAeqLIeF29HdTqf2GiacZyO+hJydJlepDaYsMvhc=
+github.com/fluxcd/source-controller/api v1.6.2/go.mod h1:ZJcAi0nemsnBxjVgmJl0WQzNvB0rMETxQMTdoFosmMw=
 github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
 github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=