Merge pull request #290 from Kuadrant/block-wildcard-probes

block wildcard probes
Kuadrant · Nov 4, 2024 · 1923d75 · 1923d75
2 parents a8d4411 + 08397a4
commit 1923d75
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 2 deletions.
diff --git a/internal/controller/dnsrecord_controller.go b/internal/controller/dnsrecord_controller.go
@@ -444,8 +444,8 @@ func setStatusConditions(record *v1alpha1.DNSRecord, hadChanges bool, notHealthy
 	}
 	setDNSRecordCondition(record, string(v1alpha1.ConditionTypeReady), metav1.ConditionTrue, string(v1alpha1.ConditionReasonProviderSuccess), "Provider ensured the dns record")
 
-	// probes are disabled or not defined
-	if record.Spec.HealthCheck == nil {
+	// probes are disabled or not defined, or this is a wildcard record
+	if record.Spec.HealthCheck == nil || strings.HasPrefix(record.Spec.RootHost, v1alpha1.WildcardPrefix) {
 		return
 	}
 

diff --git a/internal/controller/dnsrecord_healthchecks.go b/internal/controller/dnsrecord_healthchecks.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"reflect"
+	"strings"
 
 	"github.com/go-logr/logr"
 	"github.com/hashicorp/go-multierror"
@@ -30,6 +31,11 @@ func (r *DNSRecordReconciler) ReconcileHealthChecks(ctx context.Context, dnsReco
 		return nil
 	}
 
+	// we don't support probes for wildcard hosts
+	if strings.HasPrefix(dnsRecord.Spec.RootHost, v1alpha1.WildcardPrefix) {
+		return nil
+	}
+
 	desiredProbes := buildDesiredProbes(dnsRecord, common.GetLeafsTargets(common.MakeTreeFromDNSRecord(dnsRecord), ptr.To([]string{})), allowInsecureCerts)
 
 	for _, probe := range desiredProbes {
@@ -114,6 +120,11 @@ func (r *DNSRecordReconciler) removeUnhealthyEndpoints(ctx context.Context, spec
 		return specEndpoints, []string{}, nil
 	}
 
+	// we have wildcard record - healthchecks not supported
+	if strings.HasPrefix(dnsRecord.Spec.RootHost, v1alpha1.WildcardPrefix) {
+		return specEndpoints, []string{}, nil
+	}
+
 	// get all probes owned by this record
 	err := r.List(ctx, probes, &client.ListOptions{
 		LabelSelector: labels.SelectorFromSet(map[string]string{

diff --git a/internal/controller/dnsrecord_healthchecks_test.go b/internal/controller/dnsrecord_healthchecks_test.go
@@ -187,6 +187,40 @@ var _ = Describe("DNSRecordReconciler_HealthChecks", func() {
 		}, TestTimeoutMedium, time.Second).Should(Succeed())
 	})
 
+	It("Should not create wildcard probes", func() {
+		// make record a wildcard one
+		dnsRecord.Spec.RootHost = v1alpha1.WildcardPrefix + dnsRecord.Spec.RootHost
+		dnsRecord.Spec.Endpoints = getTestEndpoints(v1alpha1.WildcardPrefix+testHostname, []string{"172.32.200.1", "172.32.200.2"})
+		Expect(k8sClient.Create(ctx, dnsRecord)).To(Succeed())
+
+		// ensure we have no probes
+		Eventually(func(g Gomega) {
+			probes := &v1alpha1.DNSHealthCheckProbeList{}
+
+			g.Expect(k8sClient.List(ctx, probes, &client.ListOptions{
+				LabelSelector: labels.SelectorFromSet(map[string]string{
+					ProbeOwnerLabel: BuildOwnerLabelValue(dnsRecord),
+				}),
+				Namespace: dnsRecord.Namespace,
+			})).To(Succeed())
+			g.Expect(len(probes.Items)).To(Equal(0))
+		}, TestTimeoutMedium, time.Second).Should(Succeed())
+
+		// make sure dnsrecord succeeded
+		Eventually(func(g Gomega) {
+			g.Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(dnsRecord), dnsRecord)).To(Succeed())
+			g.Expect(dnsRecord.Status.Conditions).To(
+				ContainElement(MatchFields(IgnoreExtras, Fields{
+					"Type":               Equal(string(v1alpha1.ConditionTypeReady)),
+					"Status":             Equal(metav1.ConditionTrue),
+					"Reason":             Equal(string(v1alpha1.ConditionReasonProviderSuccess)),
+					"Message":            Equal("Provider ensured the dns record"),
+					"ObservedGeneration": Equal(dnsRecord.Generation),
+				})),
+			)
+		}, TestTimeoutMedium, time.Second).Should(Succeed())
+	})
+
 	It("Should remove unhealthy endpoints", func() {
 		//Create default test dnsrecord
 		Expect(k8sClient.Create(ctx, dnsRecord)).To(Succeed())