Merge pull request gardener#295 from gardener/more-routing-policies

Additional routing policies supported for AWS Route53 and Google CloudDNS

VERSION

@@ -1 +1 @@
-v0.14.3-dev
+v0.15.0-dev

docs/google-cloud-dns/README.md

@@ -54,7 +54,15 @@ data:
 
 ## Routing Policy
 
-The Google CloudDNS provider supports currently only the `weighted` routing policy.
+The Google CloudDNS provider currently supports these routing policies types:
+
+- `weighted` [Weighted Routing Policy](#weighted-routing-policy)
+- `geolocation` [Geolocation Routing Policy](#geolocation-routing-policy)
+
+*Note*: Health checks are not supported.
+
+For more details about these routing policies, please see the Google Cloud DNS documentation at
+[Manage DNS routing policies and health checks](https://cloud.google.com/dns/docs/zones/manage-routing-policies)
 
 ### Weighted Routing Policy
 
@@ -64,6 +72,29 @@ resource record set policy).
 Weighted routing policy is supported for all record types, i.e. `A`, `AAAA`, `CNAME`, and `TXT`.
 All entries of the same domain name must have the same record type and TTL. Only integral weights >= 0 are allowed.
 
+Example:
+
+```yaml
+apiVersion: dns.gardener.cloud/v1alpha1
+kind: DNSEntry
+metadata:
+  annotations:
+  # If you are delegating the DNS management to Gardener Shoot DNS Service, uncomment the following line
+  #dns.gardener.cloud/class: garden
+  name: google-weighted
+  namespace: default
+spec:
+  dnsName: "my.service.example.com"
+  ttl: 60
+  targets:
+    - 1.2.3.4
+  routingPolicy:
+    type: weighted # Google Cloud DNS specific example
+    setIdentifier: "0"
+    parameters:
+      weight: "10"
+```
+
 #### Annotating Ingress or Service Resources with Routing Policy
 
 To specify the routing policy, add an annotation `dns.gardener.cloud/routing-policy`
@@ -101,4 +132,85 @@ spec:
     - hosts:
         - test.ingress.my-dns-domain.com
       #secretName: my-cert-secret-name
-```
+```
+
+### Geolocation Routing Policy
+
+Each geolocation record set is defined by a separate `DNSEntry`. In this way it is possible to use different dns-controller-manager deployments
+acting on the same domain names. Every record set needs a `SetIdentifier` which must identical to the value of the parameter `location`.
+Geolocation routing policy is supported for all record types, i.e. `A`, `AAAA`, `CNAME`, and `TXT`.
+All entries of the same domain name must have the same record type and TTL.
+
+At the time of writing (January 2023), Google Cloud only supported Google Cloud regions as the geographic boundaries. Other
+geographic boundaries may follow. Please see Google documentation for the current state.
+
+<details>
+<summary>Click here to see a list of known possible values</summary>
+
+| Google Cloud region | Physical Location |
+|---------------------|-------------------|
+| asia-east1 | Changhua County, Taiwan |
+| asia-east2 | Hong Kong |
+| asia-northeast1 | Tokyo, Japan |
+| asia-northeast2 | Osaka, Japan |
+| asia-northeast3 | Seoul, South Korea |
+| asia-south1 | Mumbai, India |
+| asia-south2 | Delhi, India |
+| asia-southeast1 | Jurong West, Singapore |
+| australia-southeast1 | Sydney, Australia |
+| australia-southeast2 | Melbourne, Australia |
+| europe-central2 | Warsaw, Poland |
+| europe-north2 | Hamina, Finland |
+| europe-west1 | St. Ghislain, Belgium |
+| europe-west2 | London, England |
+| europe-west3 | Frankfurt, Germany |
+| europe-west4 | Eemshaven, Netherlands |
+| europe-west6 | Zurich, Switzerland |
+| europe-west8 | Milan, Italy |
+| europe-west9 | Paris, France |
+| europe-southwest1 | Madrid, Spain |
+| me-west1 | Tel Aviv, Israel, Middle East |
+| northamerica-northeast1 | Montréal, Québec |
+| northamerica-northeast2 | Toronto, Ontario |
+| southamerica-east1 | Osasco, São Paulo |
+ | southamerica-west1 |	Santiago, Chile, South America |
+| us-central1 | Council Bluffs, Iowa |
+| us-east1 | Moncks Corner, South Carolina |
+| us-east4 | Ashburn, Virginia |
+| us-west1 | The Dalles, Orego |
+| us-west2 | Los Angeles, California |
+| us-west3 | Salt Lake City, Utah |
+| us-west4 | Las Vegas, Nevada |
+
+
+
+*Note*: No guarantee for completeness
+</details>
+
+Example:
+
+```yaml
+apiVersion: dns.gardener.cloud/v1alpha1
+kind: DNSEntry
+metadata:
+ annotations:
+ # If you are delegating the DNS management to Gardener Shoot DNS Service, uncomment the following line
+ #dns.gardener.cloud/class: garden
+ name: google-geo-europe-west3
+ namespace: default
+spec:
+ dnsName: "my.second-service.example.com"
+ ttl: 60
+ targets:
+  - 1.2.3.4
+ routingPolicy:
+  type: geolocation # Google Cloud DNS specific example
+  setIdentifier: "europe-west3"
+  parameters:
+   location: "europe-west3"
+```
+
+
+Creating this routing policy using annotations please adjust the details according to the examples for the weighted routing policy:
+[Annotating Ingress or Service Resources with Routing Policy](#annotating-ingress-or-service-resources-with-routing-policy)
+

examples/42-entry-routing-policies-aws-route53.yaml

@@ -0,0 +1,190 @@
+apiVersion: dns.gardener.cloud/v1alpha1
+kind: DNSEntry
+metadata:
+  annotations:
+  # If you are delegating the DNS management to Gardener Shoot DNS Service, uncomment the following line
+  #dns.gardener.cloud/class: garden
+  name: aws-weighted
+  namespace: default
+spec:
+  dnsName: "my.service.example.com"
+  ttl: 120
+  targets:
+    - instance-a.service.example.com
+  # routingPolicy is current only supported for AWS Route53 or Google CloudDNS
+  routingPolicy:
+    type: weighted
+    setIdentifier: instance-a
+    parameters:
+      weight: "90"
+      #healthCheckID: 66666666-1111-4444-aaaa-25810ea11111 # optional
+---
+apiVersion: dns.gardener.cloud/v1alpha1
+kind: DNSEntry
+metadata:
+  annotations:
+  # If you are delegating the DNS management to Gardener Shoot DNS Service, uncomment the following line
+  #dns.gardener.cloud/class: garden
+  name: aws-geolocation-default
+  namespace: default
+spec:
+  dnsName: "my.second-service.example.com"
+  ttl: 120
+  targets:
+    - instance1.second-service.example.com
+  # routingPolicy is current only supported for AWS Route53 or Google CloudDNS
+  routingPolicy:
+    type: geolocation # AWS Route 53 specific example
+    setIdentifier: default
+    parameters:
+      location: Default # default location covers geographic locations that you haven't created records for
+      #healthCheckID: 66666666-1111-4444-aaaa-25810ea11111 # optional
+---
+apiVersion: dns.gardener.cloud/v1alpha1
+kind: DNSEntry
+metadata:
+  annotations:
+  # If you are delegating the DNS management to Gardener Shoot DNS Service, uncomment the following line
+  #dns.gardener.cloud/class: garden
+  name: aws-geolocation-europe
+  namespace: default
+spec:
+  dnsName: "my.second-service.example.com"
+  ttl: 120
+  targets:
+    - instance-eu.second-service.example.com
+  # routingPolicy is current only supported for AWS Route53 or Google CloudDNS
+  routingPolicy:
+    type: geolocation # AWS Route 53 specific example
+    setIdentifier: eu
+    parameters:
+      location: "Europe" # either continent, country or subdivision name (only allowed for countries United States or Ukraine), possible names see docs/aws-route53/README.md
+      #location: "continent=EU" # alternatively, use continent or country code as described here: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values-geo.html#rrsets-values-geo-location
+      #location: "country=FR"
+      #healthCheckID: 66666666-1111-4444-aaaa-25810ea11111 # optional
+---
+apiVersion: dns.gardener.cloud/v1alpha1
+kind: DNSEntry
+metadata:
+  annotations:
+  # If you are delegating the DNS management to Gardener Shoot DNS Service, uncomment the following line
+  #dns.gardener.cloud/class: garden
+  name: aws-latency-eu-west-1
+  namespace: default
+spec:
+  dnsName: "my.third-service.example.com"
+  ttl: 120
+  targets:
+    - instance1.third-service.example.com
+  # routingPolicy is current only supported for AWS Route53 or Google CloudDNS
+  routingPolicy:
+    type: latency # only supported for AWS Route 53
+    setIdentifier: eu
+    parameters:
+      region: "eu-west-1" # AWS region name
+      #healthCheckID: 66666666-1111-4444-aaaa-25810ea11111 # optional
+---
+apiVersion: dns.gardener.cloud/v1alpha1
+kind: DNSEntry
+metadata:
+  annotations:
+  # If you are delegating the DNS management to Gardener Shoot DNS Service, uncomment the following line
+  #dns.gardener.cloud/class: garden
+  name: aws-latency-us-east-1
+  namespace: default
+spec:
+  dnsName: "my.third-service.example.com"
+  ttl: 120
+  targets:
+    - instance2.third-service.example.com
+  # routingPolicy is current only supported for AWS Route53 or Google CloudDNS
+  routingPolicy:
+    type: latency # only supported for AWS Route 53
+    setIdentifier: us
+    parameters:
+      region: "us-east-1" # AWS region name
+      #healthCheckID: 66666666-1111-4444-aaaa-25810ea11111 # optional
+---
+apiVersion: dns.gardener.cloud/v1alpha1
+kind: DNSEntry
+metadata:
+  annotations:
+  # If you are delegating the DNS management to Gardener Shoot DNS Service, uncomment the following line
+  #dns.gardener.cloud/class: garden
+  name: aws-ip-based-default
+  namespace: default
+spec:
+  dnsName: "my.fourth-service.example.com"
+  ttl: 120
+  targets:
+    - instance1.fourth-service.example.com
+  routingPolicy:
+    type: ip-based # only supported for AWS Route 53
+    setIdentifier: default
+    parameters:
+      collection: "my-collection" # CIDR collection must be already existing
+      location: "*" # default
+      #healthCheckID: 66666666-1111-4444-aaaa-25810ea11111 # optional
+---
+apiVersion: dns.gardener.cloud/v1alpha1
+kind: DNSEntry
+metadata:
+  annotations:
+  # If you are delegating the DNS management to Gardener Shoot DNS Service, uncomment the following line
+  #dns.gardener.cloud/class: garden
+  name: aws-ip-based-loc1
+  namespace: default
+spec:
+  dnsName: "my.fourth-service.example.com"
+  ttl: 120
+  targets:
+    - instance2.fourth-service.example.com
+  routingPolicy:
+    type: ip-based # only supported for AWS Route 53
+    setIdentifier: loc1
+    parameters:
+      collection: "my-collection" # CIDR collection must already be existing
+      location: "my-location1" # location name must already be existing
+      #healthCheckID: 66666666-1111-4444-aaaa-25810ea11111 # optional
+---
+apiVersion: dns.gardener.cloud/v1alpha1
+kind: DNSEntry
+metadata:
+  annotations:
+  # If you are delegating the DNS management to Gardener Shoot DNS Service, uncomment the following line
+  #dns.gardener.cloud/class: garden
+  name: aws-failover-primary
+  namespace: default
+spec:
+  dnsName: "my.fiveth-service.example.com"
+  ttl: 120
+  targets:
+    - instance1.fiveth-service.example.com
+  routingPolicy:
+    type: failover # only supported for AWS Route 53
+    setIdentifier: instance1
+    parameters:
+      failoverRecordType: primary
+      healthCheckID: 66666666-1111-4444-aaaa-25810ea11111
+      # disableEvaluateTargetHealth: "true" # only used if target is AWS ELB (target health is enabled by default)
+---
+apiVersion: dns.gardener.cloud/v1alpha1
+kind: DNSEntry
+metadata:
+  annotations:
+  # If you are delegating the DNS management to Gardener Shoot DNS Service, uncomment the following line
+  #dns.gardener.cloud/class: garden
+  name: aws-failover-secondary
+  namespace: default
+spec:
+  dnsName: "my.fiveth-service.example.com"
+  ttl: 120
+  targets:
+    - instance2.fiveth-service.example.com
+  routingPolicy:
+    type: failover # only supported for AWS Route 53
+    setIdentifier: instance2
+    parameters:
+      failoverRecordType: secondary
+      healthCheckID: 66666666-1111-5555-bbbb-25810ea22222
+      # disableEvaluateTargetHealth: "true" # only used if target is AWS ELB (target health is enabled by default)

examples/42-entry-routing-policies-google-cloud.yaml

@@ -0,0 +1,56 @@
+apiVersion: dns.gardener.cloud/v1alpha1
+kind: DNSEntry
+metadata:
+  annotations:
+  # If you are delegating the DNS management to Gardener Shoot DNS Service, uncomment the following line
+  #dns.gardener.cloud/class: garden
+  name: google-weighted
+  namespace: default
+spec:
+  dnsName: "my.service.example.com"
+  ttl: 60
+  targets:
+    - 1.2.3.4
+  routingPolicy:
+    type: weighted # Google Cloud DNS specific example
+    setIdentifier: "0"
+    parameters:
+      weight: "10"
+---
+apiVersion: dns.gardener.cloud/v1alpha1
+kind: DNSEntry
+metadata:
+  annotations:
+  # If you are delegating the DNS management to Gardener Shoot DNS Service, uncomment the following line
+  #dns.gardener.cloud/class: garden
+  name: google-geo-europe-west3
+  namespace: default
+spec:
+  dnsName: "my.second-service.example.com"
+  ttl: 60
+  targets:
+    - 1.2.3.4
+  routingPolicy:
+    type: geolocation # Google Cloud DNS specific example
+    setIdentifier: "europe-west3"
+    parameters:
+      location: "europe-west3"
+---
+apiVersion: dns.gardener.cloud/v1alpha1
+kind: DNSEntry
+metadata:
+  annotations:
+  # If you are delegating the DNS management to Gardener Shoot DNS Service, uncomment the following line
+  #dns.gardener.cloud/class: garden
+  name: google-geo-us-central1
+  namespace: default
+spec:
+  dnsName: "my.second-service.example.com"
+  ttl: 60
+  targets:
+    - 5.6.7.8
+  routingPolicy:
+    type: geolocation # Google Cloud DNS specific example
+    setIdentifier: "us-central1"
+    parameters:
+      location: "us-central1"

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.9
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
 	github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190603021944-12ad9f921c0b
-	github.com/aws/aws-sdk-go v1.38.43
+	github.com/aws/aws-sdk-go v1.44.173
 	github.com/cloudflare/cloudflare-go v0.11.4
 	github.com/gardener/controller-manager-library v0.2.1-0.20230104162714-c7c57096a522
 	github.com/go-openapi/runtime v0.24.1