From 138391e6a6f59eb39307006958b85146f1554c0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20Charri=C3=A8re?= <matias@giantswarm.io>
Date: Tue, 19 Sep 2023 14:49:31 +0200
Subject: [PATCH] create external dns cluster values (#1649)

* allow adding labels and annotations from configmap spec

Signed-off-by: Matias Charriere <matias@giantswarm.io>

* add external-dns-cluster-values configmap

Signed-off-by: Matias Charriere <matias@giantswarm.io>

* replace null with nil

Signed-off-by: Matias Charriere <matias@giantswarm.io>

* update changelog

Signed-off-by: Matias Charriere <matias@giantswarm.io>

* add support for China and remove annotation from service account

China doesn't use its local Route53 instance. Instead it uses
external credentials to auth against the global Route53.

Signed-off-by: Matias Charriere <matias@giantswarm.io>

---------

Signed-off-by: Matias Charriere <matias@giantswarm.io>
---
 CHANGELOG.md                                  |  4 ++
 service/controller/key/provider.go            |  6 ++
 .../resource/clusterconfigmap/desired.go      | 69 ++++++++++++++++---
 .../resource/clusterconfigmap/types.go        |  8 ++-
 4 files changed, 73 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0a322d8d0..59dae9c9e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Create `external-dns-cluster-values` configmap on cluster creation.
+
 ## [5.8.0] - 2023-09-01
 
 ### Added
diff --git a/service/controller/key/provider.go b/service/controller/key/provider.go
index ed09ee2e2..60d3e3c6d 100644
--- a/service/controller/key/provider.go
+++ b/service/controller/key/provider.go
@@ -1,5 +1,11 @@
 package key
 
+import "strings"
+
 func IsAWS(provider string) bool {
 	return provider == "aws"
 }
+
+func IsAWSChina(region string) bool {
+	return strings.HasPrefix(region, "cn-")
+}
diff --git a/service/controller/resource/clusterconfigmap/desired.go b/service/controller/resource/clusterconfigmap/desired.go
index c3102a3ea..39f31953e 100644
--- a/service/controller/resource/clusterconfigmap/desired.go
+++ b/service/controller/resource/clusterconfigmap/desired.go
@@ -97,6 +97,15 @@ func (r *Resource) GetDesiredState(ctx context.Context, obj interface{}) ([]*cor
 		},
 	}
 
+	externalDnsValues := map[string]interface{}{
+		"txtOwnerId":       "giantswarm-io-external-dns",
+		"txtPrefix":        key.ClusterID(&cr),
+		"annotationFilter": "giantswarm.io/external-dns=managed",
+		"sources": []string{
+			"service",
+		},
+	}
+
 	if key.IsAWS(r.provider) {
 		var irsa bool
 		var accountID string
@@ -135,6 +144,23 @@ func (r *Resource) GetDesiredState(ctx context.Context, obj interface{}) ([]*cor
 			"region":    awsCluster.Spec.Provider.Region,
 			"vpcID":     vpcID,
 		}
+
+		externalDnsValues["extraArgs"] = []string{
+			"--aws-batch-change-interval=10s",
+		}
+		externalDnsValues["aws"] = map[string]interface{}{
+			"batchChangeInterval": nil,
+		}
+		externalDnsValues["domainFilters"] = []string{
+			key.TenantEndpoint(&cr, bd),
+		}
+		if !key.IsAWSChina(awsCluster.Spec.Provider.Region) {
+			externalDnsValues["serviceAccount"] = map[string]interface{}{
+				"annotations": map[string]interface{}{
+					"eks.amazonaws.com/role-arn": fmt.Sprintf("arn:aws:iam::%s:role/%s-Route53Manager-Role", accountID, key.ClusterID(&cr)),
+				},
+			}
+		}
 	}
 
 	ciliumValues := map[string]interface{}{
@@ -263,6 +289,17 @@ func (r *Resource) GetDesiredState(ctx context.Context, obj interface{}) ([]*cor
 			Namespace: key.ClusterID(&cr),
 			Values:    ciliumValues,
 		},
+		{
+			Name:      "external-dns-cluster-values",
+			Namespace: key.ClusterID(&cr),
+			Values:    externalDnsValues,
+			Labels: map[string]string{
+				"app.kubernetes.io/name": "external-dns",
+			},
+			Annotations: map[string]string{
+				"cluster-operator.giantswarm.io/app-config-priority": "130",
+			},
+		},
 	}
 
 	var configMaps []*corev1.ConfigMap
@@ -285,19 +322,29 @@ func newConfigMap(cr apiv1beta1.Cluster, configMapSpec configMapSpec) (*corev1.C
 		return nil, microerror.Mask(err)
 	}
 
+	annotations := map[string]string{
+		annotation.Notes: fmt.Sprintf("DO NOT EDIT. Values managed by %s.", project.Name()),
+	}
+	for k, v := range configMapSpec.Annotations {
+		annotations[k] = v
+	}
+
+	labels := map[string]string{
+		label.Cluster:      key.ClusterID(&cr),
+		label.ManagedBy:    project.Name(),
+		label.Organization: key.OrganizationID(&cr),
+		label.ServiceType:  label.ServiceTypeManaged,
+	}
+	for k, v := range configMapSpec.Labels {
+		labels[k] = v
+	}
+
 	cm := &corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      configMapSpec.Name,
-			Namespace: configMapSpec.Namespace,
-			Annotations: map[string]string{
-				annotation.Notes: fmt.Sprintf("DO NOT EDIT. Values managed by %s.", project.Name()),
-			},
-			Labels: map[string]string{
-				label.Cluster:      key.ClusterID(&cr),
-				label.ManagedBy:    project.Name(),
-				label.Organization: key.OrganizationID(&cr),
-				label.ServiceType:  label.ServiceTypeManaged,
-			},
+			Name:        configMapSpec.Name,
+			Namespace:   configMapSpec.Namespace,
+			Annotations: annotations,
+			Labels:      labels,
 		},
 		Data: map[string]string{
 			"values": string(yamlValues),
diff --git a/service/controller/resource/clusterconfigmap/types.go b/service/controller/resource/clusterconfigmap/types.go
index 0bc3d3933..1d09009ea 100644
--- a/service/controller/resource/clusterconfigmap/types.go
+++ b/service/controller/resource/clusterconfigmap/types.go
@@ -1,7 +1,9 @@
 package clusterconfigmap
 
 type configMapSpec struct {
-	Name      string
-	Namespace string
-	Values    map[string]interface{}
+	Name        string
+	Namespace   string
+	Values      map[string]interface{}
+	Labels      map[string]string
+	Annotations map[string]string
 }