Disable DNS MachineConfig by default (#80)

* Disable DNS MachineConfig by default

* test dns

README.md

@@ -16,7 +16,7 @@ This operator can assist in reconfiguring a cluster once it has been moved to a
 * (Optional) Add new trusted CA for a mirror registry.
 * (Optional) Register the cluster to ACM.
 
-Applying the ClusterRelocation CR will cause the node(s) to reboot, since a MachineConfig is applied as part of the process.
+The cluster needs to be able to resolve the API and ingress (*.apps) addresses for the new domain. On SNO, you can set the `addInternalDNSEntries` key to `true` in the CR spec in order to add internal DNS entries via dnsmasq. Enabling this option will cause the node to reboot, because a MachineConfig is applied.
 
 ## Getting Started
 You’ll need an OpenShift cluster to run against. The cluster must be v4.12 or higher.

api/v1beta1/clusterrelocation_types.go

@@ -31,6 +31,12 @@ type ClusterRelocationSpec struct {
 	//+operator-sdk:csv:customresourcedefinitions:type=spec
 	ACMRegistration *ACMRegistration `json:"acmRegistration,omitempty"`
 
+	// AddInternalDNSEntries deploys a MachineConfig which adds api and *.apps entries for the new domain to dnsmasq on SNO clusters.
+	// Setting this to true will cause a reboot.
+	// If you don't enable this option, you need to make sure that the cluster can resolve the new domain address via some other method.
+	//+operator-sdk:csv:customresourcedefinitions:type=spec
+	AddInternalDNSEntries *bool `json:"addInternalDNSEntries,omitempty"`
+
 	// APICertRef is a reference to a TLS secret that will be used for the API server.
 	// If it is omitted, a self-signed certificate will be generated.
 	// The type of the secret must be kubernetes.io/tls.

config/crd/bases/rhsyseng.github.io_clusterrelocations.yaml

@@ -237,6 +237,13 @@ spec:
                 - clusterName
                 - url
                 type: object
+              addInternalDNSEntries:
+                description: AddInternalDNSEntries deploys a MachineConfig which adds
+                  api and *.apps entries for the new domain to dnsmasq on SNO clusters.
+                  Setting this to true will cause a reboot. If you don't enable this
+                  option, you need to make sure that the cluster can resolve the new
+                  domain address via some other method.
+                type: boolean
               apiCertRef:
                 description: APICertRef is a reference to a TLS secret that will be
                   used for the API server. If it is omitted, a self-signed certificate

controllers/clusterrelocation_controller.go

@@ -19,6 +19,7 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"net"
 
 	rhsysenggithubiov1beta1 "github.com/RHsyseng/cluster-relocation-operator/api/v1beta1"
 	reconcileACM "github.com/RHsyseng/cluster-relocation-operator/internal/acm"
@@ -160,8 +161,22 @@ func (r *ClusterRelocationReconciler) Reconcile(ctx context.Context, req ctrl.Re
 		return ctrl.Result{Requeue: true}, nil
 	}
 
-	// Adds new internal DNS records
-	if err := reconcileDNS.Reconcile(ctx, r.Client, r.Scheme, relocation, logger); err != nil {
+	if relocation.Spec.AddInternalDNSEntries != nil && *relocation.Spec.AddInternalDNSEntries {
+		// Adds new internal DNS records
+		if err := reconcileDNS.Reconcile(ctx, r.Client, r.Scheme, relocation, logger); err != nil {
+			r.setFailedStatus(relocation, rhsysenggithubiov1beta1.DNSReconciliationFailedReason, err.Error())
+			return ctrl.Result{}, err
+		}
+	}
+
+	// Make sure DNS entries work
+	_, err := net.LookupIP(fmt.Sprintf("api.%s", relocation.Spec.Domain))
+	if err != nil {
+		r.setFailedStatus(relocation, rhsysenggithubiov1beta1.DNSReconciliationFailedReason, err.Error())
+		return ctrl.Result{}, err
+	}
+	_, err = net.LookupIP(fmt.Sprintf("test.apps.%s", relocation.Spec.Domain))
+	if err != nil {
 		r.setFailedStatus(relocation, rhsysenggithubiov1beta1.DNSReconciliationFailedReason, err.Error())
 		return ctrl.Result{}, err
 	}