Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS record orphan mitigation #202

Closed
3 tasks done
maleck13 opened this issue Jul 30, 2024 · 5 comments
Closed
3 tasks done

DNS record orphan mitigation #202

maleck13 opened this issue Jul 30, 2024 · 5 comments
Assignees
@maleck13
Labels
kind/epic Epic

Comments

@maleck13
Copy link
Collaborator

maleck13 commented Jul 30, 2024
edited
Loading

What
In some circumstances, it is possible that a dns record is left behind by a controller:

  • Bad clean up during namespace deletion (IE I delete the namespace with the controller in it but leave DNSRecords around)
  • Manual removal of finalisers

We want to enable users to identify records that have become orphans so that action can be taken to clean them up.

How

Identification:

Each controller managing a DNSRecord should be able to see the owner id of each other controller working on the record set for that rootDomain. Adding a section to the DNSRecord status such as:

  domainOwners: 
        - id1
        - id2
        - id3

and exporting this via a metric something like: dnspolicy_status_root_domain_owners{name="mypolicy",namespace="mynamespace",root_domain_owner="id3", root_domain=a.b.com} 1 and dnsrecord_status_root_domain_owner{name="myrecord1", namespace="mynamespace", root_domain_owner="id1", root_domain="a.b.com"} 1 it should be possible to trigger an alert if the number of DNSRecords is less than the number of owners . We should work with @david-martin @R-Lawton to work through what metrics would make sense to achieve the goal the above is just an idea.

dnspolicy_status_root_domain_owners{name="mypolicy",namespace="mynamespace",root_domain_owner="id1", root_domain="a.b.com"} 1
dnspolicy_status_root_domain_owners{name="mypolicy",namespace="mynamespace",root_domain_owner="id2", root_domain="a.b.com"} 1
dnspolicy_status_root_domain_owners{name="mypolicy",namespace="mynamespace",root_domain_owner="id3", root_domain="a.b.com"} 1

and a record can only have 1 owner, it might look like this:

dnsrecord_status_root_domain_owner{name="myrecord1",root_domain_owner="id1", root_domain="a.b.com"} 1
dnsrecord_status_root_domain_owner{name="myrecord2",root_domain_owner="id2", root_domain="a.b.com"} 1
dnsrecord_status_root_domain_owner{name="myrecord3",root_domain_owner="id3", root_domain="a.b.com"} 1

Then a join query might look like this:

count by(name) (dnspolicy_status_root_domain_owners * on(root_domain_owner) group_left dnsrecord_status_root_domain_owner)

That would give you a value of 3 (as there's 3 dnsrecords that it can join on).
If you want to alert if that number is wrong, you can compare it to the count of root_domain_owners on the policy:

count by(name) (dnspolicy_status_root_domain_owners * on(root_domain_owner) group_left dnsrecord_status_root_domain_owner)
!=
count(dnspolicy_status_root_domain_owners)

Clean Up:

Talking with @mikenairn we could craft a method that would result in creating a new DNSRecord with the missing owner id to be reconciled by an existing controller and then delete this record to force the controller to remove the records related to that owner id.
@maleck13 maleck13 converted this from a draft issue Jul 30, 2024
@maleck13
Copy link
Collaborator Author

Related: Kuadrant/kuadrant-operator#649 We may want some form of visibility in the dashboard around this

@philbrookes philbrookes moved this to Todo in Kuadrant Aug 1, 2024
@maleck13 maleck13 self-assigned this Aug 8, 2024
@maleck13 maleck13 moved this from Todo to In Progress in Kuadrant Aug 8, 2024
@maleck13
Copy link
Collaborator Author

#209

github-merge-queue bot pushed a commit that referenced this issue Aug 13, 2024
@maleck13
Merge pull request #209 from Kuadrant/gh-202
99185ba 
add domain owners to dnsrecord
@maleck13 maleck13 added the kind/epic Epic label Aug 22, 2024
@philbrookes philbrookes mentioned this issue Sep 12, 2024
Open
@maleck13
Copy link
Collaborator Author

https://github.com/Kuadrant/gateway-api-state-metrics/pull/46/files

@maleck13
Copy link
Collaborator Author

Kuadrant/kuadrant-operator#862

1 similar comment
@maleck13
Copy link
Collaborator Author

Kuadrant/kuadrant-operator#862

@github-project-automation github-project-automation bot moved this from Ready For Review to Done in Kuadrant Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maleck13 maleck13

Labels
kind/epic Epic
Projects
Kuadrant
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@maleck13