Cloudflare support

[ytsarev]

Cloudflare support

• Add Cloudflare support following the https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/cloudflare.md

• Eventually fixes Cloudflare GSLB support #884 and Cloudflare EdgeDNS support #944

It is early stage PR and requires thorough end-to-end testing before the merge.

I made only very initial tests making sure that external-dns can access cloudflare API with the valid API token

How to test this PR:

• deploy k8gb with

cloudflare:
  # -- Enable Cloudflare provider
  enabled: true
  # -- Cloudflare Zone ID
  zoneID: replaceme

• create cloudflare API token in k8gb namespace

kubectl -n k8gb create secret generic cloudflare --from-literal=token=secret_token_value

Make sure that there is no newline character in the secret, otherwise the authentication will fail

• k -n k8gb logs -f deploy/external-dns - you should see no authentication errors

time="2023-09-23T01:13:40Z" level=debug msg="zoneIDFilter configured. only looking up zone IDs defined"

That is the baseline.

Now we need to start creating Gslb objects and observe the actual DNS record population on Cloudflare side.

This part of the testing is not done yet, and we will need community help here.

[ytsarev]

I proceeded a bit further with testing.

Having this in external-dns logs

time="2023-09-23T09:46:05Z" level=error msg="failed to create record: DNS Validation Error (1004)" action=CREATE record=gslb-ns-eu-test.k8gb.io ttl=30 type=A zone=37c15d7c15808f1882bf168542d0d40b

Found possible root cause at https://wordathemes.com/cloudflare-dns-validation-error-code-1004/#:~:text=Ensure%20Correct%20TTL%20Value,to%20the%20DNS%20validation%20limit.

Ensure Correct TTL Value
Another major reason for the code 1004 error is an invalid TTL value. Cloudflare recommends using a TTL value between 120 and 2,147,483,647. However, some users may try to limit it to a much lower value to reduce the DNS propagation time. This can lead to the DNS validation limit. To avoid this, it’s recommended to set the TTL value to 1 or to use the automatic setting.

Standard low TTL values that are used in k8gb setup by default are too low for cloudflare.

I will try to play with TTL values.

[ytsarev]

Alight, after adding

  strategy:
    dnsTtlSeconds: 120

to Gslb spec I can see glue A records created for the zone delegation

Next challenge: teach extenrnal-dns cloudflare provider to create NS records.

It looks like it is disabled and we need to create PR similar to kubernetes-sigs/external-dns#2835

[ytsarev]

I've found the root cause for NS records not being created and fixed it in 8e9035e

It looks great after the fix:

PR is ready for the full e2e test

[netlify]

✅ Deploy Preview for k8gb-preview ready!

Name	Link
🔨 Latest commit	10e0ffa
🔍 Latest deploy log	https://app.netlify.com/sites/k8gb-preview/deploys/655156e05cc8950008b04c3e
😎 Deploy Preview	https://deploy-preview-1278--k8gb-preview.netlify.app/docs/deploy_cloudflare
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[ytsarev]

Documentation preview is available at https://deploy-preview-1278--k8gb-preview.netlify.app/docs/deploy_cloudflare, the PR is fully ready for the review