[WIP] NE-2411: Add templates field to DNS operator

[grzpiotrowski]

No description provided.

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

Hello @grzpiotrowski! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[coderabbitai]

📝 Walkthrough

Walkthrough

The changes introduce a new DNS template plugin feature with two main components. A feature gate FeatureGateDNSTemplatePlugin is added to control feature rollout across different preview stages. The DNS configuration is extended with template support, enabling template-driven DNS responses. New types define templates with zone matching, query type and class filters, and actions that determine response behavior for matching queries. The implementation uses a discriminated union pattern for response actions, with support for returning empty responses.

🚥 Pre-merge checks | ✅ 7 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	No pull request description was provided by the author, making it impossible to evaluate relatedness to the changeset.	Add a description explaining the purpose, motivation, and details of the templates field addition to the DNS operator.

✅ Passed checks (7 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	This pull request does not contain any Ginkgo test files or test patterns. The modifications are limited to feature gate and DNS type definitions.
Test Structure And Quality	✅ Passed	The pull request contains only API type definitions and feature gate declarations, with no Ginkgo test code present, making this check not applicable.
Microshift Test Compatibility	✅ Passed	The pull request does not introduce any new Ginkgo e2e tests. The changes consist exclusively of API/CRD type definitions: a new feature gate variable in features/features.go and new DNS template types in operator/v1/types_dns.go. No test files were added or modified according to the git diff. Since the MicroShift Test Compatibility check applies only to new Ginkgo e2e tests (It(), Describe(), Context(), When(), etc.), and this PR contains no such tests, the check is not applicable and therefore passes.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	The pull request does not introduce any new Ginkgo e2e tests. The PR only modifies two API definition files: features/features.go and operator/v1/types_dns.go, neither containing test code patterns.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This pull request does not introduce any new Ginkgo e2e tests. The changes consist solely of API type definitions and a feature gate declaration. Since no test files or e2e test functions are present, the check is not applicable.
Title check	✅ Passed	The title accurately describes the main change: adding a templates field to the DNS operator, which is reflected in both the feature gate introduction and the new Templates field in DNSSpec.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign everettraven for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[grzpiotrowski]

/retitle [WIP] NE-2411: Add templates field to DNS operator

[openshift-ci-robot]

@grzpiotrowski: This pull request references NE-2411 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@operator/v1/types_dns.go`:
- Around line 528-535: The Zones slice lacks per-item format validation; update
the Zones field in operator/v1/types_dns.go to add a kubebuilder validation
Pattern that enforces RFC1123 DNS names or the literal ".". Specifically, add a
comment like //
+kubebuilder:validation:Pattern="^(\\.|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)$"
immediately above the Zones []string `json:"zones"` declaration so each entry is
validated as either "." or an RFC1123-compliant name. Ensure the annotation is
placed alongside the existing Required/MinItems tags.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 964b4669-8aa2-4d3f-bc4d-79f2a6924c53

📥 Commits

Reviewing files that changed from the base of the PR and between 5e946e2 and 23bfcb6.

📒 Files selected for processing (2)

• features/features.go
• operator/v1/types_dns.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add schema validation for zones item format.

The comments require RFC1123-compatible zones (plus "."), but the schema currently only enforces presence/count. That allows malformed zones to be persisted and fail downstream.

Suggested CRD validation guard

 type Template struct {
 	// zones specifies the DNS zones this template applies to.
 	// Each zone must be a valid DNS name as defined in RFC 1123.
 	// The special zone "." matches all domains (catch-all).
 	// At least one zone must be specified.
+	// +kubebuilder:validation:items:Pattern=`^(\.|([a-z0-9]([-a-z0-9]*[a-z0-9])?)(\.([a-z0-9]([-a-z0-9]*[a-z0-9])?))*)$`
 	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:MinItems=1
 	Zones []string `json:"zones"`

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// zones specifies the DNS zones this template applies to.
	// Each zone must be a valid DNS name as defined in RFC 1123.
	// The special zone "." matches all domains (catch-all).
	// At least one zone must be specified.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	Zones []string `json:"zones"`
	// zones specifies the DNS zones this template applies to.
	// Each zone must be a valid DNS name as defined in RFC 1123.
	// The special zone "." matches all domains (catch-all).
	// At least one zone must be specified.
	// +kubebuilder:validation:items:Pattern=`^(\.|([a-z0-9]([-a-z0-9]*[a-z0-9])?)(\.([a-z0-9]([-a-z0-9]*[a-z0-9])?))*)$`
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	Zones []string `json:"zones"`

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@operator/v1/types_dns.go` around lines 528 - 535, The Zones slice lacks
per-item format validation; update the Zones field in operator/v1/types_dns.go
to add a kubebuilder validation Pattern that enforces RFC1123 DNS names or the
literal ".". Specifically, add a comment like //
+kubebuilder:validation:Pattern="^(\\.|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)$"
immediately above the Zones []string `json:"zones"` declaration so each entry is
validated as either "." or an RFC1123-compliant name. Ensure the annotation is
placed alongside the existing Required/MinItems tags.