TrueCloudLab/coredns
16
0
Fork 2
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

middleware/kubernetes: doc cleanup (#571)

Browse source 
Set of small cleanups.
This commit is contained in:
Miek Gieben 2017-03-06 11:42:59 +00:00 committed by GitHub
parent 1e4ba588dc
commit 12678ac5e2
4 changed files with 22 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

42
middleware/kubernetes/README.md
View file

@ -1,10 +1,8 @@
# kubernetes # kubernetes
*kubernetes* enables reading zone data from a kubernetes cluster. *kubernetes* enables reading zone data from a kubernetes cluster.
It implements the spec defined for kubernetes DNS-Based service discovery: It implements the [spec](https://github.com/kubernetes/dns/blob/master/docs/specification.md)
https://github.com/kubernetes/dns/blob/master/docs/specification.md defined for kubernetes DNS-Based service discovery:
Examples:
Service `A` records are constructed as "myservice.mynamespace.svc.coredns.local" where: Service `A` records are constructed as "myservice.mynamespace.svc.coredns.local" where:
@ -30,29 +28,29 @@ Endpoint `A` records are constructed as "epname.myservice.mynamespace.svc.coredn
Also supported are PTR and SRV records for services/endpoints. Also supported are PTR and SRV records for services/endpoints.
## Configuration Syntax ## Syntax
This is an example kubernetes middle configuration block, with all options described: This is an example kubernetes configuration block, with all options described:
``` ```
# kubernetes <zone> [<zone>] ... # kubernetes <zone> [<zone>] ...
# #
# Use kubernetes middleware for domain "coredns.local" # Use kubernetes middleware for domain "coredns.local"
# Reverse domain zones can be defined here (e.g. 0.0.10.in-addr.arpa), # Reverse domain zones can be defined here (e.g. 0.0.10.in-addr.arpa),
# or instead with the "cidrs" option. # or instead with the "cidrs" option.
# #
kubernetes coredns.local { kubernetes coredns.local {
# resyncperiod <period> # resyncperiod <period>
# #
# Kubernetes data API resync period. Default is 5m # Kubernetes data API resync period. Default is 5m
# Example values: 60s, 5m, 1h # Example values: 60s, 5m, 1h
# #
resyncperiod 5m resyncperiod 5m
# endpoint <url> # endpoint <url>
# #
# Use url for a remote k8s API endpoint. If omitted, it will connect to # Use url for a remote k8s API endpoint. If omitted, it will connect to
# k8s in-cluster using the cluster service account. # k8s in-cluster using the cluster service account.
# #
endpoint https://k8s-endpoint:8080 endpoint https://k8s-endpoint:8080
@ -64,14 +62,14 @@ kubernetes coredns.local {
# specified). # specified).
# #
tls cert key cacert tls cert key cacert
# namespaces <namespace> [<namespace>] ... # namespaces <namespace> [<namespace>] ...
# #
# Only expose the k8s namespaces listed. If this option is omitted # Only expose the k8s namespaces listed. If this option is omitted
# all namespaces are exposed # all namespaces are exposed
# #
namespaces demo namespaces demo
# lables <expression> [,<expression>] ... # lables <expression> [,<expression>] ...
# #
# Only expose the records for kubernetes objects # Only expose the records for kubernetes objects
@ -82,25 +80,25 @@ kubernetes coredns.local {
# "application=nginx" in the staging or qa environments. # "application=nginx" in the staging or qa environments.
# #
labels environment in (staging, qa),application=nginx labels environment in (staging, qa),application=nginx
# pods <disabled|insecure|verified> # pods <disabled|insecure|verified>
# #
# Set the mode of responding to pod A record requests. # Set the mode of responding to pod A record requests.
# e.g 1-2-3-4.ns.pod.zone. This option is provided to allow use of # e.g 1-2-3-4.ns.pod.zone. This option is provided to allow use of
# SSL certs when connecting directly to pods. # SSL certs when connecting directly to pods.
# Valid values: disabled, verified, insecure # Valid values: disabled, verified, insecure
# disabled: Do not process pod requests, always returning NXDOMAIN # disabled: Do not process pod requests, always returning NXDOMAIN
# insecure: Always return an A record with IP from request (without # insecure: Always return an A record with IP from request (without
# checking k8s). This option is is vulnerable to abuse if # checking k8s). This option is is vulnerable to abuse if
# used maliciously in conjuction with wildcard SSL certs. # used maliciously in conjuction with wildcard SSL certs.
# verified: Return an A record if there exists a pod in same # verified: Return an A record if there exists a pod in same
# namespace with matching IP. This option requires # namespace with matching IP. This option requires
# substantially more memory than in insecure mode, since it # substantially more memory than in insecure mode, since it
# will maintain a watch on all pods. # will maintain a watch on all pods.
# Default value is "disabled". # Default value is "disabled".
# #
pods disabled pods disabled
# cidrs <cidr> [<cidr>] ... # cidrs <cidr> [<cidr>] ...
# #
# Expose cidr ranges to reverse lookups. Include any number of space # Expose cidr ranges to reverse lookups. Include any number of space
@ -109,15 +107,15 @@ kubernetes coredns.local {
# that fall within these ranges. # that fall within these ranges.
# #
cidrs 10.0.0.0/24 10.0.10.0/25 cidrs 10.0.0.0/24 10.0.10.0/25
} }
``` ```
## Wildcards ## Wildcards
Some query labels accept a wildcard value to match any value. Some query labels accept a wildcard value to match any value.
If a label is a valid wildcard (\*, or the word "any"), then that label will match If a label is a valid wildcard (\*, or the word "any"), then that label will match
all values. The labels that accept wildcards are: all values. The labels that accept wildcards are:
* _service_ in an `A` record request: _service_.namespace.svc.zone. * _service_ in an `A` record request: _service_.namespace.svc.zone.
* e.g. `*.ns.svc.myzone.local` * e.g. `*.ns.svc.myzone.local`

2
middleware/kubernetes/handler.go
View file

@ -45,7 +45,7 @@ func (k Kubernetes) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.M
) )
switch state.Type() { switch state.Type() {
case "A": case "A":
records, _, err = middleware.A(&k, zone, state, nil, middleware.Options{}) // Hmm wrt to '&k' records, _, err = middleware.A(&k, zone, state, nil, middleware.Options{})
case "AAAA": case "AAAA":
records, _, err = middleware.AAAA(&k, zone, state, nil, middleware.Options{}) records, _, err = middleware.AAAA(&k, zone, state, nil, middleware.Options{})
case "TXT": case "TXT":

4
middleware/kubernetes/kubernetes.go
View file

@ -151,9 +151,7 @@ func (k *Kubernetes) IsNameError(err error) bool {
} }
// Debug implements the ServiceBackend interface. // Debug implements the ServiceBackend interface.
func (k *Kubernetes) Debug() string { func (k *Kubernetes) Debug() string { return "debug" }
return "debug"
}
func (k *Kubernetes) getClientConfig() (*rest.Config, error) { func (k *Kubernetes) getClientConfig() (*rest.Config, error) {
// For a custom api server or running outside a k8s cluster // For a custom api server or running outside a k8s cluster

3
middleware/kubernetes/kubernetes_test.go
View file

@ -84,7 +84,6 @@ func TestParseRequest(t *testing.T) {
} }
// Test A request of endpoint // Test A request of endpoint
//
query = "1-2-3-4.webs.mynamespace.svc.inter.webs.test." query = "1-2-3-4.webs.mynamespace.svc.inter.webs.test."
r, e = k.parseRequest(query, "A") r, e = k.parseRequest(query, "A")
if e != nil { if e != nil {
@ -104,8 +103,6 @@ func TestParseRequest(t *testing.T) {
} }
// Invalid query tests // Invalid query tests
//
invalidAQueries := []string{ invalidAQueries := []string{
"_http._tcp.webs.mynamespace.svc.inter.webs.test.", // A requests cannot have port or protocol "_http._tcp.webs.mynamespace.svc.inter.webs.test.", // A requests cannot have port or protocol
"servname.ns1.srv.inter.nets.test.", // A requests must have zone that matches corefile "servname.ns1.srv.inter.nets.test.", // A requests must have zone that matches corefile