TrueCloudLab/coredns
16
0
Fork 2
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

mw/kubernetes: warn about deprecating cidr (#858)

Browse source 
Add log statement pointing to replacement.
remove cidr from README and use replacement syntax.

Fixes #851
This commit is contained in:
Miek Gieben 2017-08-08 05:05:34 -07:00 committed by GitHub
parent be551f21a0
commit c3705ec68c
2 changed files with 66 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

89
middleware/kubernetes/README.md
View file

@ -1,24 +1,27 @@
# kubernetes # kubernetes
The *kubernetes* middleware enables the reading zone data from a Kubernetes cluster. It implements the [Kubernetes DNS-Based Service Discovery Specification](https://github.com/kubernetes/dns/blob/master/docs/specification.md). The *kubernetes* middleware enables the reading zone data from a Kubernetes cluster. It implements
the [Kubernetes DNS-Based Service Discovery
Specification](https://github.com/kubernetes/dns/blob/master/docs/specification.md).
CoreDNS running the kubernetes middleware can be used as a replacement of kube-dns in a kubernetes cluster. See the [deployment](https://github.com/coredns/deployment) repository for details on [how to deploy CoreDNS in Kubernetes](https://github.com/coredns/deployment/tree/master/kubernetes). CoreDNS running the kubernetes middleware can be used as a replacement of kube-dns in a kubernetes
cluster. See the [deployment](https://github.com/coredns/deployment) repository for details on [how
to deploy CoreDNS in Kubernetes](https://github.com/coredns/deployment/tree/master/kubernetes).
## Syntax ## Syntax
``` ```
kubernetes ZONE [ZONE...] [{ kubernetes ZONE [ZONE...] [{
[resyncperiod DURATION] resyncperiod DURATION
[endpoint URL endpoint URL
[tls CERT KEY CACERT]] tls CERT KEY CACERT]
[namespaces NAMESPACE [NAMESPACE...]] namespaces NAMESPACE [NAMESPACE...]
[labels EXPRESSION] labels EXPRESSION
[pods POD-MODE] pods POD-MODE]
[cidrs CIDR [CIDR...]] upstream ADDRESS [ADDRESS...]
[upstream ADDRESS [ADDRESS...]] federation NAME DOMAIN
[federation NAME DOMAIN] autopath [NDOTS [RESPONSE [RESOLV-CONF]]
[autopath [NDOTS [RESPONSE [RESOLV-CONF]]] fallthrough
[fallthrough]
}] }]
``` ```
@ -107,20 +110,6 @@ specified).
} }
``` ```
* `cidrs` **CIDR [CIDR...]**
Expose cidr ranges to reverse lookups. Include any number of space delimited cidrs, and/or multiple cidrs options on separate lines. The Kubernetes middleware will respond to PTR requests for ip addresses that fall within these ranges.
Example:
```
kubernetes cluster.local. {
cidrs 10.0.0.0/24 10.0.10.0/25
}
```
* `upstream` **ADDRESS [ADDRESS...]** * `upstream` **ADDRESS [ADDRESS...]**
Defines upstream resolvers used for resolving services that point to external hosts (External Services). **ADDRESS** can be an ip, an ip:port, or a path to a file structured like resolv.conf. Defines upstream resolvers used for resolving services that point to external hosts (External Services). **ADDRESS** can be an ip, an ip:port, or a path to a file structured like resolv.conf.
@ -213,39 +202,41 @@ specified).
kubernetes cluster.local kubernetes cluster.local
**Example 2:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes in-cluster. Handle all `PTR` requests in the `10.0.0.0/16` cidr block. Verify the existence of pods when answering pod requests. Resolve upstream records against `10.102.3.10`. Enable the autopath feature. **Example 2:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes in-cluster.
Handle all `PTR` requests for `10.0.0.0/16` . Verify the existence of pods when answering pod
requests. Resolve upstream records against `10.102.3.10`. Enable the autopath feature.
kubernetes cluster.local { 10.0.0.0/16 cluster.local {
cidrs 10.0.0.0/16 kubernetes {
pods verified pods verified
upstream 10.102.3.10:53 upstream 10.102.3.10:53
autopath autopath
} }
}
**Selective Exposure Example:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes in-cluster. Only expose objects in the test and staging namespaces. Handle all `PTR` requests that fall between `10.0.0.100` and `10.0.0.255` (expressed as CIDR blocks in the example below). Resolve upstream records using the servers configured in `/etc/resolv.conf`. **Selective Exposure Example:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes in-cluster. Only expose objects in the test and staging namespaces.
Resolve upstream records using the servers configured in `/etc/resolv.conf`.
kubernetes cluster.local { kubernetes cluster.local {
namespaces test staging namespaces test staging
cidrs 10.0.0.100/30 10.0.0.104/29
cidrs 10.0.0.112/28 10.0.0.128/25
upstream /etc/resolv.conf
}
**Federation Example:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes in-cluster. Handle federated service requests in the `prod` and `stage` federations. Handle all `PTR` requests in the `10.0.0.0/24` cidr block. Resolve upstream records using the servers configured in `/etc/resolv.conf`. **Federation Example:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes in-cluster. Handle federated service requests in the `prod` and `stage` federations.
Resolve upstream records using the servers configured in `/etc/resolv.conf`.
kubernetes cluster.local { cluster.local {
federation prod prod.feddomain.com kubernetes {
federation stage stage.feddomain.com federation prod prod.feddomain.com
cidrs 10.0.0.0/24 federation stage stage.feddomain.com
upstream /etc/resolv.conf upstream /etc/resolv.conf
} }
}
**Out-Of-Cluster Example:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes from outside the cluster. Handle all `PTR` requests in the `10.0.0.0/24` cidr block. Verify the existence of pods when answering pod requests. Resolve upstream records against `10.102.3.10`. Enable the autopath feature, using the `cluster.conf` file instead of `/etc/resolv.conf`. **Out-Of-Cluster Example:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes from outside the cluster.
Verify the existence of pods when answering pod requests. Resolve upstream records against `10.102.3.10`. Enable the autopath feature, using the `cluster.conf` file instead of `/etc/resolv.conf`.
kubernetes cluster.local { kubernetes cluster.local {
endpoint https://k8s-endpoint:8443 endpoint https://k8s-endpoint:8443
tls cert key cacert tls cert key cacert
cidrs 10.0.0.0/24
pods verified pods verified
upstream 10.102.3.10:53 upstream 10.102.3.10:53
autopath 0 NOERROR cluster.conf autopath 0 NOERROR cluster.conf
@ -253,7 +244,7 @@ specified).
## Wildcards ## Wildcard
Some query labels accept a wildcard value to match any value. If a label is a valid wildcard (\*, or the word "any"), then that label will match all values. The labels that accept wildcards are: Some query labels accept a wildcard value to match any value. If a label is a valid wildcard (\*, or the word "any"), then that label will match all values. The labels that accept wildcards are:

5
middleware/kubernetes/setup.go
View file

@ -3,6 +3,7 @@ package kubernetes
import ( import (
"errors" "errors"
"fmt" "fmt"
"log"
"net" "net"
"strconv" "strconv"
"strings" "strings"
@ -95,6 +96,10 @@ func kubernetesParse(c *caddy.Controller) (*Kubernetes, error) {
for c.NextBlock() { for c.NextBlock() {
switch c.Val() { switch c.Val() {
case "cidrs": case "cidrs":
// DEPRECATION WARNING
log.Printf("[WARNING] \"cidrs\" will be removed for CoreDNS soon. See https://coredns.io/2017/07/23/corefile-explained#reverse-zones for the replacement")
args := c.RemainingArgs() args := c.RemainingArgs()
if len(args) > 0 { if len(args) > 0 {
for _, cidrStr := range args { for _, cidrStr := range args {