Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-22559

Implement TSIG secret management and per-pool DNS services for multipool mode

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • designate-operator
    • None
    • Important

      Goal: 

      Implementing automated TSIG secret lifecycle management and creating pool-specific Kubernetes LoadBalancer services. TSIG (Transaction Signature) authentication is required for mdns to communicate with non-default BIND pools. Additionally, each pool needs dedicated services (per bind instance) that route to pool-specific pods.

      Acceptance Criteria:

      TSIG Secret Management:
        - Verify TSIG secret is automatically created when multipool ConfigMap is applied
        - Verify secret contains TSIG keys for all non-default pools (pool1, pool2, etc.) - pool0/default pool does not require TSIG
        - Verify secret includes server blocks mapping all mdns pod IPs to appropriate TSIG keys
        - Verify secret is updated when pools are added or mdns pod IPs change
        - Verify secret is deleted when reverting from multipool to single-pool mode
        - Verify TSIG secret is mounted to non-default pool BIND pods via volume mounts

        Pool-Specific Services:
        - Verify each pool replica gets a dedicated LoadBalancer service (e.g., designate-backendbind9-pool0-0, designate-backendbind9-pool1-0)
        - Verify service selectors match pool-specific StatefulSet pod names
        - Verify services are created with correct LoadBalancer annotations and IPs from override configuration
        - Verify pool-specific services are deleted when pools are removed
        - Verify service names follow backward-compatible pattern for pool0 (default pool)

        Migration Handling:
        - Verify single-to-multipool migration creates TSIG secret and pool services
        - Verify multipool-to-single migration deletes TSIG secret and pool services, skips single-pool services
        - Verify no manual intervention required during service topology changes

              oschwart1 Omer Schwartz
              oschwart1 Omer Schwartz
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: