Bugfixes

Author: lennartack

config/rbac/role.yaml

@@ -52,3 +52,21 @@ rules:
   - ipmaps/finalizers
   verbs:
   - update
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - networkpolicies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - networkpolicies/finalizers
+  verbs:
+  - update

internal/controller/dnsresolver_controller.go

@@ -112,6 +112,8 @@ func init() {
 //+kubebuilder:rbac:groups=dns.k8s.delta10.nl,resources=dnsresolvers/finalizers,verbs=update
 //+kubebuilder:rbac:groups=dns.k8s.delta10.nl,resources=ipmaps,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=dns.k8s.delta10.nl,resources=ipmaps/finalizers,verbs=update
+//+kubebuilder:rbac:groups=networking.k8s.io,resources=networkpolicies,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=networking.k8s.io,resources=networkpolicies/finalizers,verbs=update
 //+kubebuilder:rbac:groups="",resources=endpoints,verbs=get;list;watch
 
 // Reconcile makes sure that each DNSResolver has an associated IPMap.
@@ -169,7 +171,7 @@ func (r *DNSResolverReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 	get_err := r.Get(ctx, req.NamespacedName, ip_map)
 	ip_map.ObjectMeta.Labels = resolver.ObjectMeta.Labels
 
-	// Make sure the ownerRef on `resolver` is set to the IPMap we are working on
+	// Make sure the ownerRef on to the IPMap we are working on is set to resolver
 	// This will fail if IPMap is already owned by another resource
 	if err := controllerutil.SetControllerReference(&resolver, ip_map, r.Scheme); err != nil {
 		return default_result_obj, err

internal/controller/ipmap.go

@@ -50,6 +50,7 @@ func closeConns(conns []*dns.Conn) (err error) {
 
 // Look up IPv4 and IPv6 addresses, return as an IP slice and return smallest TTL received
 func lookupDomain(domain string, conns []*dns.Conn) (ips []net.IP, ttl uint32, err error) {
+	debug := ctrl.Log.V(1)
 	ttl = uint32(Config.MaxRequeueTime)
 	ips = make([]net.IP, 0, 10)
 
@@ -69,6 +70,9 @@ func lookupDomain(domain string, conns []*dns.Conn) (ips []net.IP, ttl uint32, e
 					ttl = min(ttl, rec.Hdr.Ttl)
 				}
 			}
+		} else if err == nil && res.Rcode == dns.RcodeNameError {
+			success = true
+			debug.Info("No records received for domain %v", domain)
 		}
 	}
 	if !success {
@@ -174,17 +178,18 @@ func ipmapUpdate(
 	}
 
 	// Remove domains that are no longer requested
+	doms := &ip_map.Data.Domains
 OUTER:
-	for i, old_domain := range ip_map.Data.Domains {
+	for i := len(*doms)-1; i >= 0; i--  {
 		for _, domain := range domainList {
-			if domain == old_domain.Domain {
+			if domain == (*doms)[i].Domain {
 				continue OUTER
 			}
 		}
 		// not found in requested domains
-		newlen := len(ip_map.Data.Domains) - 1
-		ip_map.Data.Domains[i] = ip_map.Data.Domains[newlen]
-		ip_map.Data.Domains = ip_map.Data.Domains[:newlen]
+		newlen := len(*doms) - 1
+		(*doms)[i] = (*doms)[newlen]
+		(*doms) = (*doms)[:newlen]
 		updated = true
 	}
 

internal/controller/networkpolicy.go

@@ -30,13 +30,15 @@ func NPGenerate(ip_map *dnsv1alpha1.IPMap) (np *networking.NetworkPolicy) {
 			Name: ip_map.Name,
 			Namespace: ip_map.Namespace,
 			Labels: ip_map.Labels,
+			OwnerReferences: ip_map.OwnerReferences,
 		},
 		Spec: networking.NetworkPolicySpec{
 			Egress: []networking.NetworkPolicyEgressRule{
 				{To: tolist},
 			},
 		},
 	}
+
 	return
 }