Route53: Remove ingress record creation.

giantswarm · Jul 6, 2023 · 6722331 · 6722331
1 parent a42ee5c
commit 6722331
Show file tree

Hide file tree

Showing 5 changed files with 97 additions and 77 deletions.
diff --git a/.nancy-ignore b/.nancy-ignore
@@ -1,22 +1,8 @@
-# Affects all versions of archiver which is required by vault
-# Taken from: <https://github.com/giantswarm/opsctl/pull/1072/files#diff-bbe4a7fb12c43622bce7c6840c770e9995be614626a219942ca138403629cb69R1>
-
-CVE-2019-10743 until=2023-06-01
-
-# Consul - no fix yet
-CVE-2022-29153 until=2023-06-01
-CVE-2022-24687 until=2023-06-01
-CVE-2021-41803 until=2023-06-01
-
-
-# containerd - fixed at least in v1.6.6 but this will break build process
-# accept for now
-CVE-2021-43816 until=2023-06-01
-CVE-2022-23648 until=2023-06-01
-CVE-2022-31030 until=2023-06-01
-
-# requires apiserver update to very new version
-sonatype-2022-6522 until=2023-12-30
-
-# there is no available fix yet
-CVE-2020-8561 until=2023-05-01
+# pkg:golang/github.com/hashicorp/consul/[email protected]
+# pkg:golang/github.com/hashicorp/consul/[email protected]
+CVE-2022-29153 until=2023-09-01
+CVE-2022-24687 until=2023-09-01
+CVE-2021-41803 until=2023-09-01
+
+# pkg:golang/k8s.io/[email protected]
+CVE-2020-8561 until=2023-09-01
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Removed
+
+- Route53: Remove `ingress` record creation. ([#112](https://github.com/giantswarm/dns-operator-route53/pull/112))
+
 ## [0.7.3] - 2023-03-31
 
 ### Fixed

diff --git a/helm/dns-operator-route53/values.schema.json b/helm/dns-operator-route53/values.schema.json
@@ -0,0 +1,83 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "aws": {
+            "type": "object",
+            "properties": {
+                "accessKeyID": {
+                    "type": "string"
+                },
+                "secretAccessKey": {
+                    "type": "string"
+                }
+            }
+        },
+        "baseDomain": {
+            "type": "string"
+        },
+        "image": {
+            "type": "object",
+            "properties": {
+                "name": {
+                    "type": "string"
+                },
+                "tag": {
+                    "type": "string"
+                }
+            }
+        },
+        "managementCluster": {
+            "type": "string"
+        },
+        "pod": {
+            "type": "object",
+            "properties": {
+                "group": {
+                    "type": "object",
+                    "properties": {
+                        "id": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "user": {
+                    "type": "object",
+                    "properties": {
+                        "id": {
+                            "type": "integer"
+                        }
+                    }
+                }
+            }
+        },
+        "podSecurityContext": {
+            "type": "object"
+        },
+        "project": {
+            "type": "object",
+            "properties": {
+                "branch": {
+                    "type": "string"
+                },
+                "commit": {
+                    "type": "string"
+                }
+            }
+        },
+        "registry": {
+            "type": "object",
+            "properties": {
+                "domain": {
+                    "type": "string"
+                }
+            }
+        },
+        "securityContext": {
+            "type": "object"
+        },
+        "staticBastionIP": {
+            "type": "string"
+        }
+    }
+}
diff --git a/pkg/cloud/.DS_Store b/pkg/cloud/.DS_Store
diff --git a/pkg/cloud/services/route53/route53.go b/pkg/cloud/services/route53/route53.go
@@ -11,8 +11,6 @@ import (
 	"github.com/allegro/bigcache/v3"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/route53"
-	corev1 "k8s.io/api/core/v1"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	"github.com/giantswarm/microerror"
@@ -21,14 +19,9 @@ import (
 )
 
 const (
-	appNameLabelKey = "app.kubernetes.io/name"
-
-	ingressAppLabel     = "nginx-ingress-controller"
-	ingressAppNamespace = "kube-system"
-	ttl                 = 300
-
 	actionDelete = "DELETE"
 	actionUpsert = "UPSERT"
+	ttl          = 300
 )
 
 func (s *Service) DeleteRoute53(ctx context.Context) error {
@@ -124,19 +117,10 @@ func (s *Service) buildARecordChange(hostedZoneID, recordName, recordValue, acti
 }
 
 func (s *Service) changeClusterIngressRecords(ctx context.Context, hostedZoneID, action string) error {
-	ingressIP, err := s.getIngressIP(ctx)
-	if err != nil {
-		return microerror.Mask(err)
-	} else if ingressIP == "" {
-		// Ingress service is not installed in this cluster.
-		return nil
-	}
-
 	input := &route53.ChangeResourceRecordSetsInput{
 		HostedZoneId: aws.String(hostedZoneID),
 		ChangeBatch: &route53.ChangeBatch{
 			Changes: []*route53.Change{
-				s.buildARecordChange(hostedZoneID, "ingress", ingressIP, action),
 				{
 					Action: aws.String(action),
 					ResourceRecordSet: &route53.ResourceRecordSet{
@@ -156,7 +140,7 @@ func (s *Service) changeClusterIngressRecords(ctx context.Context, hostedZoneID,
 
 	cachedClusterIngressRecords, _ := dnscache.GetDNSCacheRecord(dnscache.ClusterIngressRecords, hostedZoneID)
 	if input.String() != string(cachedClusterIngressRecords) {
-		if err = dnscache.SetDNSCacheRecord(dnscache.ClusterIngressRecords, hostedZoneID, []byte(input.String())); err != nil {
+		if err := dnscache.SetDNSCacheRecord(dnscache.ClusterIngressRecords, hostedZoneID, []byte(input.String())); err != nil {
 			return err
 		}
 
@@ -473,43 +457,6 @@ func (s *Service) describeClusterHostedZone(ctx context.Context) (string, error)
 	return *out.HostedZones[0].Id, nil
 }
 
-func (s *Service) getIngressIP(ctx context.Context) (string, error) {
-
-	k8sClient, err := s.scope.ClusterK8sClient(ctx)
-	if err != nil {
-		return "", microerror.Mask(err)
-	}
-
-	var icServices corev1.ServiceList
-
-	err = k8sClient.List(ctx, &icServices,
-		client.InNamespace(ingressAppNamespace),
-		client.MatchingLabels{appNameLabelKey: ingressAppLabel},
-	)
-
-	if err != nil {
-		return "", microerror.Mask(err)
-	}
-
-	var icServiceIP string
-
-	for _, icService := range icServices.Items {
-		if icService.Spec.Type == corev1.ServiceTypeLoadBalancer {
-			if icServiceIP != "" {
-				return "", microerror.Mask(tooManyICServicesError)
-			}
-
-			if len(icService.Status.LoadBalancer.Ingress) < 1 || icService.Status.LoadBalancer.Ingress[0].IP == "" {
-				return "", microerror.Mask(ingressNotReadyError)
-			}
-
-			icServiceIP = icService.Status.LoadBalancer.Ingress[0].IP
-		}
-	}
-
-	return icServiceIP, nil
-}
-
 func (s *Service) listClusterNSRecords(ctx context.Context, hostedZoneID string) ([]*route53.ResourceRecord, error) {
 	// First entry is always NS record
 	input := &route53.ListResourceRecordSetsInput{