From 5a4406994852560dea76d5ce480e7e17352671c0 Mon Sep 17 00:00:00 2001
From: Logan McNaughton <848146+loganmc10@users.noreply.github.com>
Date: Fri, 14 Jul 2023 00:47:52 -0700
Subject: [PATCH] Disable DNS MachineConfig by default (#80)

* Disable DNS MachineConfig by default

* test dns
---
 README.md                                     |  2 +-
 api/v1beta1/clusterrelocation_types.go        |  6 ++++++
 api/v1beta1/zz_generated.deepcopy.go          |  5 +++++
 ...rhsyseng.github.io_clusterrelocations.yaml |  7 +++++++
 controllers/clusterrelocation_controller.go   | 19 +++++++++++++++++--
 5 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index f637e77..9581f1f 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ This operator can assist in reconfiguring a cluster once it has been moved to a
 * (Optional) Add new trusted CA for a mirror registry.
 * (Optional) Register the cluster to ACM.
 
-Applying the ClusterRelocation CR will cause the node(s) to reboot, since a MachineConfig is applied as part of the process.
+The cluster needs to be able to resolve the API and ingress (*.apps) addresses for the new domain. On SNO, you can set the `addInternalDNSEntries` key to `true` in the CR spec in order to add internal DNS entries via dnsmasq. Enabling this option will cause the node to reboot, because a MachineConfig is applied.
 
 ## Getting Started
 You’ll need an OpenShift cluster to run against. The cluster must be v4.12 or higher.
diff --git a/api/v1beta1/clusterrelocation_types.go b/api/v1beta1/clusterrelocation_types.go
index f804e71..822e500 100644
--- a/api/v1beta1/clusterrelocation_types.go
+++ b/api/v1beta1/clusterrelocation_types.go
@@ -31,6 +31,12 @@ type ClusterRelocationSpec struct {
 	//+operator-sdk:csv:customresourcedefinitions:type=spec
 	ACMRegistration *ACMRegistration `json:"acmRegistration,omitempty"`
 
+	// AddInternalDNSEntries deploys a MachineConfig which adds api and *.apps entries for the new domain to dnsmasq on SNO clusters.
+	// Setting this to true will cause a reboot.
+	// If you don't enable this option, you need to make sure that the cluster can resolve the new domain address via some other method.
+	//+operator-sdk:csv:customresourcedefinitions:type=spec
+	AddInternalDNSEntries *bool `json:"addInternalDNSEntries,omitempty"`
+
 	// APICertRef is a reference to a TLS secret that will be used for the API server.
 	// If it is omitted, a self-signed certificate will be generated.
 	// The type of the secret must be kubernetes.io/tls.
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 3130812..2bdfc98 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -137,6 +137,11 @@ func (in *ClusterRelocationSpec) DeepCopyInto(out *ClusterRelocationSpec) {
 		*out = new(ACMRegistration)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.AddInternalDNSEntries != nil {
+		in, out := &in.AddInternalDNSEntries, &out.AddInternalDNSEntries
+		*out = new(bool)
+		**out = **in
+	}
 	if in.APICertRef != nil {
 		in, out := &in.APICertRef, &out.APICertRef
 		*out = new(v1.SecretReference)
diff --git a/config/crd/bases/rhsyseng.github.io_clusterrelocations.yaml b/config/crd/bases/rhsyseng.github.io_clusterrelocations.yaml
index e1a01a1..09d2a0a 100644
--- a/config/crd/bases/rhsyseng.github.io_clusterrelocations.yaml
+++ b/config/crd/bases/rhsyseng.github.io_clusterrelocations.yaml
@@ -237,6 +237,13 @@ spec:
                 - clusterName
                 - url
                 type: object
+              addInternalDNSEntries:
+                description: AddInternalDNSEntries deploys a MachineConfig which adds
+                  api and *.apps entries for the new domain to dnsmasq on SNO clusters.
+                  Setting this to true will cause a reboot. If you don't enable this
+                  option, you need to make sure that the cluster can resolve the new
+                  domain address via some other method.
+                type: boolean
               apiCertRef:
                 description: APICertRef is a reference to a TLS secret that will be
                   used for the API server. If it is omitted, a self-signed certificate
diff --git a/controllers/clusterrelocation_controller.go b/controllers/clusterrelocation_controller.go
index 416ae11..c7782bc 100644
--- a/controllers/clusterrelocation_controller.go
+++ b/controllers/clusterrelocation_controller.go
@@ -19,6 +19,7 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"net"
 
 	rhsysenggithubiov1beta1 "github.com/RHsyseng/cluster-relocation-operator/api/v1beta1"
 	reconcileACM "github.com/RHsyseng/cluster-relocation-operator/internal/acm"
@@ -160,8 +161,22 @@ func (r *ClusterRelocationReconciler) Reconcile(ctx context.Context, req ctrl.Re
 		return ctrl.Result{Requeue: true}, nil
 	}
 
-	// Adds new internal DNS records
-	if err := reconcileDNS.Reconcile(ctx, r.Client, r.Scheme, relocation, logger); err != nil {
+	if relocation.Spec.AddInternalDNSEntries != nil && *relocation.Spec.AddInternalDNSEntries {
+		// Adds new internal DNS records
+		if err := reconcileDNS.Reconcile(ctx, r.Client, r.Scheme, relocation, logger); err != nil {
+			r.setFailedStatus(relocation, rhsysenggithubiov1beta1.DNSReconciliationFailedReason, err.Error())
+			return ctrl.Result{}, err
+		}
+	}
+
+	// Make sure DNS entries work
+	_, err := net.LookupIP(fmt.Sprintf("api.%s", relocation.Spec.Domain))
+	if err != nil {
+		r.setFailedStatus(relocation, rhsysenggithubiov1beta1.DNSReconciliationFailedReason, err.Error())
+		return ctrl.Result{}, err
+	}
+	_, err = net.LookupIP(fmt.Sprintf("test.apps.%s", relocation.Spec.Domain))
+	if err != nil {
 		r.setFailedStatus(relocation, rhsysenggithubiov1beta1.DNSReconciliationFailedReason, err.Error())
 		return ctrl.Result{}, err
 	}