TrueCloudLab/coredns
16
0
Fork 2
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

plugin/kubernetes: fix pod insecure mode (#1354)

Browse source 
Fixes #1331
This commit is contained in:
Miek Gieben 2018-01-06 15:56:54 +00:00 committed by GitHub
parent a8e268e33b
commit 75a8a17da4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 36 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
plugin/backend.go
View file

@ -9,8 +9,8 @@ import (
// ServiceBackend defines a (dynamic) backend that returns a slice of service definitions. // ServiceBackend defines a (dynamic) backend that returns a slice of service definitions.
type ServiceBackend interface { type ServiceBackend interface {
// Services communicates with the backend to retrieve the service definition. Exact indicates // Services communicates with the backend to retrieve the service definitions. Exact indicates
// on exact much are that we are allowed to recurs. // on exact match should be returned.
Services(state request.Request, exact bool, opt Options) ([]msg.Service, error) Services(state request.Request, exact bool, opt Options) ([]msg.Service, error)
// Reverse communicates with the backend to retrieve service definition based on a IP address // Reverse communicates with the backend to retrieve service definition based on a IP address

28
plugin/kubernetes/handler_pod_insecure_test.go
View file

@ -25,6 +25,27 @@ var podModeInsecureCases = []test.Case{
test.A("172-0-0-2.podns.pod.cluster.local. 5 IN A 172.0.0.2"), test.A("172-0-0-2.podns.pod.cluster.local. 5 IN A 172.0.0.2"),
}, },
}, },
{
Qname: "blah.podns.pod.cluster.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeNameError,
Ns: []dns.RR{
test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"),
},
},
{
Qname: "blah.podns.pod.cluster.local.", Qtype: dns.TypeAAAA,
Rcode: dns.RcodeNameError,
Ns: []dns.RR{
test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"),
},
},
{
Qname: "blah.podns.pod.cluster.local.", Qtype: dns.TypeHINFO,
Rcode: dns.RcodeNameError,
Ns: []dns.RR{
test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"),
},
},
{ {
Qname: "blah.pod-nons.pod.cluster.local.", Qtype: dns.TypeA, Qname: "blah.pod-nons.pod.cluster.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeNameError, Rcode: dns.RcodeNameError,
@ -32,6 +53,13 @@ var podModeInsecureCases = []test.Case{
test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"), test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"),
}, },
}, },
{
Qname: "podns.pod.cluster.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeNameError,
Ns: []dns.RR{
test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"),
},
},
} }
func TestServeDNSModeInsecure(t *testing.T) { func TestServeDNSModeInsecure(t *testing.T) {

6
plugin/kubernetes/kubernetes.go
View file

@ -321,6 +321,12 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service,
if !wildcard(namespace) && !k.namespace(namespace) { // no wildcard, but namespace does not exist if !wildcard(namespace) && !k.namespace(namespace) { // no wildcard, but namespace does not exist
return nil, errNoItems return nil, errNoItems
} }
// If ip does not parse as an IP address, we return an error, otherwise we assume a CNAME and will try to resolve it in backend_lookup.go
if net.ParseIP(ip) == nil {
return nil, errNoItems
}
return []msg.Service{{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl}}, err return []msg.Service{{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl}}, err
} }