Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-20926

Designate ControlPlane Configuration Values Not Persisting

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Undefined Undefined
    • None
    • None
    • designate-operator
    • None
    • False
    • ?
    • None
    • Important

      Summary

      When defining Designate configuration values in the ControlPlane CR (following Red Hat documentation), certain fields are not applied — they are dropped or reverted to defaults.

      Context

      Setup follows the Designate deployment guide from Red Hat: Deploying DNS as a Service

      We apply the ControlPlane CR via Helm. However, after reconciliation, the resulting CR does not retain several fields.

      Observed Behavior

      Compared to the input CR:

      • MetalLB annotations are missing
      • Replica counts revert to default values
      • Other custom parameters appear to be ignored

      Example (simplified):

      Desired ControlPlane CR
      [...]
  designate:
    apiOverride:
      route: {}
    enabled: true
    template:
      databaseInstance: *databaseInstance
      designateNetworkAttachment: {{ quote .Values.designateNetworkAttachment }}
      secret: {{ include "control-plane.fullname" . | quote }}
      nsRecords:
        - hostname: ns1.example.com.
          priority: 1
        - hostname: ns2.example.com.
          priority: 2
        - hostname: ns3.example.com.
          priority: 3

    designateAPI:
      networkAttachments:
        - {{ quote .Values.internalApiNetworkAttachment }}
      override:
        service:
          internal:
            metadata:
              annotations:
                metallb.universe.tf/address-pool: {{ quote .Values.internalApiAddressPool }}
                metallb.universe.tf/allow-shared-ip: {{ quote .Values.internalApiAddressPool }}
                metallb.universe.tf/loadBalancerIPs: {{ quote .Values.internalApiLBAddress }}
            spec:
              type: LoadBalancer

    designateBackendbind9:
      controlNetworkName: {{ quote .Values.designateNetworkAttachment }}
      networkAttachments:
        - {{ quote .Values.designateNetworkAttachment }}
      override:
        services:
          - metadata:
              annotations:
                metallb.universe.tf/address-pool: {{ quote .Values.designateExternalAddressPool }}
                metallb.universe.tf/allow-shared-ip: {{ quote .Values.designateExternalAddressPool }}
                metallb.universe.tf/loadBalancerIPs: {{ quote .Values.designateBind9LBAddress1 }}
            spec:
              type: LoadBalancer
          - metadata:
              annotations:
                metallb.universe.tf/address-pool: {{ quote .Values.designateExternalAddressPool }}
                metallb.universe.tf/allow-shared-ip: {{ quote .Values.designateExternalAddressPool }}
                metallb.universe.tf/loadBalancerIPs: {{ quote .Values.designateBind9LBAddress2 }}
            spec:
              type: LoadBalancer
          - metadata:
              annotations:
                metallb.universe.tf/address-pool: {{ quote .Values.designateExternalAddressPool }}
                metallb.universe.tf/allow-shared-ip: {{ quote .Values.designateExternalAddressPool }}
                metallb.universe.tf/loadBalancerIPs: {{ quote .Values.designateBind9LBAddress3 }}
            spec:
              type: LoadBalancer
      replicas: 3
      resources: {}
      serviceUser: designate
      storageClass: local-storage
      storageRequest: 10G

    designateCentral:
      replicas: 3

    designateMdns:
      networkAttachments:
        - {{ quote .Values.designateNetworkAttachment }}
      replicas: 3

    designateProducer:
      replicas: 3

    designateUnbound:
      defaultConfigOverwrite:
        01-unbound.conf: |
          server:
            verbosity: 2
            access-control: 127.0.0.0/8 allow
            access-control: ::1/128 allow
            module-config: "iterator"
        forwarders.conf: |
          forward-zone:
            name: "."
            forward-addr: 1.1.1.1
            forward-addr: 2606:4700:4700::1111
      networkAttachments:
        - {{ quote .Values.designateNetworkAttachment }}
      override:
        services:
          - metadata:
              annotations:
                metallb.universe.tf/address-pool: {{ quote .Values.designateExternalAddressPool }}
                metallb.universe.tf/allow-shared-ip: {{ quote .Values.designateExternalAddressPool }}
                metallb.universe.tf/loadBalancerIPs: {{ quote .Values.designateUnboundLBAddress1 }}
            spec:
              type: LoadBalancer
          - metadata:
              annotations:
                metallb.universe.tf/address-pool: {{ quote .Values.designateExternalAddressPool }}
                metallb.universe.tf/allow-shared-ip: {{ quote .Values.designateExternalAddressPool }}
                metallb.universe.tf/loadBalancerIPs: {{ quote .Values.designateUnboundLBAddress2 }}
            spec:
              type: LoadBalancer
          - metadata:
              annotations:
                metallb.universe.tf/address-pool: {{ quote .Values.designateExternalAddressPool }}
                metallb.universe.tf/allow-shared-ip: {{ quote .Values.designateExternalAddressPool }}
                metallb.universe.tf/loadBalancerIPs: {{ quote .Values.designateUnboundLBAddress3 }}
            spec:
              type: LoadBalancer
      replicas: 3
      resources: {}

    designateWorker:
      databaseAccount: designate
      networkAttachments:
        - {{ quote .Values.designateNetworkAttachment }}
      replicas: 3
[...]
      Actual resulting CR after reconciliation
        designate:
    apiOverride:
      route: {}
    enabled: true
    template:
      serviceUser: designate
      designateCentral:
        serviceUser: ''
        resources: {}
        backendMdnsServerProtocol: ''
        backendWorkerServerProtocol: ''
        backendType: ''
        secret: ''
        databaseAccount: ''
        serviceAccount: ''
        passwordSelectors:
          service: ''
        tls: {}
        replicas: 1
      preserveJobs: false
      resources: {}
      redisServiceName: designate-redis
      designateAPI:
        serviceUser: ''
        resources: {}
        apiTimeout: 0
        backendMdnsServerProtocol: ''
        override: {}
        backendWorkerServerProtocol: ''
        backendType: ''
        secret: ''
        databaseAccount: ''
        serviceAccount: ''
        passwordSelectors:
          service: ''
        tls:
          api:
            internal: {}
            public: {}
        replicas: 1
      customServiceConfig: '# add your customization here'
      designateProducer:
        serviceUser: ''
        resources: {}
        backendMdnsServerProtocol: ''
        backendWorkerServerProtocol: ''
        backendType: ''
        secret: ''
        databaseAccount: ''
        serviceAccount: ''
        passwordSelectors:
          service: ''
        tls: {}
        replicas: 1
      rabbitMqClusterName: rabbitmq
      apiTimeout: 120
      backendMdnsServerProtocol: ''
      backendWorkerServerProtocol: ''
      backendType: ''
      secret: control-plane
      databaseInstance: openstack
      designateMdns:
        serviceUser: ''
        resources: {}
        netUtilsImage: ''
        backendMdnsServerProtocol: ''
        override: {}
        backendWorkerServerProtocol: ''
        backendType: ''
        secret: ''
        databaseAccount: ''
        serviceAccount: ''
        passwordSelectors:
          service: ''
        tls: {}
        replicas: 1
        controlNetworkName: ''
      designateUnbound:
        override: {}
        replicas: 1
        resources: {}
        serviceAccount: ''
      databaseAccount: designate
      designateWorker:
        serviceUser: ''
        resources: {}
        backendMdnsServerProtocol: ''
        backendWorkerServerProtocol: ''
        backendType: ''
        secret: ''
        databaseAccount: ''
        serviceAccount: ''
        passwordSelectors:
          service: ''
        tls: {}
        replicas: 1
      passwordSelectors:
        service: DesignatePassword
      designateBackendbind9:
        serviceUser: ''
        resources: {}
        netUtilsImage: ''
        backendMdnsServerProtocol: ''
        override: {}
        backendWorkerServerProtocol: ''
        backendType: ''
        secret: ''
        databaseAccount: ''
        storageRequest: ''
        serviceAccount: ''
        passwordSelectors:
          service: ''
        replicas: 1
        controlNetworkName: ''
      designateNetworkAttachment: designate-openstack-network-attachments
      nsRecords:
        - hostname: ns1.example.com.
          priority: 1
        - hostname: ns2.example.com.
          priority: 2
        - hostname: ns3.example.com.
          priority: 3

      This behavior appears similar to OSPRH-14993 - Custom Configuration creation of some designate services not correct.

      Expected Behavior

      All specified values in the ControlPlane CR should be correctly propagated to the Designate configuration.

      Question / Request for Input

      Is this likely caused by a CR formatting/indentation issue on our side, or does it indicate that the Designate controller is not properly processing ControlPlane input?
      Any guidance on how to verify or debug this would be appreciated.

       

              rhn-engineering-beagles Brent Eagles
              uncle.iroh Alexander Kaeb (Inactive)
              rhos-dfg-networking-squad-vans
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: