Stubzone support

Initial implementation of support for stub zones for the unbound
resolver.

Author: beagles

api/bases/designate.openstack.org_designates.yaml

@@ -1840,6 +1840,22 @@ spec:
                     description: ServiceAccount - service account name used internally
                       to provide Designate services the default SA name
                     type: string
+                  stubZones:
+                    description: Allows configuring stub zone entries in the managed
+                      Unbound servers for the managed nameservers.
+                    items:
+                      properties:
+                        name:
+                          type: string
+                        options:
+                          additionalProperties:
+                            type: string
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                    x-kubernetes-list-type: atomic
                   topologyRef:
                     description: |-
                       TopologyRef to apply the Topology defined by the associated CR referenced

api/bases/designate.openstack.org_designateunbounds.yaml

@@ -311,6 +311,22 @@ spec:
                 description: ServiceAccount - service account name used internally
                   to provide Designate services the default SA name
                 type: string
+              stubZones:
+                description: Allows configuring stub zone entries in the managed Unbound
+                  servers for the managed nameservers.
+                items:
+                  properties:
+                    name:
+                      type: string
+                    options:
+                      additionalProperties:
+                        type: string
+                      type: object
+                  required:
+                  - name
+                  type: object
+                type: array
+                x-kubernetes-list-type: atomic
               topologyRef:
                 description: |-
                   TopologyRef to apply the Topology defined by the associated CR referenced

api/v1beta1/designateunbound_types.go

@@ -57,13 +57,24 @@ type DesignateUnboundSpecBase struct {
 	// an override for each replica.
 	// +kubebuilder:validation:Optional
 	Override UnboundOverrideSpec `json:"override,omitempty"`
+
+	// Allows configuring stub zone entries in the managed Unbound servers for the managed nameservers.
+	// +kubebuilder:validation:Optional
+	// +listType=atomic
+	StubZones []StubZone `json:"stubZones,omitempty"`
 }
 
 type UnboundOverrideSpec struct {
 	// +listType=atomic
 	Services []service.OverrideSpec `json:"services,omitempty"`
 }
 
+type StubZone struct {
+	Name string               `json:"name"`
+	// +kubebuilder:validation:Optional
+	Options map[string]string `json:"options,omitempty"`
+}
+
 // DesignateUnboundStatus defines the observed state of DesignateUnbound
 type DesignateUnboundStatus struct {
 	// ReadyCount of designate central instances

api/v1beta1/zz_generated.deepcopy.go

@@ -1840,6 +1840,22 @@ spec:
                     description: ServiceAccount - service account name used internally
                       to provide Designate services the default SA name
                     type: string
+                  stubZones:
+                    description: Allows configuring stub zone entries in the managed
+                      Unbound servers for the managed nameservers.
+                    items:
+                      properties:
+                        name:
+                          type: string
+                        options:
+                          additionalProperties:
+                            type: string
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                    x-kubernetes-list-type: atomic
                   topologyRef:
                     description: |-
                       TopologyRef to apply the Topology defined by the associated CR referenced

config/crd/bases/designate.openstack.org_designates.yaml

@@ -311,6 +311,22 @@ spec:
                 description: ServiceAccount - service account name used internally
                   to provide Designate services the default SA name
                 type: string
+              stubZones:
+                description: Allows configuring stub zone entries in the managed Unbound
+                  servers for the managed nameservers.
+                items:
+                  properties:
+                    name:
+                      type: string
+                    options:
+                      additionalProperties:
+                        type: string
+                      type: object
+                  required:
+                  - name
+                  type: object
+                type: array
+                x-kubernetes-list-type: atomic
               topologyRef:
                 description: |-
                   TopologyRef to apply the Topology defined by the associated CR referenced

config/crd/bases/designate.openstack.org_designateunbounds.yaml

@@ -62,6 +62,12 @@ type UnboundReconciler struct {
 	Scheme  *runtime.Scheme
 }
 
+type StubZoneTmplRec struct {
+	Name    string
+	Options map[string]string
+	Servers []string
+}
+
 func min(i int, j int) int {
 	if i < j {
 		return i
@@ -271,11 +277,6 @@ func (r *UnboundReconciler) reconcileUpgrade(instance *designatev1.DesignateUnbo
 func (r *UnboundReconciler) reconcileNormal(ctx context.Context, instance *designatev1.DesignateUnbound, helper *helper.Helper) (ctrl.Result, error) {
 	util.LogForObject(helper, "Reconciling Service", instance)
 
-	if controllerutil.AddFinalizer(instance, helper.GetFinalizer()) {
-		// Return to persist the finalizer immediately
-		return ctrl.Result{}, nil
-	}
-
 	serviceLabels := map[string]string{
 		common.AppSelector:       instance.ObjectMeta.Name,
 		common.ComponentSelector: designateunbound.Component,
@@ -515,6 +516,20 @@ func (r *UnboundReconciler) onIPChange() (ctrl.Result, error) {
 	return ctrl.Result{}, nil
 }
 
+func stubZoneDefaults(values map[string]string) map[string]string {
+
+	if values == nil {
+		values = make(map[string]string)
+	}
+	if _, ok := values["stub-prime"]; !ok {
+		values["stub-prime"] = "true"
+	}
+	if _, ok := values["stub-first"]; !ok {
+		values["stub-first"] = "true"
+	}
+	return values
+}
+
 func (r *UnboundReconciler) generateServiceConfigMaps(
 	ctx context.Context,
 	instance *designatev1.DesignateUnbound,
@@ -530,6 +545,32 @@ func (r *UnboundReconciler) generateServiceConfigMaps(
 
 	templateParameters := make(map[string]interface{})
 
+	stubZoneData := make([]StubZoneTmplRec, len(instance.Spec.StubZones))
+	if len(instance.Spec.StubZones) > 0 {
+		bindIPMap := &corev1.ConfigMap{}
+		err := h.GetClient().Get(ctx, types.NamespacedName{Name: designate.BindPredIPConfigMap, Namespace: instance.GetNamespace()}, bindIPMap)
+		if err != nil {
+			if k8s_errors.IsNotFound(err) {
+				r.Log.Info("nameserver IPs not available, unable to complete unbound configuration at this time")
+			}
+			return err
+		}
+		bindIPs := make([]string, len(bindIPMap.Data))
+		keyTmpl := "bind_address_%d"
+		for i := 0; i < len(bindIPMap.Data); i++ {
+			bindIPs[i] = bindIPMap.Data[fmt.Sprintf(keyTmpl, i)]
+		}
+
+		for i := 0; i < len(instance.Spec.StubZones); i++ {
+			stubZoneData[i] = StubZoneTmplRec{
+				Name:    instance.Spec.StubZones[i].Name,
+				Options: stubZoneDefaults(instance.Spec.StubZones[i].Options),
+				Servers: bindIPs,
+			}
+		}
+	}
+	templateParameters["StubZones"] = stubZoneData
+
 	cms := []util.Template{
 		// ScriptsConfigMap
 		{

controllers/designateunbound_controller.go

@@ -50,7 +50,7 @@ func StatefulSet(instance *designatev1beta1.DesignateUnbound,
 			VolumeSource: corev1.VolumeSource{
 				Secret: &corev1.SecretVolumeSource{
 					DefaultMode: &configMode,
-					SecretName:  "designate-unbound-config-data",
+					SecretName:  fmt.Sprintf("%s-config-data", instance.Name),
 				},
 			},
 		},

pkg/designateunbound/statefulset.go

@@ -0,0 +1,10 @@
+{{- range .StubZones }}
+stub-zone:
+   name: {{ .Name }}
+   {{- range .Servers }}
+   stub-addr: {{ . }}
+   {{- end  }}
+   {{- range $key, $value := .Options }}
+   {{ $key }}: {{ $value }}
+   {{- end }}
+{{ end }}

templates/designateunbound/config/01-stubzones.conf

@@ -140,7 +140,7 @@ func SimulateKeystoneReady(
 	}, timeout, interval).Should(Succeed())
 }
 
-func GetDefaultDesignateSpec(bind9ReplicaCount, mdnsReplicaCount int) map[string]interface{} {
+func GetDefaultDesignateSpec(bind9ReplicaCount, mdnsReplicaCount int, unboundReplicaCount int) map[string]interface{} {
 	spec := map[string]interface{}{
 		"databaseInstance":           "test-designate-db-instance",
 		"secret":                     SecretName,
@@ -157,6 +157,11 @@ func GetDefaultDesignateSpec(bind9ReplicaCount, mdnsReplicaCount int) map[string
 			Replicas: ptr.To(int32(mdnsReplicaCount)),
 		},
 	}
+	spec["designateUnbound"] = designatev1.DesignateUnboundSpec{
+		DesignateUnboundSpecBase: designatev1.DesignateUnboundSpecBase{
+			Replicas: ptr.To(int32(unboundReplicaCount)),
+		},
+	}
 	return spec
 }
 
@@ -426,6 +431,51 @@ func DesignateProducerConditionGetter(name types.NamespacedName) condition.Condi
 	return instance.Status.Conditions
 }
 
+// DesignateUnbound
+func GetDefaultUnboundSpec() map[string]interface{} {
+	return map[string]interface{}{
+		"databaseHostame":            "hostname-for-designate-unbound",
+		"secret":                     SecretName,
+		"designateNetworkAttachment": "designate-attachment",
+		"serviceAccount":             "designate",
+		"containerImage":             "repo/designate-unbound-image",
+	}
+}
+
+func CreateDesignateUnbound(name types.NamespacedName, spec map[string]interface{}) client.Object {
+	raw := map[string]interface{}{
+		"apiVersion": "designate.openstack.org/v1beta1",
+		"kind":       "DesignateUnbound",
+		"metadata": map[string]interface{}{
+			"name":      name.Name,
+			"namespace": name.Namespace,
+		},
+		"spec": spec,
+	}
+	return th.CreateUnstructured(raw)
+}
+
+func GetDesignateUnbound(name types.NamespacedName) *designatev1.DesignateUnbound {
+	instance := &designatev1.DesignateUnbound{}
+	Eventually(func(g Gomega) {
+		g.Expect(k8sClient.Get(ctx, name, instance)).Should(Succeed())
+	}, timeout, interval).Should(Succeed())
+	return instance
+}
+
+func CreateBindIPMap(namespace string, configData map[string]interface{}) client.Object {
+	raw := map[string]interface{}{
+		"apiVersion": "v1",
+		"kind":       "ConfigMap",
+		"metadata": map[string]interface{}{
+			"name":      designate.BindPredIPConfigMap,
+			"namespace": namespace,
+		},
+		"data": configData,
+	}
+	return th.CreateUnstructured(raw)
+}
+
 // Network attachment
 func CreateNAD(name types.NamespacedName) client.Object {
 	raw := map[string]interface{}{