feat: new CRD to manage multiple PowerDNS

[mydoomfr]

Manage multiple PowerDNS instances

Issue: #197

• Introduce a PDNSProvider CRD to manage multiple PowerDNS instances.
• Enhance TLS and credential management (including fetching data from Secrets/ConfigMaps).
• Add .spec.providerRef (mandatory) property to Zone and ClusterZone.
• Introduce breaking change with the bump of all CRD to v1alpha3

CRD

apiVersion: dns.cav.enablers.ob/v1alpha3
kind: PDNSProvider
metadata:
  name: powerdns1
spec:
  # Reconciliation interval - how often to check PowerDNS connection ; default: 5m
  interval: 3m
  url: https://powerdns.example.com:8081
  vhost: localhost
  timeout: 45s
  proxy: https://corporate-proxy.example.com:8080
  tls:
    insecure: false
    caBundleRef:
      name: powerdns-ca-bundle
      namespace: powerdns-operator-system
      kind: ConfigMap
      key: ca.crt
  credentials:
    secretRef:
      name: powerdns1
      namespace: powerdns1
      key: pdns-api-token

Remarks & Questions

• The SDK exposes PowerDNS statistics; Maybe we could store them into cluster.status? https://github.com/joeig/go-powerdns/blob/main/statistics.go
• Do we want to keep Cluster CRD name?
• The Cluster.spec.interval is the reconciliation interval of the Cluster (controller) to check the connectivity to PowerDNS. This could be misunderstood as "how often Zones/RRsets are reconciled for this specific PowerDNS instance". We should make this explicit in the documentation. Also I'd like to rely on this interval as a kind of health check to prevent subresources reconciliation when the PowerDNS API is unavailable, using cluster.IsConnectionHealthy().
• Should we keep the legacy configuration to avoid a breaking change? It adds a lot of code + documentation overhead and forces clusterRef to remain optional, even though Zone/ClusterZone requires it.
• Check test coverage.
• Write the documentation.

I rebased develop so we can merge this PR on it, then iterate with futur PR until we have something stable.
I'll squash my commits before merge.

[antrema]

@mydoomfr What about PDNSServer or PDNSInstance as CRD name

[mydoomfr]

@antrema Ready to be reviewed and merged into develop.
I have squashed all commits to keep the history clean.
There’s still a lot of work to do on tests, documentation, and on the controller reconcile loops.

Tests are passing and the code is running well, but we should double-check with more YAML samples.

PS: Renaming the CRD from Cluster to PDNSProvider was a real pain in the ass and I didn't expect that.

[antrema]

Well done, some remarks regarding terminology, after validating them, we should validate the PR and merge into develop, we will further add tests, metrics regarding new resource

[antrema]

As discussed, we should probably consider namespace-scoped resource to better deal with fine-tuned authorization.
Example:
John DOE can only create a RRSet for PDNProvider #1 where Jane DOE can create on both PDNProvider #1 and PDNProvider #2

[antrema]

Does it still make sense to consider a namespace if PDNSProvider becomes a namespace-scoped resource, I don't have a strong opinion

[antrema]

Suggested change

	// Insecure enables insecure connections to PowerDNS API (skip TLS verification)
	// Enables insecure connections to PowerDNS API (skip TLS verification), default to false

[antrema]

Suggested change

	// CABundleRef is a reference to a ConfigMap or Secret containing a CA bundle
	// Reference to a ConfigMap or Secret containing a CA bundle

[antrema]

Suggested change

	// Namespace is the namespace of the ConfigMap or Secret
	// Namespace containing the ConfigMap or Secret

[antrema]

Suggested change

	apiVersion: dns.cav.enablers.ob/v1alpha2
	apiVersion: dns.cav.enablers.ob/v1alpha3

[antrema]

Suggested change

	apiVersion: dns.cav.enablers.ob/v1alpha2
	apiVersion: dns.cav.enablers.ob/v1alpha3

[antrema]

Suggested change

	apiVersion: dns.cav.enablers.ob/v1alpha2
	apiVersion: dns.cav.enablers.ob/v1alpha3

[antrema]

Suggested change

	apiVersion: dns.cav.enablers.ob/v1alpha2
	apiVersion: dns.cav.enablers.ob/v1alpha3

[antrema]

Any interest to keep "v1alpha2" sample resources ?
Missing v1alpha3 sample resources

[antrema]

Well done, some remarks regarding terminology, after validating them, we should validate the PR and merge into develop, we will further add tests, metrics regarding new resource

[antrema]

The SDK exposes PowerDNS statistics; Maybe we could store them into cluster.status? https://github.com/joeig/go-powerdns/blob/main/statistics.go

Don't know what are these statistics but aren't there metrics ?

[antrema]

Today is another day, it comes with more comments ... Have a nice week-end ;-)

[antrema]

Why calling Reconcile function whereas PDNSProviderReconciler has been started on suite_test.go:

err = (&PDNSProviderReconciler{
	Client: k8sManager.GetClient(),
	Scheme: k8sManager.GetScheme(),
}).SetupWithManager(k8sManager)
Expect(err).ToNot(HaveOccurred())

[antrema]

In other tests, we used to have Context after BeforeEach and AfterEach, I think we should have the same structure for all tests

[antrema]

I think it is missing access to ConfigMap for CABundle stored as ConfigMap

[antrema]

"if/else" or "switch" structure ? I have no strong opinion

[antrema]

I prefer the variable not to have been created instead