diff --git a/middleware/kubernetes/handler.go b/middleware/kubernetes/handler.go index 12277911a..3efe6e722 100644 --- a/middleware/kubernetes/handler.go +++ b/middleware/kubernetes/handler.go @@ -26,11 +26,15 @@ func (k Kubernetes) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.M // otherwise delegate to the next in the pipeline. zone := middleware.Zones(k.Zones).Matches(state.Name()) if zone == "" { - // If this is a PTR request, and a the request is in a defined - // pod/service cidr range, process the request in this middleware, - // otherwise pass to next middleware. - if state.Type() != "PTR" || !k.IsRequestInReverseRange(state) { - return middleware.NextOrFailure(k.Name(), k.Next, ctx, w, r) + if state.Type() == "PTR" { + // If this is a PTR request, and a the request is in a defined + // pod/service cidr range, process the request in this middleware, + // otherwise pass to next middleware. + if !k.IsRequestInReverseRange(state) { + return middleware.NextOrFailure(k.Name(), k.Next, ctx, w, r) + } + // Set the zone to this specific request. + zone = state.Name() } } diff --git a/middleware/kubernetes/kubernetes.go b/middleware/kubernetes/kubernetes.go index 8c4e08e5d..f5d3d55be 100644 --- a/middleware/kubernetes/kubernetes.go +++ b/middleware/kubernetes/kubernetes.go @@ -508,7 +508,7 @@ func (k *Kubernetes) getServiceRecordForIP(ip, name string) []msg.Service { return nil } for _, service := range svcList { - if !dnsstrings.StringInSlice(service.Namespace, k.Namespaces) { + if (len(k.Namespaces) > 0) && !dnsstrings.StringInSlice(service.Namespace, k.Namespaces) { continue } if service.Spec.ClusterIP == ip { @@ -522,7 +522,7 @@ func (k *Kubernetes) getServiceRecordForIP(ip, name string) []msg.Service { return nil } for _, ep := range epList.Items { - if !dnsstrings.StringInSlice(ep.ObjectMeta.Namespace, k.Namespaces) { + if (len(k.Namespaces) > 0) && !dnsstrings.StringInSlice(ep.ObjectMeta.Namespace, k.Namespaces) { continue } for _, eps := range ep.Subsets { diff --git a/middleware/proxy/google.go b/middleware/proxy/google.go index b2a3b45f8..5efb84960 100644 --- a/middleware/proxy/google.go +++ b/middleware/proxy/google.go @@ -126,13 +126,7 @@ func (g *google) OnStartup(p *Proxy) error { new, err := g.bootstrapProxy.Lookup(state, g.endpoint, dns.TypeA) - oldUpstream := *p.Upstreams - oldFrom := "" - var oldEx Exchanger - if len(oldUpstream) > 0 { - oldFrom = oldUpstream[0].From() - oldEx = oldUpstream[0].Exchanger() - } + var oldUpstream Upstream // ignore errors here, as we want to keep on trying. if err != nil { @@ -143,8 +137,13 @@ func (g *google) OnStartup(p *Proxy) error { log.Printf("[WARNING] Failed to bootstrap A records %q: %s", g.endpoint, err) } - up := newUpstream(addrs, oldFrom, oldEx) - p.Upstreams = &[]Upstream{up} + if len(*p.Upstreams) > 0 { + oldUpstream = (*p.Upstreams)[0] + up := newUpstream(addrs, oldUpstream.(*staticUpstream)) + p.Upstreams = &[]Upstream{up} + } else { + log.Printf("[WARNING] Failed to bootstrap upstreams %q", g.endpoint) + } } go func() { @@ -164,8 +163,11 @@ func (g *google) OnStartup(p *Proxy) error { continue } - up := newUpstream(addrs, oldFrom, oldEx) - p.Upstreams = &[]Upstream{up} + // TODO(miek): can this actually happen? + if oldUpstream != nil { + up := newUpstream(addrs, oldUpstream.(*staticUpstream)) + p.Upstreams = &[]Upstream{up} + } } case <-g.quit: @@ -195,15 +197,17 @@ func extractAnswer(m *dns.Msg) ([]string, error) { } // newUpstream returns an upstream initialized with hosts. -func newUpstream(hosts []string, from string, ex Exchanger) Upstream { +func newUpstream(hosts []string, old *staticUpstream) Upstream { upstream := &staticUpstream{ - from: from, - Hosts: nil, - Policy: &Random{}, - Spray: nil, - FailTimeout: 10 * time.Second, - MaxFails: 3, - ex: ex, + from: old.from, + Hosts: nil, + Policy: &Random{}, + Spray: nil, + FailTimeout: 10 * time.Second, + MaxFails: 3, + ex: old.ex, + WithoutPathPrefix: old.WithoutPathPrefix, + IgnoredSubDomains: old.IgnoredSubDomains, } upstream.Hosts = make([]*UpstreamHost, len(hosts)) diff --git a/middleware/proxy/upstream.go b/middleware/proxy/upstream.go index ce3c085f6..b269544e2 100644 --- a/middleware/proxy/upstream.go +++ b/middleware/proxy/upstream.go @@ -281,11 +281,11 @@ func (u *staticUpstream) Select() *UpstreamHost { } func (u *staticUpstream) IsAllowedDomain(name string) bool { - for _, ignoredSubDomain := range u.IgnoredSubDomains { - if dns.Name(name) == dns.Name(u.From()) { - return true - } + if dns.Name(name) == dns.Name(u.From()) { + return true + } + for _, ignoredSubDomain := range u.IgnoredSubDomains { if middleware.Name(ignoredSubDomain).Matches(name) { return false } diff --git a/test/kubernetes_test.go b/test/kubernetes_test.go index 530051f0a..fd38c2e03 100644 --- a/test/kubernetes_test.go +++ b/test/kubernetes_test.go @@ -315,6 +315,42 @@ var dnsTestCasesPartialCidrReverseZone = []test.Case{ }, } +var dnsTestCasesAllNSExposed = []test.Case{ + { + Qname: "svc-1-a.test-1.svc.cluster.local.", Qtype: dns.TypeA, + Rcode: dns.RcodeSuccess, + Answer: []dns.RR{ + test.A("svc-1-a.test-1.svc.cluster.local. 303 IN A 10.0.0.100"), + }, + }, + { + Qname: "svc-c.test-2.svc.cluster.local.", Qtype: dns.TypeA, + Rcode: dns.RcodeSuccess, + Answer: []dns.RR{ + test.A("svc-c.test-1.svc.cluster.local. 303 IN A 10.0.0.120"), + }, + }, + { + Qname: "123.0.0.10.in-addr.arpa.", Qtype: dns.TypePTR, + Rcode: dns.RcodeSuccess, + Answer: []dns.RR{}, + }, + { + Qname: "100.0.0.10.in-addr.arpa.", Qtype: dns.TypePTR, + Rcode: dns.RcodeSuccess, + Answer: []dns.RR{ + test.PTR("100.0.0.10.in-addr.arpa. 303 IN PTR svc-1-a.test-1.svc.cluster.local."), + }, + }, + { + Qname: "120.0.0.10.in-addr.arpa.", Qtype: dns.TypePTR, + Rcode: dns.RcodeSuccess, + Answer: []dns.RR{ + test.PTR("120.0.0.10.in-addr.arpa. 303 IN PTR svc-c.test-2.svc.cluster.local."), + }, + }, +} + func createTestServer(t *testing.T, corefile string) (*caddy.Instance, string) { server, err := CoreDNSServer(corefile) if err != nil { @@ -424,3 +460,14 @@ func TestKubernetesIntegrationPartialCidrReverseZone(t *testing.T) { ` doIntegrationTests(t, corefile, dnsTestCasesPartialCidrReverseZone) } + +func TestKubernetesIntegrationAllNSExposed(t *testing.T) { + corefile := + `.:0 { + kubernetes cluster.local { + endpoint http://localhost:8080 + cidrs 10.0.0.0/24 + } +` + doIntegrationTests(t, corefile, dnsTestCasesAllNSExposed) +}