Merge pull request #8045 from rna-afk/capz_dns

CORS-3071: Create DNS entries for CAPZ implementation

Author: patrickdillon

go.mod

@@ -7,10 +7,12 @@ require (
 	cloud.google.com/go/storage v1.38.0
 	github.com/AlecAivazis/survey/v2 v2.3.5
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0-beta.1
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v4 v4.1.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.0.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.8.2
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.2.0
@@ -125,7 +127,7 @@ require (
 	cloud.google.com/go/compute v1.24.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v1.1.6 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.3.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect

go.sum

@@ -1168,12 +1168,12 @@ github.com/AlecAivazis/survey/v2 v2.3.5 h1:A8cYupsAZkjaUmhtTYv3sSqc7LO5mp1XDfqe5
 github.com/AlecAivazis/survey/v2 v2.3.5/go.mod h1:4AuI9b7RjAR+G7v9+C4YSlX/YL3K3cWNXgWXOhllqvI=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0-beta.1 h1:ODs3brnqQM99Tq1PffODpAViYv3Bf8zOg464MU7p5ew=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0-beta.1/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 h1:fb8kj/Dh4CSwgsOzHeZY4Xh68cFVbzXx+ONXGMY//4w=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0/go.mod h1:uReU2sSxZExRPBAg3qKzmAucSi51+SP1OhohieR821Q=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 h1:d81/ng9rET2YqdVkVwkb6EXeRrLJIwyGnJcAlAWKwhs=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v3 v3.0.1 h1:H3g2mkmu105ON0c/Gqx3Bm+bzoIijLom8LmV9Gjn7X0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v3 v3.0.1/go.mod h1:EAc3kjhZf9soch7yLID8PeKcE6VfKvQTllSBHYVdXd8=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v4 v4.1.0 h1:Vjq3Uy3JAU1DTxbA+uX6BegIhgO2pyFltbfbmDa9KdI=
@@ -1182,12 +1182,18 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.2
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.2.0/go.mod h1:c3iwOnL5Xq5K9ZOvxBrfZYD4pBDNTGK5b7ptkHN6SDs=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.3.0 h1:U73ZEM5QTwb7x/VrXLTi+sb6Aw9DqFJxOpWuj+pDPfk=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.3.0/go.mod h1:WpiaNrHqgIy+P5gTYbOA/JuMmxq7uq8onUvVBybjIlI=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2 h1:mLY+pNLjCUeKhgnAJWAKhEUQM+RJQo2H1fuGSw1Ky1E=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2/go.mod h1:FbdwsQ2EzwvXxOPcMFYO8ogEc9uMMIj3YkmCdXdAFmk=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups v1.0.0 h1:pPvTJ1dY0sA35JOeFq6TsY2xj6Z85Yo23Pj4wCCvu4o=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups v1.0.0/go.mod h1:mLfWfj8v3jfWKsL9G4eoBoXVcsqcIUTapmdKy7uGOp0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.0.0 h1:nBy98uKOIfun5z6wx6jwWLrULcM0+cjBalBFZlEZ7CA=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.0.0/go.mod h1:243D9iHbcQXoFUtgHJwL7gl2zx1aDuDMjvBZVGr2uW0=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0 h1:9Eih8XcEeQnFD0ntMlUDleKMzfeCeUfa+VbnDCI4AZs=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0/go.mod h1:wGPyTi+aURdqPAGMZDQqnNs9IrShADF8w2WZb6bKeq0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.8.2 h1:f9lam+D19V0TDn17+aFhrVhWPpfsF5zaGHeqDGJZAVc=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.8.2/go.mod h1:29c9+gYpdWhyC4TPANZBPlgoWllMDhguL2AIByPYQtk=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1 h1:7CBQ+Ei8SP2c6ydQTGCCrS35bDxgTMfoP2miAwK++OU=

pkg/asset/manifests/azure/cluster.go

@@ -55,6 +55,9 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 				},
 			},
 			NetworkSpec: capz.NetworkSpec{
+				NetworkClassSpec: capz.NetworkClassSpec{
+					PrivateDNSZoneName: installConfig.Config.ClusterDomain(),
+				},
 				Vnet: capz.VnetSpec{
 					ID: installConfig.Config.Azure.VirtualNetwork,
 					VnetClassSpec: capz.VnetClassSpec{
@@ -63,6 +66,15 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 						},
 					},
 				},
+				APIServerLB: capz.LoadBalancerSpec{
+					Name: fmt.Sprintf("%s-internal", clusterID.InfraID),
+					BackendPool: capz.BackendPool{
+						Name: fmt.Sprintf("%s-internal", clusterID.InfraID),
+					},
+					LoadBalancerClassSpec: capz.LoadBalancerClassSpec{
+						Type: capz.Internal,
+					},
+				},
 				Subnets: capz.Subnets{
 					{
 						SubnetClassSpec: capz.SubnetClassSpec{

pkg/infrastructure/azure/azure.go

@@ -1,6 +1,8 @@
 package azure
 
 import (
+	"context"
+
 	"github.com/openshift/installer/pkg/infrastructure/clusterapi"
 	azuretypes "github.com/openshift/installer/pkg/types/azure"
 )
@@ -12,3 +14,8 @@ type Provider struct{}
 
 // Name gives the name of the provider, Azure.
 func (*Provider) Name() string { return azuretypes.Name }
+
+// InfraReady sets the DNS currently after the ignition is done.
+func (p *Provider) InfraReady(ctx context.Context, in clusterapi.InfraReadyInput) error {
+	return createDNSEntries(ctx, in)
+}

pkg/infrastructure/azure/dns.go

@@ -0,0 +1,196 @@
+package azure
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns"
+	"k8s.io/utils/ptr"
+	capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/openshift/installer/pkg/asset/manifests/capiutils"
+	"github.com/openshift/installer/pkg/infrastructure/clusterapi"
+	"github.com/openshift/installer/pkg/types"
+)
+
+type recordListType string
+
+const (
+	cname      recordListType = "Cname"
+	arecord    recordListType = "ARecord"
+	aaaarecord recordListType = "AaaaRecord"
+)
+
+type recordList struct {
+	Name       string
+	RecordType armdns.RecordType
+	RecordSet  armdns.RecordSet
+}
+
+type recordPrivateList struct {
+	Name       string
+	RecordType armprivatedns.RecordType
+	RecordSet  armprivatedns.RecordSet
+}
+
+// Create DNS entries for azure.
+func createDNSEntries(ctx context.Context, in clusterapi.InfraReadyInput) error {
+	private := in.InstallConfig.Config.Publish == types.InternalPublishingStrategy
+	baseDomainResourceGroup := in.InstallConfig.Config.Azure.BaseDomainResourceGroupName
+	zone := in.InstallConfig.Config.BaseDomain
+	privatezone := in.InstallConfig.Config.ClusterDomain()
+	apiExternalName := fmt.Sprintf("api.%s", in.InstallConfig.Config.ObjectMeta.Name)
+
+	resourceGroup := fmt.Sprintf("%s-rg", in.InfraID)
+	if in.InstallConfig.Config.Azure.ResourceGroupName != "" {
+		resourceGroup = in.InstallConfig.Config.Azure.ResourceGroupName
+	}
+	azureTags := make(map[string]*string)
+	for k, v := range in.InstallConfig.Config.Azure.UserTags {
+		azureTags[k] = ptr.To(v)
+	}
+	azureCluster := &capz.AzureCluster{}
+	key := client.ObjectKey{
+		Name:      in.InfraID,
+		Namespace: capiutils.Namespace,
+	}
+	if err := in.Client.Get(ctx, key, azureCluster); err != nil && azureCluster != nil {
+		return fmt.Errorf("failed to get Azure cluster: %w", err)
+	}
+
+	if len(azureCluster.Spec.NetworkSpec.APIServerLB.FrontendIPs) == 0 {
+		return fmt.Errorf("failed to get Azure cluster LB frontend IPs")
+	}
+	ipIlb := azureCluster.Spec.NetworkSpec.APIServerLB.FrontendIPs[0].PrivateIPAddress
+	// useIPv6 := false
+	// for _, network := range in.InstallConfig.Config.Networking.ServiceNetwork {
+	// 	if network.IP.To4() == nil {
+	// 		useIPv6 = true
+	// 	}
+	// }
+
+	privateRecords := []recordPrivateList{}
+	ttl := int64(300)
+	recordType := arecord
+	// if useIPv6 {
+	// 	recordType = aaaarecord
+	// }
+	privateRecords = append(privateRecords, createPrivateRecordSet("api-int", azureTags, ttl, recordType, ipIlb, ""))
+	privateRecords = append(privateRecords, createPrivateRecordSet("api", azureTags, ttl, recordType, ipIlb, ""))
+
+	session, err := in.InstallConfig.Azure.Session()
+	if err != nil {
+		return fmt.Errorf("failed to create session: %w", err)
+	}
+	subscriptionID := session.Credentials.SubscriptionID
+	tokenCreds, err := azidentity.NewClientSecretCredential(session.Credentials.TenantID, session.Credentials.ClientID, session.Credentials.ClientSecret, nil)
+	if err != nil {
+		return fmt.Errorf("failed to create identity: %w", err)
+	}
+	recordSetClient, err := armdns.NewRecordSetsClient(subscriptionID, tokenCreds, nil)
+	if err != nil {
+		return fmt.Errorf("failed to create public record client: %w", err)
+	}
+	privateRecordSetClient, err := armprivatedns.NewRecordSetsClient(subscriptionID, tokenCreds, nil)
+	if err != nil {
+		return fmt.Errorf("failed to create private record client: %w", err)
+	}
+
+	// Create the records for api and api-int in the private zone and api.<clustername> for public zone.
+	// CAPI currently creates a record called "apiserver" instead of "api" so creating "api" for the installer in the private zone.
+	if !private {
+		cnameRecordName := apiExternalName
+		// apiExternalNameV6 := fmt.Sprintf("v6-api.%s", infraID)
+		// if useIPv6 {
+		// 	cnameRecordName = apiExternalNameV6
+		// }
+		// TODO: Populate with public LB FQDN. Placeholder text as value.
+		publicRecords := createRecordSet(cnameRecordName, azureTags, ttl, cname, "", in.InstallConfig.Config.ClusterDomain())
+		_, err = recordSetClient.CreateOrUpdate(ctx, baseDomainResourceGroup, zone, publicRecords.Name, publicRecords.RecordType, publicRecords.RecordSet, nil)
+		if err != nil {
+			return fmt.Errorf("failed to create public record set: %w", err)
+		}
+	}
+
+	for _, record := range privateRecords {
+		_, err = privateRecordSetClient.CreateOrUpdate(ctx, resourceGroup, privatezone, record.RecordType, record.Name, record.RecordSet, nil)
+		if err != nil {
+			return fmt.Errorf("failed to create private record set: %w", err)
+		}
+	}
+
+	return nil
+}
+
+func createPrivateRecordSet(lbType string, azureTags map[string]*string, ttl int64, rType recordListType, ipAddress string, recordName string) (record recordPrivateList) {
+	record = recordPrivateList{
+		Name: lbType,
+		RecordSet: armprivatedns.RecordSet{
+			Properties: &armprivatedns.RecordSetProperties{
+				TTL:      &ttl,
+				Metadata: azureTags,
+			},
+		},
+	}
+
+	switch rType {
+	case cname:
+		record.RecordType = armprivatedns.RecordTypeCNAME
+		record.RecordSet.Properties.CnameRecord = &armprivatedns.CnameRecord{
+			Cname: &recordName,
+		}
+	case arecord:
+		record.RecordType = armprivatedns.RecordTypeA
+		record.RecordSet.Properties.ARecords = []*armprivatedns.ARecord{
+			{
+				IPv4Address: &ipAddress,
+			},
+		}
+	case aaaarecord:
+		record.RecordType = armprivatedns.RecordTypeAAAA
+		record.RecordSet.Properties.AaaaRecords = []*armprivatedns.AaaaRecord{
+			{
+				IPv6Address: &ipAddress,
+			},
+		}
+	}
+	return record
+}
+
+func createRecordSet(lbType string, azureTags map[string]*string, ttl int64, rType recordListType, ipAddress string, recordName string) (record recordList) {
+	record = recordList{
+		Name: lbType,
+		RecordSet: armdns.RecordSet{
+			Properties: &armdns.RecordSetProperties{
+				TTL:      &ttl,
+				Metadata: azureTags,
+			},
+		},
+	}
+
+	switch rType {
+	case cname:
+		record.RecordType = armdns.RecordTypeCNAME
+		record.RecordSet.Properties.CnameRecord = &armdns.CnameRecord{
+			Cname: &recordName,
+		}
+	case arecord:
+		record.RecordType = armdns.RecordTypeA
+		record.RecordSet.Properties.ARecords = []*armdns.ARecord{
+			{
+				IPv4Address: &ipAddress,
+			},
+		}
+	case aaaarecord:
+		record.RecordType = armdns.RecordTypeAAAA
+		record.RecordSet.Properties.AaaaRecords = []*armdns.AaaaRecord{
+			{
+				IPv6Address: &ipAddress,
+			},
+		}
+	}
+	return record
+}