dns-zone-controller: with env-manager generating dnssec key and zone records
diff --git a/core/ns-controller/controllers/dnszone_controller.go b/core/ns-controller/controllers/dnszone_controller.go
new file mode 100644
index 0000000..40883ef
--- /dev/null
+++ b/core/ns-controller/controllers/dnszone_controller.go
@@ -0,0 +1,135 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+ "context"
+ "fmt"
+ "time"
+
+ corev1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/runtime"
+ ctrl "sigs.k8s.io/controller-runtime"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/log"
+
+ dodocloudv1 "github.com/giolekva/pcloud/core/ns-controller/api/v1"
+)
+
+// DNSZoneReconciler reconciles a DNSZone object
+type DNSZoneReconciler struct {
+ client.Client
+ Scheme *runtime.Scheme
+ Store ZoneStoreFactory
+}
+
+type DNSSecKey struct {
+ Basename string `json:"basename,omitempty"`
+ Key []byte `json:"key,omitempty"`
+ Private []byte `json:"private,omitempty"`
+ DS []byte `json:"ds,omitempty"`
+}
+
+//+kubebuilder:rbac:groups=dodo.cloud.dodo.cloud,resources=dnszones,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=dodo.cloud.dodo.cloud,resources=dnszones/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=dodo.cloud.dodo.cloud,resources=dnszones/finalizers,verbs=update
+//+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch;delete
+
+// Reconcile is part of the main kubernetes reconciliation loop which aims to
+// move the current state of the cluster closer to the desired state.
+// TODO(user): Modify the Reconcile function to compare the state specified by
+// the DNSZone object against the actual cluster state, and then
+// perform operations to make the cluster state reflect the state specified by
+// the user.
+//
+// For more details, check Reconcile and its Result here:
+// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.12.2/pkg/reconcile
+func (r *DNSZoneReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+ r.Store.Debug()
+ defer func() {
+ r.Store.Debug()
+ }()
+ logger := log.FromContext(ctx)
+ logger.Info(req.String())
+
+ resource := &dodocloudv1.DNSZone{}
+ if err := r.Get(context.Background(), client.ObjectKey{
+ Namespace: req.Namespace,
+ Name: req.Name,
+ }, resource); err != nil {
+ return ctrl.Result{RequeueAfter: time.Minute}, err
+ }
+ if resource.Status.Ready {
+ return ctrl.Result{}, nil
+ }
+ zoneConfig := ZoneConfig{
+ Zone: resource.Spec.Zone,
+ PublicIPs: resource.Spec.PublicIPs,
+ PrivateIP: resource.Spec.PrivateIP,
+ Nameservers: resource.Spec.Nameservers,
+ }
+ if resource.Spec.DNSSec.Enabled {
+ var secret corev1.Secret
+ if err := r.Get(context.Background(), client.ObjectKey{
+ Namespace: resource.Namespace, // NOTE(gio): configurable on resource level?
+ Name: resource.Spec.DNSSec.SecretName,
+ }, &secret); err != nil {
+ return ctrl.Result{RequeueAfter: time.Minute}, err
+ }
+ basename, ok := secret.Data["basename"]
+ if !ok {
+ return ctrl.Result{RequeueAfter: time.Minute}, fmt.Errorf("basename not found")
+ }
+ key, ok := secret.Data["key"]
+ if !ok {
+ return ctrl.Result{RequeueAfter: time.Minute}, fmt.Errorf("key not found")
+ }
+ private, ok := secret.Data["private"]
+ if !ok {
+ return ctrl.Result{RequeueAfter: time.Minute}, fmt.Errorf("private not found")
+ }
+ ds, ok := secret.Data["ds"]
+ if !ok {
+ return ctrl.Result{RequeueAfter: time.Minute}, fmt.Errorf("ds not found")
+ }
+ zoneConfig.DNSSec = &DNSSecKey{
+ Basename: string(basename),
+ Key: key,
+ Private: private,
+ DS: ds,
+ }
+ }
+ _, err := r.Store.Create(zoneConfig)
+ if err != nil {
+ return ctrl.Result{RequeueAfter: time.Minute}, err
+ }
+ resource.Status.Ready = true
+ if zoneConfig.DNSSec != nil {
+ resource.Status.RecordsToPublish = string(zoneConfig.DNSSec.DS)
+ }
+ if err := r.Status().Update(context.Background(), resource); err != nil {
+ return ctrl.Result{RequeueAfter: time.Minute}, err
+ }
+ return ctrl.Result{}, nil
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *DNSZoneReconciler) SetupWithManager(mgr ctrl.Manager) error {
+ return ctrl.NewControllerManagedBy(mgr).
+ For(&dodocloudv1.DNSZone{}).
+ Complete(r)
+}
diff --git a/core/ns-controller/controllers/store.go b/core/ns-controller/controllers/store.go
new file mode 100644
index 0000000..2b865ce
--- /dev/null
+++ b/core/ns-controller/controllers/store.go
@@ -0,0 +1,172 @@
+package controllers
+
+import (
+ "fmt"
+ "io"
+ "io/fs"
+ "os"
+ "text/template"
+
+ "github.com/Masterminds/sprig/v3"
+ "github.com/go-git/go-billy/v5"
+ "github.com/go-git/go-billy/v5/util"
+)
+
+const zoneConfigFilename = "coredns.conf"
+const rootConfigFilename = "coredns.conf"
+const importAllConfigFiles = "import */" + zoneConfigFilename
+
+type ZoneStore interface {
+ ConfigPath() string
+ AddDNSSec(key DNSSecKey) error
+}
+
+type ZoneConfig struct {
+ Zone string
+ PublicIPs []string
+ PrivateIP string
+ Nameservers []string
+ DNSSec *DNSSecKey
+}
+
+type ZoneStoreFactory interface {
+ ConfigPath() string
+ Create(zone ZoneConfig) (ZoneStore, error)
+ Debug()
+}
+
+type fsZoneStoreFactory struct {
+ fs billy.Filesystem
+}
+
+func NewFSZoneStoreFactory(fs billy.Filesystem) (ZoneStoreFactory, error) {
+ if err := util.WriteFile(fs, rootConfigFilename, []byte(importAllConfigFiles), os.ModePerm); err != nil {
+ return nil, err
+ }
+ return &fsZoneStoreFactory{fs}, nil
+}
+
+func (f *fsZoneStoreFactory) ConfigPath() string {
+ return f.fs.Join(f.fs.Root(), rootConfigFilename)
+}
+
+func (f *fsZoneStoreFactory) Debug() {
+ fmt.Println("------------")
+ util.Walk(f.fs, ".", func(path string, info fs.FileInfo, err error) error {
+ fmt.Println(path)
+ if !info.IsDir() {
+ r, err := f.fs.Open(path)
+ if err != nil {
+ return err
+ }
+ defer r.Close()
+ _, err = io.Copy(os.Stdout, r)
+ return err
+ }
+ return nil
+ })
+ fmt.Println("++++++++++++++")
+}
+
+func (f *fsZoneStoreFactory) Create(zone ZoneConfig) (ZoneStore, error) {
+ if err := f.fs.MkdirAll(zone.Zone, fs.ModePerm); err != nil {
+ return nil, err
+ }
+ zfs, err := f.fs.Chroot(zone.Zone)
+ if err != nil {
+ return nil, err
+ }
+ z, err := NewFSZoneStore(zone, zfs)
+ if err != nil {
+ defer func() {
+ if err := f.fs.Remove(zone.Zone); err != nil {
+ fmt.Printf("Failed to remove zone directory: %s\n", err.Error())
+ }
+ }()
+ }
+ return z, nil
+}
+
+type fsZoneStore struct {
+ zone ZoneConfig
+ fs billy.Filesystem
+}
+
+func NewFSZoneStore(zone ZoneConfig, fs billy.Filesystem) (ZoneStore, error) {
+ if zone.DNSSec != nil {
+ sec := zone.DNSSec
+ if err := util.WriteFile(fs, sec.Basename+".key", sec.Key, 0644); err != nil {
+ return nil, err
+ }
+ if err := util.WriteFile(fs, sec.Basename+".private", sec.Private, 0600); err != nil {
+ return nil, err
+ }
+ }
+ conf, err := fs.Create(zoneConfigFilename)
+ if err != nil {
+ return nil, err
+ }
+ defer conf.Close()
+ configTmpl, err := template.New("config").Funcs(sprig.TxtFuncMap()).Parse(`
+{{ .zone.Zone }}:53 {
+ file {{ .rootDir }}/zone.db
+ errors
+ {{ if .zone.DNSSec }}
+ dnssec {
+ key file {{ .rootDir}}/{{ .zone.DNSSec.Basename }}
+ }
+ {{ end }}
+ log
+ health {
+ lameduck 5s
+ }
+ ready
+ cache 30
+ loop
+ reload
+ loadbalance
+}`)
+ if err != nil {
+ return nil, err
+ }
+ if err := configTmpl.Execute(conf, map[string]any{
+ "zone": zone,
+ "rootDir": fs.Root(),
+ }); err != nil {
+ return nil, err
+ }
+ recordsTmpl, err := template.New("records").Funcs(sprig.TxtFuncMap()).Parse(`
+{{ .zone }}. IN SOA ns1.{{ .zone }}. hostmaster.{{ .zone }}. 2015082541 7200 3600 1209600 3600
+{{ range $i, $ns := .nameservers }}
+ns{{ add1 $i }} 10800 IN A {{ $ns }}
+{{ end }}
+{{ range .publicIngressIPs }}
+@ 10800 IN A {{ . }}
+{{ end }}
+* 10800 IN CNAME {{ .zone }}.
+p 10800 IN CNAME {{ .zone }}.
+*.p 10800 IN A {{ .privateIngressIP }}
+`)
+ records, err := fs.Create("zone.db")
+ if err != nil {
+ return nil, err
+ }
+ defer records.Close()
+ if err := recordsTmpl.Execute(records, map[string]any{
+ "zone": zone.Zone,
+ "publicIngressIPs": zone.PublicIPs,
+ "privateIngressIP": zone.PrivateIP,
+ "nameservers": zone.Nameservers,
+ }); err != nil {
+ return nil, err
+ }
+ return &fsZoneStore{zone, fs}, nil
+}
+
+func (s *fsZoneStore) ConfigPath() string {
+ return s.fs.Join(s.fs.Root(), zoneConfigFilename)
+}
+
+func (s *fsZoneStore) AddDNSSec(key DNSSecKey) error {
+ return nil
+}
diff --git a/core/ns-controller/controllers/suite_test.go b/core/ns-controller/controllers/suite_test.go
new file mode 100644
index 0000000..009da22
--- /dev/null
+++ b/core/ns-controller/controllers/suite_test.go
@@ -0,0 +1,83 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+ "path/filepath"
+ "testing"
+
+ . "github.com/onsi/ginkgo"
+ . "github.com/onsi/gomega"
+
+ "k8s.io/client-go/kubernetes/scheme"
+ "k8s.io/client-go/rest"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/envtest"
+ "sigs.k8s.io/controller-runtime/pkg/envtest/printer"
+ logf "sigs.k8s.io/controller-runtime/pkg/log"
+ "sigs.k8s.io/controller-runtime/pkg/log/zap"
+
+ dodocloudv1 "github.com/giolekva/pcloud/core/ns-controller/api/v1"
+ //+kubebuilder:scaffold:imports
+)
+
+// These tests use Ginkgo (BDD-style Go testing framework). Refer to
+// http://onsi.github.io/ginkgo/ to learn more about Ginkgo.
+
+var cfg *rest.Config
+var k8sClient client.Client
+var testEnv *envtest.Environment
+
+func TestAPIs(t *testing.T) {
+ RegisterFailHandler(Fail)
+
+ RunSpecsWithDefaultAndCustomReporters(t,
+ "Controller Suite",
+ []Reporter{printer.NewlineReporter{}})
+}
+
+var _ = BeforeSuite(func() {
+ logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))
+
+ By("bootstrapping test environment")
+ testEnv = &envtest.Environment{
+ CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")},
+ ErrorIfCRDPathMissing: true,
+ }
+
+ var err error
+ // cfg is defined in this file globally.
+ cfg, err = testEnv.Start()
+ Expect(err).NotTo(HaveOccurred())
+ Expect(cfg).NotTo(BeNil())
+
+ err = dodocloudv1.AddToScheme(scheme.Scheme)
+ Expect(err).NotTo(HaveOccurred())
+
+ //+kubebuilder:scaffold:scheme
+
+ k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme})
+ Expect(err).NotTo(HaveOccurred())
+ Expect(k8sClient).NotTo(BeNil())
+
+}, 60)
+
+var _ = AfterSuite(func() {
+ By("tearing down the test environment")
+ err := testEnv.Stop()
+ Expect(err).NotTo(HaveOccurred())
+})