Merge pull request #21 from Kuadrant/unified_kuadrant

Update base CSV, add release prep script and docs

Makefile

@@ -100,6 +100,18 @@ help: ## Display this help.
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
 	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
+.PHONY: manifests-gen-base-csv
+REPLACES_VERSION ?= ""
+manifests-gen-base-csv: yq ## Generate base CSV for the current configuration (VERSION, IMG, CHANNELS etc..)
+	$(YQ) -i '.metadata.annotations.containerImage = "$(IMG)"' config/manifests/bases/dns-operator.clusterserviceversion.yaml
+	$(YQ) -i '.metadata.name = "dns-operator.v$(VERSION)"' config/manifests/bases/dns-operator.clusterserviceversion.yaml
+	$(YQ) -i '.spec.version = "$(VERSION)"' config/manifests/bases/dns-operator.clusterserviceversion.yaml
+	@if [ "$(REPLACES_VERSION)" != "" ]; then\
+		$(YQ) -i '.spec.replaces = "dns-operator.v$(REPLACES_VERSION)"' config/manifests/bases/dns-operator.clusterserviceversion.yaml; \
+	 else \
+		$(YQ) -i 'del(.spec.replaces)' config/manifests/bases/dns-operator.clusterserviceversion.yaml; \
+	fi
+
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
@@ -215,13 +227,15 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
 OPENSHIFT_GOIMPORTS ?= $(LOCALBIN)/openshift-goimports
 KIND = $(LOCALBIN)/kind
 ACT = $(LOCALBIN)/act
+YQ = $(LOCALBIN)/yq
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v5.0.1
 CONTROLLER_TOOLS_VERSION ?= v0.12.0
 OPENSHIFT_GOIMPORTS_VERSION ?= c70783e636f2213cac683f6865d88c5edace3157
 KIND_VERSION = v0.20.0
 ACT_VERSION = latest
+YQ_VERSION := v4.34.2
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.
@@ -271,15 +285,21 @@ $(KIND): $(LOCALBIN)
 	GOBIN=$(LOCALBIN) go install sigs.k8s.io/kind@$(KIND_VERSION)
 
 .PHONY: act
-act: $(ACT)
-$(ACT): $(LOCALBIN) ## Download act locally if necessary.
+act: $(ACT) ## Download act locally if necessary.
+$(ACT): $(LOCALBIN)
 	GOBIN=$(LOCALBIN) go install github.com/nektos/act@$(ACT_VERSION)
 
+.PHONY: yq
+yq: $(YQ) ## Download yq locally if necessary.
+$(YQ): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install github.com/mikefarah/yq/v4@$(YQ_VERSION)
+
 .PHONY: bundle
-bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
+bundle: manifests manifests-gen-base-csv kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
 	$(OPERATOR_SDK) generate kustomize manifests -q
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
 	$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS)
+	$(MAKE) bundle-post-generate
 	$(OPERATOR_SDK) bundle validate ./bundle
 	$(MAKE) bundle-ignore-createdAt
 
@@ -294,6 +314,10 @@ bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metada
 bundle-ignore-createdAt:
 	git diff --quiet -I'^    createdAt: ' ./bundle && git checkout ./bundle || true
 
+.PHONY: bundle-post-generate
+bundle-post-generate:
+	$(YQ) -i '.annotations."com.redhat.openshift.versions" = "v4.12-v4.14"' bundle/metadata/annotations.yaml
+
 .PHONY: bundle-build
 bundle-build: ## Build the bundle image.
 	docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
@@ -345,5 +369,13 @@ catalog-build: opm ## Build a catalog image.
 catalog-push: ## Push a catalog image.
 	$(MAKE) docker-push IMG=$(CATALOG_IMG)
 
+##@ Release
+
+.PHONY: prepare-release
+RELEASE_FILE = $(shell pwd)/make/release.mk
+prepare-release: ## Generates a makefile that will override environment variables for a specific release and runs bundle.
+	echo -e "#Release default values\\nIMG=$(IMG)\nCHANNELS=$(CHANNELS)\nVERSION=$(VERSION)\nREPLACES_VERSION=$(REPLACES_VERSION)" > $(RELEASE_FILE)
+	$(MAKE) bundle
+
 # Include last to avoid changing MAKEFILE_LIST used above
 include ./make/*.mk

bundle/manifests/dns-operator.clusterserviceversion.yaml

@@ -69,9 +69,14 @@ metadata:
         }
       ]
     capabilities: Basic Install
-    createdAt: "2024-02-12T11:25:42Z"
+    categories: Integration & Delivery
+    containerImage: quay.io/kuadrant/dns-operator:latest
+    createdAt: "2024-02-13T21:19:36Z"
+    description: A Kubernetes Operator to manage the lifecycle of DNS resources
     operators.operatorframework.io/builder: operator-sdk-v1.33.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v4
+    repository: https://github.com/kuadrant/dns-operator
+    support: kuadrant
   name: dns-operator.v0.0.0
   namespace: placeholder
 spec:
@@ -94,11 +99,11 @@ spec:
       kind: ManagedZone
       name: managedzones.kuadrant.io
       version: v1alpha1
-  description: DNS Operator
+  description: A Kubernetes Operator to manage the lifecycle of DNS resources
   displayName: DNS Operator
   icon:
-  - base64data: ""
-    mediatype: ""
+  - base64data: iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAIAAAAiOjnJAAAHCklEQVR4nOzc72tWdQPH8e+tm/ecXGNO77mb3beZLgtkDxpCgT4IBBFqJT1YRqFS5oMS/BG5ioqhUc3IFKwHpqHSg9qDsCwIQeiBQoEotISyzcwa6bI5Nlyms8X4Lp1u1zzXub6f8/2ea+/XH3DO58GbXeec69opGhgYMIBrE3wPQGEiLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxIEBYkCAsShAUJwoIEYUGCsCBBWJAgLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxIEBYkCAsShAUJwoIEYUGCsCBR5HtAJI89uqytvT2fI2zetHnxkiXuFgn1d3eead44s3FLUXml7y3xpSOstvb24998m88Rurq63M0R6u/uPPlkw6VjZy+dbJi7uyW9bfFRGJBrVRljLh07++Mrz/heFB9hhWJ4VVbvgdZTL6z0Oio+wgrCyKqs7g+/+mX7855G5YWw/MtWldW5bf/5lh2Jj8oXYXk2dlVWR/POvtbDCY5ygLB8ilKVMeZq1+X2Dev7uzuT2uUAYXkTsSrrSltv+/o0XcgTlh85VWVd/PLUufdfU45yibA8iFGV1bF5X1outggraX2th+NVZZ1uesn1IgnCSlRf6+EfVj4duyr7RD4VT7YIKzm2qqtdl/M8Tue2/X/+dMLRKBXCSoirqqzTTc85OY4OYSXBbVX2DrH7iw9cHU2BsOScV2X9/NZ2twd0i7C0RFXZR6Yhf4dIWEK6qqyO5p3Bfs9DWCrqqux3iGf3btUdPx+EJZFAVdaFzw6pTxEPYbmXWFUhX2kRlmNJVmX9+t7exM4VHWG5lHxV9o9Wz5EDSZ4xCsJyxktV1rmP9iV/0rERlhseq7L/zxPacwfCcsBvVdbvH+/yePaRCCtfIVQ1GNbnB/0OuAlh5SWQquzvtIL6LQ1hxRdOVVb3oU98T7iOsGIKrarQPg0JK44Aq7KfhuHcGxJWzsKsyuo+2OJ7whDCyk3IVRljeo4f9T1hCGHl4HzLju8eXBVsVcaYi0dDuTEkrKjOt+w40xji7wiGu9LWG8hlFmFFkoqqrL4TX/ueYAgrkhRVNXiZdfSI7wmGsG4tXVUZY/7I7/XSrhDWWFJX1eBlVsdvvicYwhpLGquyj0l9TzCElVVKq7JCeNURYY0i1VUZY/p7LvieQFgjpL2qwev371t9TyCsGxVAVYPX7709vicQ1jCFUVUgCGtIIVUVwqMswjIFVpUx5q/ei74nEFbBVRWI8R4WVYmM67CoSmdchwWdcR3W9IY1M5vX+F5RmMZ1WLSlM97Doi0RwjKF19aEzBTfEwjrH4XU1uQ5c3xPIKxhCqkt7wjrBoXRVnGmzPcEwhqhANqafGet7wmENZq0t1VUNtX3BMLKItVtldYu9D2BsLJLaVsldVW+JxjCuoU0tlVc/R/fEwxh3Vrq2grhIRZhRZKutsrmL/A9wRBWVClqq3TePb4nGMLKQSraKq7JFJVX+l5hCCs30xvW3PXprokVk3wPyWrK/Hm+JwwhrNyU1i68Y8+7wbZVdvd83xOGEFbOQm6rfHGD7wlDCCuOMNsqqasK5AKLsOILsK1p9y/2PeE6woovtLbKFz3ke8J1hJWXcNoqqav6922h3BISlgOBtBXU5yBhuRFCW9MeXuXx7CMRlht+28rU14ZzP2gRljMe25rxyPLkTzo2wnLJS1vFNZmyBfVJnjEKwnIs+bb++9SKxM4VHWG5l2RbxTWZ6Q0h/uaCsCQSa2vqA4vUp4iHsFQSaGtixaSqFRt0x88HYQmp26puXB3aU4ZrCEtL11awV1cWYcmJ2vr/s2vdHtAtwkqC87am3De7fMnjro6mQFgJcdvWrKY3nRxHh7CS46qtynVLg/qFzKgIK1G2rXxer1BSV/W/tW84HSVBWEkrrV04d3dL7LZmNb3qepEEYXlQVF4Zr63ql5eH8IqiKAjLjxhtZeprZzzxonKUS4TlTU5tFddkbt/0jn6UM4TlU8S2JlZMmrP17WC/vRkVYXkWpa3qxtVpubS6hrD8G7utynVLQ/5OMBvCCkK2tsqX3ZuKp1YjEVYoRraVqa+d/foer6PiI6yADG+rpK4qXbeBNynyPSCSmrxf2FpRUeFoi5Zt60zzxpmNW9J1G3iTfw0MDPjegALERyEkCAsShAUJwoIEYUGCsCBBWJAgLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxIEBYkCAsShAUJwoIEYUGCsCBBWJAgLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxI/B0AAP//uLJ9vDn6iowAAAAASUVORK5CYII=
+    mediatype: image/png
   install:
     spec:
       clusterPermissions:
@@ -333,9 +338,10 @@ spec:
     type: AllNamespaces
   keywords:
   - dns
+  - kuadrant
   links:
   - name: DNS Operator
-    url: https://dns-operator.domain
+    url: https://github.com/Kuadrant/dns-operator
   maintainers:
   - email: [email protected]
     name: Michael Nairn
@@ -344,6 +350,7 @@ spec:
   - email: [email protected]
     name: Craig Brookes
   maturity: alpha
+  minKubeVersion: 1.8.0
   provider:
     name: Red Hat
   version: 0.0.0

bundle/metadata/annotations.yaml

@@ -8,7 +8,7 @@ annotations:
   operators.operatorframework.io.metrics.builder: operator-sdk-v1.33.0
   operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
   operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4
-
   # Annotations for testing.
   operators.operatorframework.io.test.mediatype.v1: scorecard+v1
   operators.operatorframework.io.test.config.v1: tests/scorecard/
+  com.redhat.openshift.versions: v4.12-v4.14

config/manifests/bases/dns-operator.clusterserviceversion.yaml

@@ -4,6 +4,11 @@ metadata:
   annotations:
     alm-examples: '[]'
     capabilities: Basic Install
+    categories: Integration & Delivery
+    containerImage: quay.io/kuadrant/dns-operator:latest
+    description: A Kubernetes Operator to manage the lifecycle of DNS resources
+    repository: https://github.com/kuadrant/dns-operator
+    support: kuadrant
   name: dns-operator.v0.0.0
   namespace: placeholder
 spec:
@@ -26,11 +31,11 @@ spec:
       kind: ManagedZone
       name: managedzones.kuadrant.io
       version: v1alpha1
-  description: DNS Operator
+  description: A Kubernetes Operator to manage the lifecycle of DNS resources
   displayName: DNS Operator
   icon:
-  - base64data: ""
-    mediatype: ""
+  - base64data: iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAIAAAAiOjnJAAAHCklEQVR4nOzc72tWdQPH8e+tm/ecXGNO77mb3beZLgtkDxpCgT4IBBFqJT1YRqFS5oMS/BG5ioqhUc3IFKwHpqHSg9qDsCwIQeiBQoEotISyzcwa6bI5Nlyms8X4Lp1u1zzXub6f8/2ea+/XH3DO58GbXeec69opGhgYMIBrE3wPQGEiLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxIEBYkCAsShAUJwoIEYUGCsCBBWJAgLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxIEBYkCAsShAUJwoIEYUGCsCBR5HtAJI89uqytvT2fI2zetHnxkiXuFgn1d3eead44s3FLUXml7y3xpSOstvb24998m88Rurq63M0R6u/uPPlkw6VjZy+dbJi7uyW9bfFRGJBrVRljLh07++Mrz/heFB9hhWJ4VVbvgdZTL6z0Oio+wgrCyKqs7g+/+mX7855G5YWw/MtWldW5bf/5lh2Jj8oXYXk2dlVWR/POvtbDCY5ygLB8ilKVMeZq1+X2Dev7uzuT2uUAYXkTsSrrSltv+/o0XcgTlh85VWVd/PLUufdfU45yibA8iFGV1bF5X1outggraX2th+NVZZ1uesn1IgnCSlRf6+EfVj4duyr7RD4VT7YIKzm2qqtdl/M8Tue2/X/+dMLRKBXCSoirqqzTTc85OY4OYSXBbVX2DrH7iw9cHU2BsOScV2X9/NZ2twd0i7C0RFXZR6Yhf4dIWEK6qqyO5p3Bfs9DWCrqqux3iGf3btUdPx+EJZFAVdaFzw6pTxEPYbmXWFUhX2kRlmNJVmX9+t7exM4VHWG5lHxV9o9Wz5EDSZ4xCsJyxktV1rmP9iV/0rERlhseq7L/zxPacwfCcsBvVdbvH+/yePaRCCtfIVQ1GNbnB/0OuAlh5SWQquzvtIL6LQ1hxRdOVVb3oU98T7iOsGIKrarQPg0JK44Aq7KfhuHcGxJWzsKsyuo+2OJ7whDCyk3IVRljeo4f9T1hCGHl4HzLju8eXBVsVcaYi0dDuTEkrKjOt+w40xji7wiGu9LWG8hlFmFFkoqqrL4TX/ueYAgrkhRVNXiZdfSI7wmGsG4tXVUZY/7I7/XSrhDWWFJX1eBlVsdvvicYwhpLGquyj0l9TzCElVVKq7JCeNURYY0i1VUZY/p7LvieQFgjpL2qwev371t9TyCsGxVAVYPX7709vicQ1jCFUVUgCGtIIVUVwqMswjIFVpUx5q/ei74nEFbBVRWI8R4WVYmM67CoSmdchwWdcR3W9IY1M5vX+F5RmMZ1WLSlM97Doi0RwjKF19aEzBTfEwjrH4XU1uQ5c3xPIKxhCqkt7wjrBoXRVnGmzPcEwhqhANqafGet7wmENZq0t1VUNtX3BMLKItVtldYu9D2BsLJLaVsldVW+JxjCuoU0tlVc/R/fEwxh3Vrq2grhIRZhRZKutsrmL/A9wRBWVClqq3TePb4nGMLKQSraKq7JFJVX+l5hCCs30xvW3PXprokVk3wPyWrK/Hm+JwwhrNyU1i68Y8+7wbZVdvd83xOGEFbOQm6rfHGD7wlDCCuOMNsqqasK5AKLsOILsK1p9y/2PeE6woovtLbKFz3ke8J1hJWXcNoqqav6922h3BISlgOBtBXU5yBhuRFCW9MeXuXx7CMRlht+28rU14ZzP2gRljMe25rxyPLkTzo2wnLJS1vFNZmyBfVJnjEKwnIs+bb++9SKxM4VHWG5l2RbxTWZ6Q0h/uaCsCQSa2vqA4vUp4iHsFQSaGtixaSqFRt0x88HYQmp26puXB3aU4ZrCEtL11awV1cWYcmJ2vr/s2vdHtAtwkqC87am3De7fMnjro6mQFgJcdvWrKY3nRxHh7CS46qtynVLg/qFzKgIK1G2rXxer1BSV/W/tW84HSVBWEkrrV04d3dL7LZmNb3qepEEYXlQVF4Zr63ql5eH8IqiKAjLjxhtZeprZzzxonKUS4TlTU5tFddkbt/0jn6UM4TlU8S2JlZMmrP17WC/vRkVYXkWpa3qxtVpubS6hrD8G7utynVLQ/5OMBvCCkK2tsqX3ZuKp1YjEVYoRraVqa+d/foer6PiI6yADG+rpK4qXbeBNynyPSCSmrxf2FpRUeFoi5Zt60zzxpmNW9J1G3iTfw0MDPjegALERyEkCAsShAUJwoIEYUGCsCBBWJAgLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxIEBYkCAsShAUJwoIEYUGCsCBBWJAgLEgQFiQICxKEBQnCggRhQYKwIEFYkCAsSBAWJAgLEoQFCcKCBGFBgrAgQViQICxI/B0AAP//uLJ9vDn6iowAAAAASUVORK5CYII=
+    mediatype: image/png
   install:
     spec:
       deployments: null
@@ -46,9 +51,10 @@ spec:
     type: AllNamespaces
   keywords:
   - dns
+  - kuadrant
   links:
   - name: DNS Operator
-    url: https://dns-operator.domain
+    url: https://github.com/Kuadrant/dns-operator
   maintainers:
   - email: [email protected]
     name: Michael Nairn
@@ -57,6 +63,7 @@ spec:
   - email: [email protected]
     name: Craig Brookes
   maturity: alpha
+  minKubeVersion: 1.8.0
   provider:
     name: Red Hat
   version: 0.0.0

docs/managedzone.md

@@ -0,0 +1,82 @@
+# Creating and using a ManagedZone resource.
+
+## What is a ManagedZone
+A ManagedZone is a reference to a [DNS zone](https://en.wikipedia.org/wiki/DNS_zone). 
+By creating a ManagedZone we are instructing the MGC about a domain or subdomain that can be used as a host by any gateways in the same namespace.
+These gateways can use a subdomain of the ManagedZone.
+
+If a gateway attempts to a use a domain as a host, and there is no matching ManagedZone for that host, then that host on that gateway will fail to function.
+
+A gateway's host will be matched to any ManagedZone that the host is a subdomain of, i.e. `test.api.hcpapps.net` will be matched by any ManagedZone (in the same namespace) of: `test.api.hcpapps.net`, `api.hcpapps.net` or `hcpapps.net`.
+
+When MGC wants to create the DNS Records for a host, it will create them in the most exactly matching ManagedZone.
+e.g. given the zones `hcpapps.net` and `api.hcpapps.net` the DNS Records for the host `test.api.hcpapps.net` will be created in the `api.hcpapps.net` zone.
+
+### Delegation
+Delegation allows you to give control of a subdomain of a root domain to MGC while the root domain has it's DNS zone elsewhere.
+
+In the scenario where a root domain has a zone outside Route53, e.g. `external.com`, and a ManagedZone for `delegated.external.com` is required, the following steps can be taken:
+- Create the ManagedZone for `delegated.external.com` and wait until the status is updated with an array of nameservers (e.g. `ns1.hcpapps.net`, `ns2.hcpapps.net`). 
+- Copy these nameservers to your root zone for `external.com`, you can create a NS record for each nameserver against the `delegated.external.com` record.
+
+For example:
+```
+delegated.external.com. 3600 IN NS ns1.hcpapps.net.
+delegated.external.com. 3600 IN NS ns2.hcpapps.net.
+```
+
+Now, when MGC creates a DNS record in it's Route53 zone for `delegated.external.com`, it will be resolved correctly.
+### Creating a ManagedZone
+
+To create a `ManagedZone`, you will first need to create a DNS provider Secret. To create one, see our [DNS Provider](provider.md) setup guide, and make note of your provider's secret name.
+
+
+#### Example ManagedZone
+To create a new `ManagedZone` with AWS Route, with a DNS Provider secret named `my-aws-credentials`:
+
+```bash
+kubectl apply -f - <<EOF
+apiVersion: kuadrant.io/v1alpha1
+kind: ManagedZone
+metadata:
+  name: my-test-aws-zone
+  namespace: multi-cluster-gateways
+spec:
+  domainName: mydomain.example.com
+  description: "My Managed Zone"
+  dnsProviderSecretRef:
+    name: my-aws-credentials
+EOF
+```
+
+This will create a new Zone in AWS, for `mydomain.example.com`, using the DNS Provider credentials in the `my-aws-credentials` Secret.
+
+If you'd like to create a `ManagedZone` for an _existing_ zone in AWS, note its Zone ID and run:
+
+```bash
+kubectl apply -f - <<EOF
+apiVersion: kuadrant.io/v1alpha1
+kind: ManagedZone
+metadata:
+  name: my-test-aws-zone
+  namespace: multi-cluster-gateways
+spec:
+  id: MYZONEID
+  domainName: mydomain.example.com
+  description: "My Managed Zone"
+  dnsProviderSecretRef:
+    name: my-aws-credentials
+EOF
+```
+
+#### dnsProviderSecretRef
+
+This is a reference to secret containing the credentials and other configuration for accessing your dns provider
+[dnsProvider](provider.md)
+
+**Note:** the Secret referenced in the `dnsProviderSecretRef` field must be in the same namespace as the ManagedZone.
+
+**Note:** as an `id` was specified, the Managed Gateway Controller will not re-create this zone, nor will it delete it if this `ManagedZone` is deleted.
+
+## Spec of a ManagedZone
+The ManagedZone is a simple resource with an uncomplicated API, see a sample [here](../config/samples/kuadrant.io_v1alpha1_managedzone.yaml).

docs/provider.md

@@ -0,0 +1,69 @@
+# Configuring a DNS Provider 
+
+In order to be able to interact with supported DNS providers, Kuadrant needs a credential that it can use.
+
+## Supported Providers
+
+Kuadrant Supports the following DNS providers currently
+
+- AWS Route 53 (AWS)
+- Google Cloud DNS (GCP)
+
+### AWS Route 53 Provider
+
+Kuadrant expects a `Secret` with a credential. Below is an example for AWS Route 53. It is important to set the secret type to `aws`:
+
+
+```bash
+kubectl create secret generic my-aws-credentials \
+  --namespace=kuadrant-dns-system \
+  --type=kuadrant.io/aws \
+  --from-literal=AWS_ACCESS_KEY_ID=XXXX \
+  --from-literal=AWS_REGION=eu-west-1 \
+  --from-literal=AWS_SECRET_ACCESS_KEY=XXX
+```
+
+| Key                      | Example Value           | Description                                           |
+|--------------------------|-------------------------|-------------------------------------------------------|
+| `AWS_REGION`             | `eu-west-1`             | AWS Region                                            |
+| `AWS_ACCESS_KEY_ID`      | `XXXX`                  | AWS Access Key ID (see note on permissions below)     |
+| `AWS_SECRET_ACCESS_KEY`  | `XXXX`                  | AWS Secret Access Key                                 |
+
+#### AWS IAM Permissions Required 
+We have tested using the available policy `AmazonRoute53FullAccess` however it should also be possible to restrict the credential down to a particular zone. More info can be found in the AWS docs:
+
+https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/access-control-managing-permissions.html
+
+### Google Cloud DNS Provider
+
+Kuadant expects a secret with a credential. Below is an example for Google DNS. It is important to set the secret type to `gcp`:
+
+```bash
+kubectl create secret generic my-test-gcp-credentials \
+  --namespace=kuadrant-dns-system \
+  --type=kuadrant.io/gcp \
+  --from-literal=PROJECT_ID=xxx \
+  --from-file=GOOGLE=$HOME/.config/gcloud/application_default_credentials.json
+```
+
+| Env Var      | Example Value                                                                                  | Description                                                                                                           |
+|--------------|------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
+| `GOOGLE`     | `{"client_id": "***","client_secret": "***","refresh_token": "***","type": "authorized_user"}` | This is the JSON created from either the credential created by the `gcloud` CLI, or the JSON from the Service account |
+| `PROJECT_ID` | `my_project_id`                                                                                | ID to the Google project                                                                                              |
+
+
+#### Google Cloud DNS Access permissions required
+See: https://cloud.google.com/dns/docs/access-control#dns.admin
+
+
+### Where to create the Secrets
+
+It is recommended that you create the secret in the same namespace as your `ManagedZones`. In the examples above, we've stored these in a namespace called `kuadrant-dns-system`.
+
+Now that we have the credential created we have a DNS provider ready to go and can start using it.
+
+## Using a Credential
+
+Once a `Secret` like the one shown above is created, in order for it to be used, it needs to be associated with a `ManagedZone`. 
+
+See [ManagedZone](managedzone.md)