Bug 1772804

Summary: [Azure] Use of DNS private zones from the preview resource model
Product: OpenShift Container Platform Reporter: Nils <nils>
Component: NetworkingAssignee: Dan Mace <dmace>
Networking sub component: router QA Contact: Hongan Li <hongli>
Status: CLOSED ERRATA Docs Contact:
Severity: unspecified    
Priority: unspecified CC: aos-bugs
Version: 4.2.0   
Target Milestone: ---   
Target Release: 4.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-01-23 11:12:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1788707    

Description Nils 2019-11-15 08:39:01 UTC 
Description of problem:

The installer creates an internal DNS zone, using a preview resource model. This should be updated to use the GA resource model. Microsoft is sending out "Action required" emails, asking users to switch to the new model.

Steps to Reproduce:

Using the az command-line utility:

az network dns zone list --query "[?zoneType=='Private']"
Name                             Location    MaxNumberOfRecordSets    NumberOfRecordSets    ZoneType    ResourceGroup
-------------------------------  ----------  -----------------------  --------------------  ----------  -------------------
dev03.clusters.redacted       global      10000                    8                     Private     dev03-p999d-rg
mothership.clusters.redacted  global      10000                    8                     Private     mothership-tXXX4-rg


Expected results:

The "private-dns" resource should be used

az network private-dns zone list
--> Expect to see zones here


Additional info:

I have received the following email from Microsoft:

 Migrate Azure DNS private zones from the preview resource model to the GA resource model

You're receiving this email because you are using one or more Azure DNS private zones that were created using the preview resource model (API version 2018-03-01-preview).

During public preview, private DNS zones were created using dnszones resource with zoneType property set to Private. Support for these zones will be retired on December 31, 2019 and must be migrated to GA resource model. The GA resource model makes use of privateDnsZones resource type instead of dnszones.

After December 31, 2019, these zones will be automatically migrated to the GA resource model and you will not be able to use the preview resource model/API/SDK to interact with these zones.

To find out the dnszones resources that require migration; execute the below command in Azure CLI. Substitute the subscription ID(s) listed in the Account Information section of this email in these commands.

az account set --subscription <SubscriptionId>

az network dns zone list --query "[?zoneType=='Private']"

Required Action

1. Please delete the private DNS zone if it is no longer required and was created only for evaluation or testing purposes.

2. If the private DNS zones are in use please follow the step by step instructions provided in our migration guide to migrate the preview DNS zones to latest resource model.

3. Start using privateDnsZones resource instead of dnszones resource.

4. Update your automations (scripts/templates) to use API version 2018-09-01 and switch to the latest CLI/PowerShell/SDKs.

More Information

If you have questions, please contact us.


---

The migration guide can be found here: https://docs.microsoft.com/azure/dns/private-dns-migration-guide
Comment 1 Dan Mace 2019-11-18 14:28:47 UTC 
Already fixed in 4.3 by https://github.com/openshift/cluster-ingress-operator/pull/300
Comment 3 Hongan Li 2019-11-19 07:15:40 UTC 
verified with 4.3.0-0.nightly-2019-11-18-175710 and issue has been fixed.

$ oc get dnsrecords/default-wildcard -o yaml -n openshift-ingress-operator
<---snip--->
status:
  zones:
  - dnsZone:
      id: /subscriptions/xxxxxxxx/resourceGroups/hongli-az710-n9lzj-rg/providers/Microsoft.Network/privateDnsZones/hongli-az710.qe.azure.devcluster.openshift.com
  - dnsZone:
      id: /subscriptions/xxxxxxxx/resourceGroups/os4-common/providers/Microsoft.Network/dnszones/qe.azure.devcluster.openshift.com
Comment 5 errata-xmlrpc 2020-01-23 11:12:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0062