mw/kubernetes: warn about deprecating cidr (#858)

Add log statement pointing to replacement. remove cidr from README and use replacement syntax. Fixes #851
2017-08-08 05:05:34 -07:00 · 2017-08-08 05:05:34 -07:00 · c3705ec68c
commit c3705ec68c
parent be551f21a0
2 changed files with 66 additions and 70 deletions
--- a/middleware/kubernetes/README.md
+++ b/middleware/kubernetes/README.md
@ -1,24 +1,27 @@
 # kubernetes

-The *kubernetes* middleware enables the reading zone data from a Kubernetes cluster.  It implements the [Kubernetes DNS-Based Service Discovery Specification](https://github.com/kubernetes/dns/blob/master/docs/specification.md). 
+The *kubernetes* middleware enables the reading zone data from a Kubernetes cluster.  It implements
+the [Kubernetes DNS-Based Service Discovery
+Specification](https://github.com/kubernetes/dns/blob/master/docs/specification.md).

-CoreDNS running the kubernetes middleware can be used as a replacement of kube-dns in a kubernetes cluster.  See the [deployment](https://github.com/coredns/deployment) repository for details on [how to deploy CoreDNS in Kubernetes](https://github.com/coredns/deployment/tree/master/kubernetes).
+CoreDNS running the kubernetes middleware can be used as a replacement of kube-dns in a kubernetes
+cluster.  See the [deployment](https://github.com/coredns/deployment) repository for details on [how
+to deploy CoreDNS in Kubernetes](https://github.com/coredns/deployment/tree/master/kubernetes).

 ## Syntax

 ```
 kubernetes ZONE [ZONE...] [{
-	[resyncperiod DURATION]
-	[endpoint URL
-	[tls CERT KEY CACERT]]
-	[namespaces NAMESPACE [NAMESPACE...]]
-	[labels EXPRESSION]
-	[pods POD-MODE]
-	[cidrs CIDR [CIDR...]]
-	[upstream ADDRESS [ADDRESS...]]
-	[federation NAME DOMAIN]
-	[autopath [NDOTS [RESPONSE [RESOLV-CONF]]]
-	[fallthrough]
+	resyncperiod DURATION
+	endpoint URL
+	tls CERT KEY CACERT]
+	namespaces NAMESPACE [NAMESPACE...]
+	labels EXPRESSION
+	pods POD-MODE]
+	upstream ADDRESS [ADDRESS...]
+	federation NAME DOMAIN
+	autopath [NDOTS [RESPONSE [RESOLV-CONF]]
+	fallthrough
 }]
 ```

@ -107,20 +110,6 @@ specified).
 	}
  ```

-* `cidrs` **CIDR [CIDR...]**
-	
-  Expose cidr ranges to reverse lookups.  Include any number of space delimited cidrs, and/or multiple cidrs options on separate lines. The Kubernetes middleware will respond to PTR requests for ip addresses that fall within these ranges.
-
-  Example:
- 
- 
-  ```
-	kubernetes cluster.local. {
-		cidrs 10.0.0.0/24 10.0.10.0/25
-	}
- 
-  ```
-
 * `upstream` **ADDRESS [ADDRESS...]**

  Defines upstream resolvers used for resolving services that point to external hosts (External Services).  **ADDRESS** can be an ip, an ip:port, or a path to a file structured like resolv.conf.
@ -213,39 +202,41 @@ specified).

 	kubernetes cluster.local

-**Example 2:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes in-cluster. Handle all `PTR` requests in the `10.0.0.0/16` cidr block. Verify the existence of pods when answering pod requests.  Resolve upstream records against `10.102.3.10`. Enable the autopath feature.
+**Example 2:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes in-cluster.
+ Handle all `PTR` requests for `10.0.0.0/16` . Verify the existence of pods when answering pod
+ requests.  Resolve upstream records against `10.102.3.10`. Enable the autopath feature.

-	kubernetes cluster.local {
-		cidrs 10.0.0.0/16
-		pods verified
-		upstream 10.102.3.10:53
-		autopath
-	}
+    10.0.0.0/16 cluster.local {
+        kubernetes {
+            pods verified
+            upstream 10.102.3.10:53
+            autopath
+        }
+    }

-**Selective Exposure Example:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes in-cluster. Only expose objects in the test and staging namespaces. Handle all `PTR` requests that fall between `10.0.0.100` and `10.0.0.255` (expressed as CIDR blocks in the example below). Resolve upstream records using the servers configured in `/etc/resolv.conf`.
+**Selective Exposure Example:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes in-cluster. Only expose objects in the test and staging namespaces.
+  Resolve upstream records using the servers configured in `/etc/resolv.conf`.

 	kubernetes cluster.local {
 		namespaces test staging
-		cidrs 10.0.0.100/30 10.0.0.104/29
-		cidrs 10.0.0.112/28 10.0.0.128/25
-		upstream /etc/resolv.conf
-	}

-**Federation Example:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes in-cluster. Handle federated service requests in the `prod` and `stage` federations. Handle all `PTR` requests in the `10.0.0.0/24` cidr block. Resolve upstream records using the servers configured in `/etc/resolv.conf`.
+**Federation Example:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes in-cluster. Handle federated service requests in the `prod` and `stage` federations.
+  Resolve upstream records using the servers configured in `/etc/resolv.conf`.

-	kubernetes cluster.local {
-		federation prod prod.feddomain.com
-		federation stage stage.feddomain.com
-		cidrs 10.0.0.0/24
-		upstream /etc/resolv.conf
-	}
+    cluster.local {
+        kubernetes {
+		    federation prod prod.feddomain.com
+		    federation stage stage.feddomain.com
+		    upstream /etc/resolv.conf
+    	}
+    }

-**Out-Of-Cluster Example:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes from outside the cluster. Handle all `PTR` requests in the `10.0.0.0/24` cidr block. Verify the existence of pods when answering pod requests.  Resolve upstream records against `10.102.3.10`. Enable the autopath feature, using the `cluster.conf` file instead of `/etc/resolv.conf`.
+**Out-Of-Cluster Example:** Handle all queries in the `cluster.local` zone. Connect to Kubernetes from outside the cluster.
+  Verify the existence of pods when answering pod requests.  Resolve upstream records against `10.102.3.10`. Enable the autopath feature, using the `cluster.conf` file instead of `/etc/resolv.conf`.

 	kubernetes cluster.local {
 		endpoint https://k8s-endpoint:8443
 		tls cert key cacert
-		cidrs 10.0.0.0/24
 		pods verified
 		upstream 10.102.3.10:53
 		autopath 0 NOERROR cluster.conf
@ -253,7 +244,7 @@ specified).



-## Wildcards
+## Wildcard

 Some query labels accept a wildcard value to match any value.  If a label is a valid wildcard (\*, or the word "any"), then that label will match all values.  The labels that accept wildcards are:

--- a/middleware/kubernetes/setup.go
+++ b/middleware/kubernetes/setup.go
@ -3,6 +3,7 @@ package kubernetes
 import (
 	"errors"
 	"fmt"
+	"log"
 	"net"
 	"strconv"
 	"strings"
@ -95,6 +96,10 @@ func kubernetesParse(c *caddy.Controller) (*Kubernetes, error) {
 			for c.NextBlock() {
 				switch c.Val() {
 				case "cidrs":
+
+					// DEPRECATION WARNING
+					log.Printf("[WARNING] \"cidrs\" will be removed for CoreDNS soon. See https://coredns.io/2017/07/23/corefile-explained#reverse-zones for the replacement")
+
 					args := c.RemainingArgs()
 					if len(args) > 0 {
 						for _, cidrStr := range args {