Now battling with nameservers in container

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "terminal.explorerKind": "integrated"
+}

Dockerfile

@@ -34,6 +34,7 @@ RUN chown -R root:root /root/.bashrc && \
 RUN apk add --no-cache alpine-conf && \
     setup-timezone -z Africa/Johannesburg 
 #    chmod 0644 /etc/krb5.conf
+COPY config/resolv.sh /etc/resolv.conf
 
 ENV RUNNING_IN_DOCKER true
 ENV DEBIAN_FRONTEND=noninteractive

Makefile

@@ -12,7 +12,7 @@ OUT := $(shell pwd)/_out
 
 KUBEBUILDER_VERSION=1.28.0
 
-HELM_FILES := $(shell find deploy/sthome-webhook)
+HELM_FILES := $(shell find "deploy/sthome-webhook")
 
 dependencies:
 	go mod tidy
@@ -52,17 +52,21 @@ build:  rendered-manifest.yaml dependencies bin/buildversion.exe version.txt
 	docker build --pull --rm -f "Dockerfile" -t "stuurmcp/$(IMAGE_NAME):latest" -t "stuurmcp/$(IMAGE_NAME):$(shell head -n 1 version.txt)" "." 
 	docker image push "docker.io/stuurmcp/$(IMAGE_NAME):$(shell head -n 1 version.txt)" 
 	docker image push "docker.io/stuurmcp/$(IMAGE_NAME):latest" 
-	helm package deploy/sthome-webhook -d //truenas/Shared_data/Chris/clusterissuer/charts/
+	helm package \
-
+	    -n ix-sthome-webhook2\
-.PHONY: rendered-manifest.yaml
+			--version $(shell head -n 1 version.txt) \
-rendered-manifest.yaml: $(OUT)/rendered-manifest.yaml
+			deploy/sthome-webhook \
+			-d //truenas/Shared_data/Chris/clusterissuer/charts/
 
 $(OUT)/rendered-manifest.yaml: $(HELM_FILES) | $(OUT)
 	helm template \
-	    sthome-webhook -n ix-cert-manager\
+	    sthome-webhook -n ix-sthome-webhook2\
 			--set image.repository=$(IMAGE_NAME) \
 			--set image.tag=$(shell head -n 1 version.txt) \
 			deploy/sthome-webhook > $@
 
+.PHONY: rendered-manifest.yaml
+rendered-manifest.yaml: $(OUT)/rendered-manifest.yaml
+
 _test $(OUT) _test/kubebuilder-$(KUBEBUILDER_VERSION)-$(OS)-$(ARCH):
 	mkdir -p $@

cmd/buildversion.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"fmt"
-	"log"
 	"os"
 	"strconv"
 	"strings"
@@ -10,8 +9,8 @@ import (
 )
 
 const (
-	chartfile   = "./deploy/sthome-webhook/Chart.yaml"
+	//chartfile   = "./deploy/sthome-webhook/Chart.yaml"
-	valuesfile  = "./deploy/sthome-webhook/values.yaml"
+	//valuesfile  = "./deploy/sthome-webhook/values.yaml"
 	tagprefix   = "  tag: "
 	vertxtfile  = "./version.txt"
 	apiVersion  = "v1"
@@ -20,8 +19,8 @@ const (
 )
 
 var (
-	buildTime        string
+	buildTime string
-	appVersion       string
+	//appVersion       string
 	longversion      string
 	multilineversion string
 )
@@ -45,16 +44,17 @@ func main() {
 	bNum, _ := strconv.Atoi(vLines[2])
 	bNum++
 	longversion = version + "." + fmt.Sprint(bNum)
-	appVersion = "v" + longversion
+	//appVersion = "v" + longversion
 	// Generate a single string to write back to the file
 	multilineversion = longversion + "\n" + buildTime + "\n" + fmt.Sprint(bNum)
-	chartStr := "apiVersion: " + apiVersion + "\nappVersion: " + appVersion + "\ndescription: " + description + "\nname: " + name + "\nversion: " + longversion + "\n"
+	//chartStr := "apiVersion: " + apiVersion + "\nappVersion: " + appVersion + "\ndescription: " + description + "\nname: " + name + "\nversion: " + longversion + "\n"
 	// Write the data back to the file.
 	_ = os.WriteFile(vertxtfile, []byte(multilineversion), 0777)
-	_ = os.WriteFile(chartfile, []byte(chartStr), 0777)
+	//_ = os.WriteFile(chartfile, []byte(chartStr), 0777)
-	replacetxtfilelines(valuesfile, tagprefix, tagprefix+longversion)
+	//replacetxtfilelines(valuesfile, tagprefix, tagprefix+longversion)
 }
 
+/*
 func replacetxtfilelines(filename string, textLinePrefix string, replacetext string) {
 	input, err := os.ReadFile(filename)
 	if err != nil {
@@ -74,3 +74,4 @@ func replacetxtfilelines(filename string, textLinePrefix string, replacetext str
 		log.Fatalln(err)
 	}
 }
+*/

config/resolv.sh

@@ -0,0 +1,4 @@
+search ix-sthome-webhook2.svc.cluster.local svc.cluster.local cluster.local sthome.lan
+nameserver 10.0.0.15
+nameserver 172.17.0.10
+options ndots:5

deploy/sthome-webhook/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: v0.0.5-alpha.24
+appVersion: v0.0.5-alpha.33
 description: Cert-Manager webhook for sthome
 name: sthome-webhook
-version: 0.0.5-alpha.24
+version: 0.0.5-alpha.33

deploy/sthome-webhook/templates/deployment.yaml

@@ -31,6 +31,13 @@ spec:
             - --tls-cert-file=/tls/tls.crt
             - --tls-private-key-file=/tls/tls.key
             - --secure-port=8443
+        {{- range $key, $value := .Values.extraArgs }}
+            {{- if $value }}
+            - --{{ $key }}={{ $value }}
+            {{- else }}
+            - --{{ $key }}
+            {{- end }}
+        {{- end }}  
           env:
             - name: GROUP_NAME
               value: {{ .Values.groupName | quote }}

deploy/sthome-webhook/values.yaml

@@ -31,7 +31,7 @@ clusterIssuer:
 image:
   repository: stuurmcp/cert-manager-webhook-sthome
   #repository: wstat.sthome.net:5000/cert-manager-webhook-sthome
-  tag: 0.0.5-alpha.24
+  tag: 0.0.5-alpha.33
   #pullPolicy should be IfNotPresent. Set to Always for testing purposes
   pullPolicy: IfNotPresent
 
@@ -41,6 +41,10 @@ imageCredentials:
 nameOverride: ""
 fullnameOverride: ""
 
+extraArgs:
+ # dns1: 192.168.2.4
+ # dns2: 10.0.0.15
+
 replicaCount: 1
 
 pki:

pkg/dns/shell.go

@@ -2,6 +2,7 @@ package dns
 
 import (
 	"bytes"
+	"fmt"
 	"os/exec"
 
 	"k8s.io/klog/v2"
@@ -21,6 +22,7 @@ func Execute(shell string, arg ...string) (bool, error) {
 	}
 	if errb.String() != "" {
 		klog.Errorf("stderr:\n%s============\n", errb.String())
+		return false, fmt.Errorf("stderr:\n%q", errb.String())
 	}
 	klog.Infof("Script returned success\n")
 	return true, nil

pkg/dns/solver_local.go

@@ -92,8 +92,9 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error
 	err = loc.Check(ch.DNSName, ch.Key)
 	if err != nil {
 		klog.Infof("Check for propagation failed: %s", err)
+		return err
 	}
-	success, _ := Execute(
+	success, err := Execute(
 		Shell,
 		AcmeAuthCmd,
 		"set",
@@ -105,7 +106,7 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error
 		//"-v",
 	)
 	klog.Infof("Execute set TXT returned success: %t\n", success)
-	return nil
+	return err
 }
 
 // CleanUp should delete the relevant TXT record from the DNS provider console.
@@ -117,7 +118,7 @@ func (loc *LocalDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error
 func (loc *LocalDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error {
 	//domainName := extractDomainName(ch.ResolvedZone)
 	//localip := GetOutboundIP(Dnsserver_net)
-	success, _ := Execute(
+	success, err := Execute(
 		Shell,
 		AcmeAuthCmd,
 		"unset",
@@ -129,7 +130,7 @@ func (loc *LocalDNSProviderSolver) CleanUp(ch *v1alpha1.ChallengeRequest) error
 		//"-v",
 	)
 	klog.Infof("Execute unset TXT returned success: %t\n", success)
-	return nil
+	return err
 }
 
 // Initialize will be called when the webhook first starts.

pkg/util/wait.go

@@ -110,15 +110,19 @@ func checkDNSPropagation(fqdn, value string, nameservers []string,
 
 	var err error
 	fqdn, err = followCNAMEs(fqdn, nameservers)
+	//klog.Infof("PreCheckDNS: followCNAMEs returned fqdn: %s, err: %s", fqdn, err)
 	if err != nil {
 		return false, err
 	}
-
 	if !useAuthoritative {
-		return checkAuthoritativeNss(fqdn, value, nameservers)
+		var success bool
+		success, err = checkAuthoritativeNss(fqdn, value, nameservers)
+		//klog.Infof("PreCheckDNS: checkAuthoritativeNss returned success: %t, err: %s", success, err)
+		return success, err
 	}
 
 	authoritativeNss, err := lookupNameservers(fqdn, nameservers)
+	//klog.Infof("PreCheckDNS: lookupNameservers returned authoritativeNss: %s, err: %s", authoritativeNss, err)
 	if err != nil {
 		return false, err
 	}
@@ -133,18 +137,26 @@ func checkDNSPropagation(fqdn, value string, nameservers []string,
 func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, error) {
 	for _, ns := range nameservers {
 		r, err := DNSQuery(fqdn, dns.TypeTXT, []string{ns}, true)
+		//klog.Infof("checkAuthoritativeNss: DNSQuery returned \nr: %s, \nerr: %s", r, err)
 		if err != nil {
+			klog.Infof("checkAuthoritativeNss: DNSQuery failed")
 			return false, err
 		}
-
+		klog.Infof("checkAuthoritativeNss: DNSQuery succeeded with r.Rcode: %d", r.Rcode)
 		// NXDomain response is not really an error, just waiting for propagation to happen
 		if !(r.Rcode == dns.RcodeSuccess || r.Rcode == dns.RcodeNameError) {
+			//klog.Errorf("checkAuthoritativeNss: NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn)
 			return false, fmt.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn)
 		}
 
-		klog.Infof("Looking up TXT records for %q", fqdn)
+		klog.Infof("Looking up TXT records for %q, should be = %s", fqdn, value)
+		//klog.Infof("checkAuthoritativeNss: r.Answer: %s", r.Answer)
 		var found bool
+		var i = 0
 		for _, rr := range r.Answer {
+			i++
+			txt1, ok1 := rr.(*dns.TXT)
+			klog.Infof("checkAuthoritativeNss: Compare[%d]: ok: %t, query: %s, value: %s", i, ok1, txt1.Txt, value)
 			if txt, ok := rr.(*dns.TXT); ok {
 				if strings.Join(txt.Txt, "") == value {
 					found = true
@@ -394,7 +406,7 @@ func lookupNameservers(fqdn string, nameservers []string) ([]string, error) {
 	}
 
 	if len(authoritativeNss) > 0 {
-		klog.Infof("Returning authoritative nameservers [%s]", strings.Join(authoritativeNss, ", "))
+		//klog.Infof("Returning authoritative nameservers [%s]", strings.Join(authoritativeNss, ", "))
 		return authoritativeNss, nil
 	}
 	return nil, fmt.Errorf("could not determine authoritative nameservers for %q", fqdn)

version.txt

@@ -1,3 +1,3 @@
-0.0.5-alpha.24
+0.0.5-alpha.37
-20240409-1838
+20240411-0048
-24
+37