K8SPSMDB-1608: add externaldns anotation to create dns for created loadbalancer by myJamong · Pull Request #2280 · percona/percona-server-mongodb-operator

myJamong · 2026-03-09T14:35:04Z

CHANGE DESCRIPTION

Problem:
When expose.enabled: true with type: LoadBalancer, each per-pod Service gets an auto-assigned LB hostname (e.g., a1b2c3d4e5.elb.amazonaws.com). These hostnames are not human-readable, long, and unpredictable. The existing expose.annotations field applies the same annotations to every per-pod Service, making it impossible to assign a unique external-dns.alpha.kubernetes.io/hostname per pod.

This is the issue I made: #2267

Cause:
There was no built-in mechanism to generate unique, per-pod DNS hostname annotations. Users had to manually manage DNS records for each pod's LoadBalancer endpoint.

Solution:
Add an optional externalDNS field under expose that automatically generates unique external-dns.alpha.kubernetes.io/hostname annotations for each per-pod Service, enabling ExternalDNS to create human-readable DNS records in any supported DNS provider (Route53, Cloud DNS, Azure DNS, etc.).

Configuration

replsets:
  - name: rs0
    size: 3
    expose:
      enabled: true
      type: LoadBalancer
      externalDNS:
        prefix: "service-name"                    # required
        domain: "mongo.example.com"       # required
        ttl: 300                          # optional

Generated Annotations

Each per-pod Service gets a unique hostname annotation:

Service	Annotation
`my-cluster-rs0-0`	`external-dns.alpha.kubernetes.io/hostname: service-name-rs0-0.mongo.example.com`
`my-cluster-rs0-1`	`external-dns.alpha.kubernetes.io/hostname: service-name-rs0-1.mongo.example.com`
`my-cluster-rs0-2`	`external-dns.alpha.kubernetes.io/hostname: service-name-rs0-2.mongo.example.com`

If ttl is set, the external-dns.alpha.kubernetes.io/ttl annotation is also added.

Supported Components

Component	Hostname Format
Replica sets	`{prefix}-{replsetName}-{podIndex}.{domain}`
Config servers	Same path as replica sets, fully supported
Mongos (ServicePerPod=true)	`{prefix}-mongos-{podIndex}.{domain}`
Mongos (ServicePerPod=false)	`{prefix}-mongos.{domain}`

Note on `serviceAnnotations` overlap

If serviceAnnotations contains external-dns.alpha.kubernetes.io/hostname, the externalDNS config takes precedence and overwrites it. This is by design — when externalDNS is configured, it owns the hostname annotation.

CHECKLIST

Jira

Is the Jira ticket created and referenced properly?
Does the Jira ticket have the proper statuses for documentation (Needs Doc) and QA (Needs QA)?
Does the Jira ticket link to the proper milestone (Fix Version field)?

Tests

Is an E2E test/test case added for the new feature/change?
Are unit tests added where appropriate?
Are OpenShift compare files changed for E2E tests (compare/*-oc.yml)?

Config/Logging/Testability

Are all needed new/changed options added to default YAML files?
Are all needed new/changed options added to the Helm Chart?
Did we add proper logging messages for operator actions?
Did we ensure compatibility with the previous version or cluster upgrade process?
Does the change support oldest and newest supported MongoDB version?
Does the change support oldest and newest supported Kubernetes version?

egegunes · 2026-03-10T06:01:02Z

+	// +kubebuilder:validation:Required
+	Prefix string `json:"prefix"`


maybe prefix shouldn't be required and operator should use the cluster name by default

I think its a great idea. I changed it to have default cr name - ee194e4

egegunes · 2026-03-10T06:03:37Z

+			if dns.Prefix == "" || dns.Domain == "" {
+				return errors.Errorf("externalDNS requires both prefix and domain for replset %s", rs.Name)
+			}


even though this will be handled on CRD level, I think we should do this check in CheckNSetDefaults

I moved the validation logic - 19a85b2

Thanks for the review!

…unctions to CheckNSetDefaults.

egegunes · 2026-03-10T09:01:58Z

@myJamong please fix manifests by running make generate manifests VERSION=main

mayankshah1607 · 2026-04-14T12:06:42Z

+		if rs.Expose.ExternalDNS != nil && !rs.Expose.Enabled {
+			log.Info("externalDNS is configured but expose is not enabled, skipping DNS annotations", "replset", rs.Name)
+		}


Will this get logged on every reconciliation?

@mayankshah1607
You're right, this fires every reconcile. The log prints about every ~11s (default reconcile interval) and it is quite noisy.

Let me change it back to just silently skip when expose is disabled.
Thanks for catching this.

Removed the logging parts.
abd5cfa

JNKPercona · 2026-04-23T08:56:46Z

Test Name	Result	Time
arbiter	passed	00:11:28
balancer	passed	00:18:05
cross-site-sharded	passed	00:18:35
custom-replset-name	passed	00:10:19
custom-tls	passed	00:14:18
custom-users-roles	passed	00:10:22
custom-users-roles-sharded	passed	00:11:25
data-at-rest-encryption	passed	00:12:31
data-sharded	passed	00:23:15
demand-backup	passed	00:15:47
demand-backup-eks-credentials-irsa	passed	00:00:06
demand-backup-fs	passed	00:22:51
demand-backup-if-unhealthy	failure	00:52:17
demand-backup-incremental-aws	passed	00:12:25
demand-backup-incremental-azure	passed	00:11:24
demand-backup-incremental-gcp-native	passed	00:12:03
demand-backup-incremental-gcp-s3	passed	00:11:03
demand-backup-incremental-minio	passed	00:25:20
demand-backup-incremental-sharded-aws	passed	00:19:03
demand-backup-incremental-sharded-azure	passed	00:17:36
demand-backup-incremental-sharded-gcp-native	passed	00:17:19
demand-backup-incremental-sharded-gcp-s3	passed	00:17:23
demand-backup-incremental-sharded-minio	passed	00:27:07
demand-backup-physical-parallel	passed	00:08:41
demand-backup-physical-aws	passed	00:12:15
demand-backup-physical-azure	passed	00:12:24
demand-backup-physical-gcp-s3	passed	00:12:06
demand-backup-physical-gcp-native	passed	00:12:37
demand-backup-physical-minio	passed	00:20:07
demand-backup-physical-minio-native	passed	00:25:56
demand-backup-physical-minio-native-tls	passed	00:19:46
demand-backup-physical-sharded-parallel	passed	00:11:31
demand-backup-physical-sharded-aws	passed	00:17:51
demand-backup-physical-sharded-azure	passed	00:18:07
demand-backup-physical-sharded-gcp-native	passed	00:17:26
demand-backup-physical-sharded-minio	failure	00:17:02
demand-backup-physical-sharded-minio-native	passed	00:17:27
demand-backup-sharded	passed	00:26:23
disabled-auth	passed	00:16:18
expose-sharded	passed	00:34:05
finalizer	passed	00:10:20
ignore-labels-annotations	passed	00:07:46
init-deploy	passed	00:12:40
ldap	passed	00:08:58
ldap-tls	passed	00:12:44
limits	passed	00:06:13
liveness	passed	00:08:57
mongod-major-upgrade	passed	00:13:14
mongod-major-upgrade-sharded	passed	00:23:03
monitoring-2-0	passed	00:25:23
monitoring-pmm3	passed	00:28:46
multi-cluster-service	passed	00:13:45
multi-storage	passed	00:19:15
non-voting-and-hidden	passed	00:16:29
one-pod	passed	00:08:21
operator-self-healing-chaos	passed	00:15:40
pitr	passed	00:33:56
pitr-physical	passed	01:01:49
pitr-sharded	passed	00:23:37
pitr-to-new-cluster	passed	00:29:36
pitr-physical-backup-source	passed	00:55:33
preinit-updates	passed	00:05:36
pvc-auto-resize	passed	00:14:51
pvc-resize	passed	00:16:53
recover-no-primary	passed	00:27:12
replset-overrides	passed	00:18:13
replset-remapping	passed	00:16:15
replset-remapping-sharded	passed	00:18:02
rs-shard-migration	passed	00:14:42
scaling	passed	00:11:12
scheduled-backup	passed	00:17:08
security-context	passed	00:07:08
self-healing-chaos	passed	00:15:04
service-per-pod	passed	00:18:41
serviceless-external-nodes	passed	00:07:20
smart-update	passed	00:08:05
split-horizon	passed	00:14:39
stable-resource-version	passed	00:04:45
storage	passed	00:07:32
tls-issue-cert-manager	passed	00:29:58
unsafe-psa	passed	00:07:48
upgrade	passed	00:09:34
upgrade-consistency	passed	00:06:14
upgrade-consistency-sharded-tls	passed	00:54:51
upgrade-sharded	passed	00:19:39
upgrade-partial-backup	passed	00:15:19
users	passed	00:17:13
users-vault	passed	00:13:02
version-service	passed	00:24:37

Summary	Value
Tests Run	89/89
Job Duration	03:18:03
Total Test Time	26:10:25

commit: abd5cfa
image: perconalab/percona-server-mongodb-operator:PR-2280-abd5cfa0

myJamong added 3 commits March 6, 2026 18:14

add externaldns annotations

c613276

add validation for ttl and mongos

f22a115

add unit test

90546a3

myJamong requested review from egegunes, gkech, hors, mayankshah1607, nmarukovich, oksana-grishchenko and pooknull as code owners March 9, 2026 14:35

pull-request-size Bot added the size/L 100-499 lines label Mar 9, 2026

change example cr prod to service-name

efb7c81

myJamong changed the title ~~No ticket yet add externaldns anotation~~ add externaldns anotation to create dns for created loadbalancer Mar 9, 2026

add externalDNS field to CRD schema and deepcopy

f991502

egegunes added the community label Mar 10, 2026

egegunes changed the title ~~add externaldns anotation to create dns for created loadbalancer~~ K8SPSMDB-1608: add externaldns anotation to create dns for created loadbalancer Mar 10, 2026

egegunes requested changes Mar 10, 2026

View reviewed changes

egegunes added this to the v1.23.0 milestone Mar 10, 2026

myJamong added 2 commits March 10, 2026 15:55

remove required for prefix and use cr name as default

ee194e4

Move externalDNS validation and default prefix logic from reconcile f…

19a85b2

…unctions to CheckNSetDefaults.

egegunes previously approved these changes Mar 10, 2026

View reviewed changes

run make generate manifest

ff70a0b

myJamong dismissed egegunes’s stale review via ff70a0b March 10, 2026 10:08

myJamong requested review from eleo007, jvpasinatto and valmiranogueira as code owners March 10, 2026 10:08

egegunes previously approved these changes Mar 11, 2026

View reviewed changes

hors previously approved these changes Apr 12, 2026

View reviewed changes

pooknull previously approved these changes Apr 14, 2026

View reviewed changes

mayankshah1607 reviewed Apr 14, 2026

View reviewed changes

remove log for every reconcile loop

abd5cfa

myJamong dismissed stale reviews from pooknull, hors, and egegunes via abd5cfa April 23, 2026 05:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

K8SPSMDB-1608: add externaldns anotation to create dns for created loadbalancer#2280

K8SPSMDB-1608: add externaldns anotation to create dns for created loadbalancer#2280
myJamong wants to merge 9 commits intopercona:mainfrom
myJamong:NO-TICKET-YET-add-externaldns-anotation

myJamong commented Mar 9, 2026

Uh oh!

egegunes Mar 10, 2026

Uh oh!

myJamong Mar 10, 2026

Uh oh!

egegunes Mar 10, 2026

Uh oh!

myJamong Mar 10, 2026

Uh oh!

egegunes commented Mar 10, 2026

Uh oh!

mayankshah1607 Apr 14, 2026

Uh oh!

myJamong Apr 23, 2026

Uh oh!

myJamong Apr 23, 2026

Uh oh!

JNKPercona commented Apr 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

		// +kubebuilder:validation:Required
		Prefix string `json:"prefix"`

Conversation

myJamong commented Mar 9, 2026

CHANGE DESCRIPTION

Configuration

Generated Annotations

Supported Components

Note on serviceAnnotations overlap

CHECKLIST

Uh oh!

egegunes Mar 10, 2026

Choose a reason for hiding this comment

Uh oh!

myJamong Mar 10, 2026

Choose a reason for hiding this comment

Uh oh!

egegunes Mar 10, 2026

Choose a reason for hiding this comment

Uh oh!

myJamong Mar 10, 2026

Choose a reason for hiding this comment

Uh oh!

egegunes commented Mar 10, 2026

Uh oh!

mayankshah1607 Apr 14, 2026

Choose a reason for hiding this comment

Uh oh!

myJamong Apr 23, 2026

Choose a reason for hiding this comment

Uh oh!

myJamong Apr 23, 2026

Choose a reason for hiding this comment

Uh oh!

JNKPercona commented Apr 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Note on `serviceAnnotations` overlap