Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to ExternalDNS #11

Open
jonatasbaldin opened this issue Sep 3, 2019 · 5 comments
Open

Add support to ExternalDNS #11

jonatasbaldin opened this issue Sep 3, 2019 · 5 comments

Comments

@jonatasbaldin
Copy link

Expected Behaviour

It's still needed to manually create a DNS entry when using FunctionIngress. Implementing support to ExternalDNS would allow FunctionIngress to create, delete and update DNS entries automatically.

Current Behaviour

The need to create manually DNS entries each time a new FunctionIngress is deployed.

Possible Solution

Implement support for ExternalDNS to manage DNS entries automatically.

This tutorial shows how to use ExternalDNS with NGINX Ingress. The behaviour is basically synchronising the Ingress domains names with the DNS.

Also, if using with Services, ExternalDNS has annotations to indicate that the DNS entry should be manager, as shown in this example. We could try to enable/disable the ExternalDNS in FunctionIngress with these annotations.

Context

Would be amazing to eliminate one more manual process to get TLS/custom handlers to our functions ⚡️
@alexellis
Copy link
Member

I'm interested in this 👍

@alexellis
Copy link
Member

What would make sense in terms of configuration and the user-experience?

@jonatasbaldin
Copy link
Author

jonatasbaldin commented Sep 8, 2019
edited
Loading

You could use external-dns annotations:

apiVersion: openfaas.com/v1alpha2
kind: FunctionIngress
metadata:
  name: nodeinfo
  namespace: openfaas
  annotations:
    external-dns.alpha.kubernetes.io/hostname: example.com
    external-dns.alpha.kubernetes.io/ttl: "120" #optional
spec:
  domain: "nodeinfo.myfaas.club"
  function: "nodeinfo"
  ingressType: "nginx"

Or we could add our flag on spec, following the same pattern as ingressType:

apiVersion: openfaas.com/v1alpha2
kind: FunctionIngress
metadata:
  name: nodeinfo
  namespace: openfaas
spec:
  domain: "nodeinfo.myfaas.club"
  function: "nodeinfo"
  ingressType: "nginx"
  
  # this
  externalDns: "true"
  # or
  enableExternalDns: "true"

What do you think?

@alexellis
Copy link
Member

The first example will work once #7 is merged, could you try that out and then we'll look at the demand for a custom annotation inside the spec after that, depending on demand from the users?

@jonatasbaldin
Copy link
Author

Wow, that's cool! Personally, I prefer the first one, but if there's demand for a custom flag we can implement it.

I'll test the external-dns and let you know.

As an another discussion (I can open another issue for that if necessary), since the annotations are being copied we could make the FunctionIngress more standard, like this:

apiVersion: openfaas.com/v1alpha2
kind: FunctionIngress
metadata:
  name: nodeinfo-tls
  namespace: openfaas
  annotations:

    # Use standard nginx-ingress annotation
    kubernetes.io/ingress.class: "nginx"

    # Use standard cert-manager annotation
    certmanager.k8s.io/issuer: "letsencrypt-staging"
    # or
    certmanager.k8s.io/cluster-issuer: "letsencrypt-staging"

spec:
  domain: "nodeinfo-tls.myfaas.club"
  function: "nodeinfo"

  # Remove this flag and use standard nginx annotation
  ingressType: "nginx"

  tls:
    enabled: true

    # Remove this flag and use standard cert-manager annotation
    issuerRef:
      name: "letsencrypt-staging"
      kind: "Issuer"

What do you think?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexellis @jonatasbaldin