Skip to content

Use External DNS in OBC Host in Case OBC Is Remote OBC#1890

Open
shirady wants to merge 2 commits intonoobaa:masterfrom
shirady:change-provisioner-s3host-address
Open

Use External DNS in OBC Host in Case OBC Is Remote OBC#1890
shirady wants to merge 2 commits intonoobaa:masterfrom
shirady:change-provisioner-s3host-address

Conversation

@shirady
Copy link
Copy Markdown
Contributor

@shirady shirady commented Apr 23, 2026

Describe the problem

Part of RHSTOR-6230
In case the OBC is remote OBC we would like the details of the BUCKET_HOST to be of the external DNS instead of the internal DNS, as those details are copied to the config map on the client cluster.

Explain the changes

  1. Add a function that would part what we have in the external DNS value (the first value is Openshift Route) and use it in case we have the annotation of remote-obc-creation: "true".

Issues:

  1. No issue was reported, we wanted to have better information on the client cluster that would be reflected on the config map that holds the connection details.

Testing Instructions:

Manul Test:

Requirements:

  1. Set up with 2 clusters: Provider with a storage system and a client cluster connected to it (after onboarding).
  2. Install the NooBaa OB and OBC CRDs

Steps:

  1. Client cluster: create an OBC
  2. Client cluster - you can check the values you got on the config map with the matching name - that the BUCKET_HOST will be external DNS (same as it is on the provider cluster with oc get route s3 -n openshift-storage)
    Note: We can also deploy a pod to consume the details directly - see comment below.

Note: Manual test was done only for S3 OBCs.

  • Doc added/updated
  • Tests added

Summary by CodeRabbit

  • New Features
    • Remote OBC provisioning now detects remote OBC usage and automatically configures bucket connection endpoints using externally exposed DNS details from associated services.
    • Added warning event notifications when external DNS information is unavailable, enabling graceful fallback to standard internal endpoint configuration.

Signed-off-by: shirady <57721533+shirady@users.noreply.github.com>
@shirady shirady self-assigned this Apr 23, 2026
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 23, 2026

📝 Walkthrough

Walkthrough

Extends the bucket provisioner to detect and handle remote OBC instances by overriding connection endpoints with externally exposed DNS details from service status. Adds a helper function to extract and parse external DNS information, with fallback warning event emission when external DNS is unavailable.

Changes

Cohort / File(s) Summary
Remote OBC Endpoint Override
pkg/obc/provisioner.go
Added detection of remote OBC usage via annotation check, conditional endpoint override using external DNS from service status, new getExternalDNSDetails helper for DNS parsing and port conversion, and warning event emission on DNS resolution failure.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: using external DNS for remote OBC host configuration, which directly matches the PR's objective.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description check ✅ Passed The PR description adequately explains the problem, changes, and provides manual testing instructions, but lacks automated tests and documentation updates.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/obc/provisioner.go`:
- Around line 951-971: Rename the IsVectorService parameter to isVectorService
(lowercase) and update getExternalDNSDetails to set a serviceName string based
on isVectorService (e.g., "s3" vs "vectors") to use in error messages; obtain
the port string via portStr := uri.Port(), use strconv.Atoi(portStr) and, on
error, include portStr (not hostname) in the formatted error (and reference
serviceName in the "no external ..." error) so messages correctly reflect the
service type and the failing port value.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3822c726-c187-4262-8bd6-65cda13b251f

📥 Commits

Reviewing files that changed from the base of the PR and between d238ef5 and 8c08327.

📒 Files selected for processing (1)
  • pkg/obc/provisioner.go

Comment thread pkg/obc/provisioner.go
@shirady
Copy link
Copy Markdown
Contributor Author

shirady commented Apr 23, 2026

Additional Testing information

We can also deploy a pod to consume the details directly -
It is based on the docs in section (embedding-obc-in-the-application) and generated changes (done using AI):

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  namespace: test-app
  labels:
    app: my-app
spec:
  containers:
  - name: app
    envFrom:
    - secretRef:
        name: shira-obc-0103
    - configMapRef:
        name: shira-obc-0103
    image: banst/awscli
    command:
    - sh
    - "-c"
    - |
      echo "----> Setting up AWS CLI...";
      # Use the ENDPOINT from the route on the provider cluster
      ENDPOINT="https://$BUCKET_HOST:$BUCKET_PORT"
      echo "----> Listing buckbuckets"
      aws s3 ls --endpoint-url "$ENDPOINT" --no-verify-ssl
      echo "----> put an object to the OBC bucket"
      echo 'test_data' | aws s3 cp - s3://${BUCKET_NAME}/test_data.txt --endpoint-url "$ENDPOINT" --no-verify-ssl
      echo "----> Listing OBC bucket"
      aws s3 ls "s3://${BUCKET_NAME}" --endpoint-url "$ENDPOINT" --no-verify-ssl
      echo "----> Done.";
      # Keep the container alive
      tail -f /dev/null

On the client cluster - apply the pod: oc apply -f <path>
Check it is running: oc get pod -n test-app

NAME     READY   STATUS    RESTARTS   AGE
my-pod   1/1     Running   0          12s

Check the logs: oc logs -n test-app my-pod

----> Setting up AWS CLI...
----> Listing buckbuckets
2026-04-23 11:11:07 shira-obc-0103-f89a53e7-835e-4487-bde8-35b2eb4a854d
/root/.local/lib/python3.7/site-packages/urllib3/connectionpool.py:986: InsecureRequestWarning: Unverified HTTPS request is being made to host 's3-openshift-storage.apps.sdsd-provider.ocs-2.syseng.devcluster.openshift.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning,
----> put an object to the OBC bucket
/root/.local/lib/python3.7/site-packages/urllib3/connectionpool.py:986: InsecureRequestWarning: Unverified HTTPS request is being made to host 's3-openshift-storage.apps.sdsd-provider.ocs-2.syseng.devcluster.openshift.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning,
----> Listing OBC bucket
2026-04-23 11:34:44         10 test_data.txt
/root/.local/lib/python3.7/site-packages/urllib3/connectionpool.py:986: InsecureRequestWarning: Unverified HTTPS request is being made to host 's3-openshift-storage.apps.sdsd-provider.ocs-2.syseng.devcluster.openshift.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning,
----> Done.

Signed-off-by: shirady <57721533+shirady@users.noreply.github.com>
@shirady shirady requested a review from karthikps97 April 23, 2026 12:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant