Skip to content

feat: cleanup DNS on FQDN change #166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gifff wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: cleanup DNS on FQDN change #166

gifff wants to merge 1 commit into from

Conversation

@gifff
Copy link
Contributor

@gifff gifff commented May 17, 2025

Fix #70

Rough idea for getting the hostnames diff between current state and previous state.

adyanth
adyanth reviewed May 17, 2025
View reviewed changes
internal/controller/tunnelbinding_controller.go
configmap *corev1.ConfigMap
fallbackTarget string
cfAPI *cf.API
removedHostnames []string
Copy link
Owner

@adyanth adyanth May 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would this have hostnames from all tunnel bindings? I don't particularly like that tbh, where modifying one can result in a cleanup from another binding.

Could we do something per tunnelBinding utilizing status to keep track of previous, and delete them if the spec is changed to a new one?

Copy link
Contributor Author

@gifff gifff May 19, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it only holds removed hostnames for a particular tunnelBinding.

But the way the code is put together, the removedHostnames are shared across tunnelBinding reconciliation. This is fine as long as the MaxConcurrentReconciles is not set (defaults to 1) which it is now, and would get problematic if the concurrency is set larger than 1.

@gifff gifff force-pushed the feat/cleanup-dns branch from 6ef27cb to 5bfb355 Compare July 6, 2025 10:04
StringKe referenced this pull request in StringKe/cloudflare-operator Jan 7, 2026
@StringKe @claude
feat: add Zero Trust CRDs and controllers
0517a96 
Implement comprehensive Cloudflare Zero Trust Kubernetes operator with 18 CRDs:

**New CRDs:**
- AccessApplication: Zero Trust application definitions
- AccessGroup: Reusable access policy groups
- AccessIdentityProvider: IdP configurations (OIDC, SAML, GitHub, Azure AD)
- AccessServiceToken: Machine-to-machine authentication tokens
- VirtualNetwork: Cloudflare virtual networks for traffic isolation
- NetworkRoute: IP routes through tunnels to private networks
- PrivateService: Expose K8s Services via WARP private IPs
- GatewayRule: Gateway DNS/HTTP/network policies
- GatewayList: Lists for gateway policy rules
- GatewayConfiguration: Global gateway settings
- DeviceSettingsPolicy: WARP client settings and split tunnels
- DevicePostureRule: Device posture checks for Zero Trust
- DNSRecord: DNS record management
- WARPConnector: WARP connector deployments

**Enhancements:**
- Add EnableWarpRouting to Tunnel/ClusterTunnel for private network access
- Add cluster-resource-namespace flag with Downward API injection (PR #178)
- Store previous-hostnames in TunnelBinding annotation (PR #166)
- Fix Secret finalizer order in cleanupTunnel (PR #158)

**API Clients:**
- Access API: Applications, Groups, Identity Providers, Service Tokens
- Gateway API: Rules, Lists, Configurations
- Device API: Split Tunnel, Fallback Domains, Posture Rules
- Network API: Virtual Networks, Routes
- DNS API: Record management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
StringKe referenced this pull request in StringKe/cloudflare-operator Jan 7, 2026
@StringKe @claude
chore: bump version to 0.14.0
efe3885 
Release v0.14.0 with Zero Trust CRDs:
- 14 new CRDs for Access, Gateway, Device, and Network management
- WARP routing support for private network access
- Upstream PR fixes (#178, #166, #158)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adyanth adyanth adyanth left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Modifying fqdn in an existing TunnelBinding does not clean up DNS records

2 participants

@gifff @adyanth