TrueCloudLab/coredns
16
0
Fork 2
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Error out when multiple https endpoints are specified. (#2438)

Browse source 
This fix will error out when multiple https endpoints are specified,
as additional work is needed to support beyond http.

This fix fixes 1464.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This commit is contained in:
Yong Tang 2019-01-07 09:28:03 -08:00 committed by GitHub
parent 06efc07f46
commit 53d1afbaf2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 26 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
plugin/kubernetes/README.md
View file

@ -52,8 +52,9 @@ kubernetes [ZONES...] {
* `endpoint` specifies the **URL** for a remote k8s API endpoint. * `endpoint` specifies the **URL** for a remote k8s API endpoint.
If omitted, it will connect to k8s in-cluster using the cluster service account. If omitted, it will connect to k8s in-cluster using the cluster service account.
Multiple k8s API endpoints could be specified: Multiple k8s API endpoints could be specified:
`endpoint http://k8s-endpoint1:8080 http://k8s-endpoint2:8080`. CoreDNS `endpoint http://k8s-endpoint1:8080 http://k8s-endpoint2:8080`.
will automatically perform a healthcheck and proxy to the healthy k8s API endpoint. CoreDNS will automatically perform a healthcheck and proxy to the healthy k8s API endpoint.
Note that only http is supported when more than one k8s API endpoints are specified at the moment.
* `tls` **CERT** **KEY** **CACERT** are the TLS cert, key and the CA cert file names for remote k8s connection. * `tls` **CERT** **KEY** **CACERT** are the TLS cert, key and the CA cert file names for remote k8s connection.
This option is ignored if connecting in-cluster (i.e. endpoint is not specified). This option is ignored if connecting in-cluster (i.e. endpoint is not specified).
* `kubeconfig` **KUBECONFIG** **CONTEXT** authenticates the connection to a remote k8s cluster using a kubeconfig file. It supports TLS, username and password, or token-based authentication. This option is ignored if connecting in-cluster (i.e., the endpoint is not specified). * `kubeconfig` **KUBECONFIG** **CONTEXT** authenticates the connection to a remote k8s cluster using a kubeconfig file. It supports TLS, username and password, or token-based authentication. This option is ignored if connecting in-cluster (i.e., the endpoint is not specified).

9
plugin/kubernetes/setup.go
View file

@ -196,6 +196,15 @@ func ParseStanza(c *caddy.Controller) (*Kubernetes, error) {
args := c.RemainingArgs() args := c.RemainingArgs()
if len(args) > 0 { if len(args) > 0 {
k8s.APIServerList = args k8s.APIServerList = args
if len(args) > 1 {
// If multiple endoints specified, then only http allowed
for i := range args {
parts := strings.SplitN(args[i], "://", 2)
if len(parts) == 2 && parts[0] != "http" {
return nil, fmt.Errorf("multiple endpoints can only accept http, found: %v", args[i])
}
}
}
continue continue
} }
return nil, c.ArgErr() return nil, c.ArgErr()

14
plugin/kubernetes/setup_test.go
View file

@ -439,6 +439,20 @@ kubernetes cluster.local`,
fall.Zero, fall.Zero,
nil, nil,
}, },
{
`kubernetes coredns.local {
endpoint http://localhost:9090 https://localhost:9091
}`,
true,
"multiple endpoints can only accept http",
-1,
-1,
defaultResyncPeriod,
"",
podModeDisabled,
fall.Zero,
nil,
},
} }
for i, test := range tests { for i, test := range tests {