Skip to content

Commit 51ab6af

Browse files
committed
saner logic for DNS updates/reloads
1 parent c020e76 commit 51ab6af

File tree

9 files changed

+83
-5
lines changed

9 files changed

+83
-5
lines changed

CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,10 @@
1+
# v0.1.9
2+
3+
Released 2019-11-30
4+
5+
- better logic for restarting DNS services
6+
- minor cleanups
7+
18
# v0.1.8
29

310
Released 2019-10-22

README.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ This is generally achieved using the standard Kubernetes API along with the xmlr
88
the Kubernetes API is `watch`ed and appropriate updates are sent to pfSense (`config.xml`) via xmlrpc calls along with
99
appropriate reload/restart/update/sync actions to apply changes.
1010

11+
Please note, this controller is not designed to run multiple instances simultaneously (ie: do NOT crank up the replicas).
12+
1113
Disclaimer: this is new software bound to have bugs. Please make a backup before using it as it may eat your
1214
configuration. Having said that, all known code paths appear to be solid and working without issue. If you find a bug,
1315
please report it!
@@ -198,4 +200,4 @@ haproxy
198200
* https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/
199201
* https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors/
200202
* https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
201-
* https://github.com/MacFJA/PharBuilder
203+
* https://github.com/MacFJA/PharBuilder

deploy/deployment.yaml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,14 @@
11
---
22
kind: Deployment
3-
apiVersion: extensions/v1beta1
3+
apiVersion: apps/v1
44
metadata:
55
name: kubernetes-pfsense-controller
66
namespace: kube-system
77
spec:
88
replicas: 1
9+
selector:
10+
matchLabels:
11+
app: kubernetes-pfsense-controller
912
strategy:
1013
type: Recreate
1114
template:
@@ -16,7 +19,7 @@ spec:
1619
serviceAccountName: kubernetes-pfsense-controller
1720
containers:
1821
- name: kubernetes-pfsense-controller
19-
image: docker.io/travisghansen/kubernetes-pfsense-controller:v0.1.5
22+
image: docker.io/travisghansen/kubernetes-pfsense-controller:v0.1.9
2023
env:
2124
- name: PFSENSE_URL
2225
value: "https://192.168.1.1"

deploy/rbac.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ rules:
3131
- patch
3232
- apiGroups:
3333
- extensions
34+
- networking.k8s.io
3435
resources:
3536
- ingresses
3637
verbs:

src/KubernetesPfSenseController/Plugin/CommonTrait.php

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -109,9 +109,19 @@ private function getWatchCallback($stateKey, $options = [])
109109
switch ($event['type']) {
110110
case 'ADDED':
111111
case 'MODIFIED':
112+
$result = KubernetesUtils::findListItem($items, $item['metadata']['name']);
113+
$itemKey = $result['key'];
114+
$oldItem = $result['item'];
115+
112116
KubernetesUtils::putListItem($items, $item);
113117
if ($trigger) {
114-
$this->delayedAction();
118+
$shouldTriggerFromWatchUpdate = true;
119+
if ($itemKey !== null && method_exists($this, 'shouldTriggerFromWatchUpdate')) {
120+
$shouldTriggerFromWatchUpdate = $this->shouldTriggerFromWatchUpdate($oldItem, $item);
121+
}
122+
if ($shouldTriggerFromWatchUpdate) {
123+
$this->delayedAction();
124+
}
115125
}
116126
break;
117127
case 'DELETED':
@@ -137,11 +147,15 @@ private function getWatchCallback($stateKey, $options = [])
137147
*/
138148
protected function getKubernetesResourceDetails($resource)
139149
{
150+
$apiVersion = KubernetesUtils::getResourceApiVersion($resource);
151+
$kind = KubernetesUtils::getResourceKind($resource);
140152
$name = KubernetesUtils::getResourceName($resource);
141153
$namespace = KubernetesUtils::getResourceNamespace($resource);
142154
$selfLink = KubernetesUtils::getResourceSelfLink($resource);
143155

144156
$values = [
157+
//'apiVersion' => $apiVersion,
158+
//'kind' => $kind,
145159
'selfLink' => $selfLink,
146160
'name' => $name,
147161
];

src/KubernetesPfSenseController/Plugin/DNSHAProxyIngressProxy.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ public function init()
5555
];
5656
$options = [
5757
'trigger' => false,
58+
'log' => true
5859
];
5960
$watch = $controller->getKubernetesClient()->createWatch($ingressResourceWatchPath, $params, $this->getWatchCallback('ingresses', $options));
6061
$this->addWatch($watch);

src/KubernetesPfSenseController/Plugin/DNSIngresses.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ public function init()
5353
'fieldSelector' => $ingressFieldSelector,
5454
'resourceVersion' => $ingresses['metadata']['resourceVersion'],
5555
];
56-
$watch = $controller->getKubernetesClient()->createWatch($ingressResourceWatchPath, $params, $this->getWatchCallback('resources'));
56+
$watch = $controller->getKubernetesClient()->createWatch($ingressResourceWatchPath, $params, $this->getWatchCallback('resources', ['log' => true]));
5757
$this->addWatch($watch);
5858
$this->delayedAction();
5959
}

src/KubernetesPfSenseController/Plugin/DNSResourceTrait.php

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,9 @@ public function doAction()
6868

6969
if ($dnsmasqEnabled) {
7070
$dnsmasqConfig = PfSenseConfigBlock::getRootConfigBlock($this->getController()->getRegistryItem('pfSenseClient'), 'dnsmasq');
71+
if (!is_array($dnsmasqConfig->data['hosts'])) {
72+
$dnsmasqConfig->data['hosts'] = [];
73+
}
7174
foreach ($hosts as $host) {
7275
Utils::putListItemMultiKey($dnsmasqConfig->data['hosts'], $host, ['host', 'domain']);
7376
}
@@ -83,6 +86,9 @@ public function doAction()
8386

8487
if ($unboundEnabled) {
8588
$unboundConfig = PfSenseConfigBlock::getRootConfigBlock($this->getController()->getRegistryItem('pfSenseClient'), 'unbound');
89+
if (!is_array($unboundConfig->data['hosts'])) {
90+
$unboundConfig->data['hosts'] = [];
91+
}
8692
foreach ($hosts as $host) {
8793
Utils::putListItemMultiKey($unboundConfig->data['hosts'], $host, ['host', 'domain']);
8894
}
@@ -119,4 +125,26 @@ public function doAction()
119125
return false;
120126
}
121127
}
128+
129+
/**
130+
* Does a sanity check to prevent over-aggressive updates when watch resources are technically
131+
* modified but the things we care about are not
132+
*
133+
* @param $oldItem
134+
* @param $item
135+
* @return bool
136+
*/
137+
public function shouldTriggerFromWatchUpdate($oldItem, $item)
138+
{
139+
$oldResourceHosts = [];
140+
$newResourceHosts = [];
141+
142+
$this->buildResourceHosts($oldResourceHosts, $oldItem);
143+
$this->buildResourceHosts($newResourceHosts, $item);
144+
145+
if (md5(json_encode($oldResourceHosts)) != md5(json_encode($newResourceHosts))) {
146+
return false;
147+
}
148+
return true;
149+
}
122150
}

src/KubernetesPfSenseController/Plugin/KubernetesUtils.php

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,28 @@ public static function getResourceByNamespaceName($resources, $namespace, $name)
6767
}
6868
}
6969

70+
/**
71+
* Get apiVersion property from resource
72+
*
73+
* @param $resource
74+
* @return mixed
75+
*/
76+
public static function getResourceApiVersion($resource)
77+
{
78+
return $resource['apiVersion'];
79+
}
80+
81+
/**
82+
* Get kind property from resource
83+
*
84+
* @param $resource
85+
* @return mixed
86+
*/
87+
public static function getResourceKind($resource)
88+
{
89+
return $resource['kind'];
90+
}
91+
7092
/**
7193
* Get selfLink property from resource
7294
*

0 commit comments

Comments
 (0)