TrueCloudLab/coredns
16
0
Fork 2
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

kw/middleware: compress the README (#889)

Browse source 
Remove the examples, save one in the syntax section. The example
section covers all.

This brings the kubernetes README inline with other READMEs.
This commit is contained in:
Miek Gieben 2017-08-10 22:47:09 +01:00 committed by GitHub
parent a38a34c7e0
commit c65fdb5fc3
1 changed files with 31 additions and 112 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

141
middleware/kubernetes/README.md
View file

@ -24,120 +24,39 @@ kubernetes ZONE [ZONE...] [
} }
``` ```
* `resyncperiod` **DURATION** * `resyncperiod` specifies the Kubernetes data API **DURATION** period.
* `endpoint` specifies the **URL** for a remove k8s API endpoint.
The Kubernetes data API resynchronization period. Default is 5m. Example values: 60s, 5m, 1h If omitted, it will connect to k8s in-cluster using the cluster service account.
* `tls` **CERT** **KEY** **CACERT** are the TLS cert, key and the CA cert file names for remote k8s connection.
Example: This option is ignored if connecting in-cluster (i.e. endpoint is not specified).
* `namespaces` **NAMESPACE [NAMESPACE...]**, exposed only the k8s namespaces listed.
``` If this option is omitted all namespaces are exposed
kubernetes cluster.local. { * `labels` **EXPRESSION** only exposes the records for Kubernetes objects that match this label selector.
resyncperiod 15m The label selector syntax is described in the
} [Kubernetes User Guide - Labels](http://kubernetes.io/docs/user-guide/labels/). An example that
``` only exposes objects labeled as "application=nginx" in the "staging" or "qa" environments, would
use: `labels environment in (staging, qa),application=nginx`.
* `endpoint` **URL** * `pods` **POD-MODE** sets the mode for handling IP-based pod A records, e.g.
`1-2-3-4.ns.pod.cluster.local. in A 1.2.3.4`.
Use **URL** for a remote k8s API endpoint. If omitted, it will connect to k8s in-cluster using the cluster service account. This option is provided to facilitate use of SSL certs when connecting directly to pods. Valid
values for **POD-MODE**:
Example:
```
kubernetes cluster.local. {
endpoint http://k8s-endpoint:8080
}
```
* `tls` **CERT** **KEY** **CACERT**
The TLS cert, key and the CA cert file names for remote k8s connection. This option is ignored if connecting in-cluster (i.e. endpoint is not
specified).
Example:
```
kubernetes cluster.local. {
endpoint https://k8s-endpoint:8443
tls cert key cacert
}
```
* `namespaces` **NAMESPACE [NAMESPACE...]**
Only expose the k8s namespaces listed. If this option is omitted all namespaces are exposed
Example:
```
kubernetes cluster.local. {
namespaces demo default
}
```
* `labels` **EXPRESSION**
Only expose the records for Kubernetes objects that match this label selector. The label selector syntax is described in the [Kubernetes User Guide - Labels](http://kubernetes.io/docs/user-guide/labels/).
Example:
The following example only exposes objects labeled as "application=nginx" in the "staging" or "qa" environments.
```
kubernetes cluster.local. {
labels environment in (staging, qa),application=nginx
}
```
* `pods` **POD-MODE**
Set the mode for handling IP-based pod A records, e.g. `1-2-3-4.ns.pod.cluster.local. in A 1.2.3.4`. This option is provided to facilitate use of SSL certs when connecting directly to pods.
Valid values for **POD-MODE**:
* `disabled`: Default. Do not process pod requests, always returning `NXDOMAIN` * `disabled`: Default. Do not process pod requests, always returning `NXDOMAIN`
* `insecure`: Always return an A record with IP from request (without checking k8s). This option
is is vulnerable to abuse if used maliciously in conjunction with wildcard SSL certs. This
option is provided for backward compatibility with kube-dns.
* `verified`: Return an A record if there exists a pod in same namespace with matching IP. This
option requires substantially more memory than in insecure mode, since it will maintain a watch
on all pods.
* `insecure`: Always return an A record with IP from request (without checking k8s). This option is is vulnerable to abuse if used maliciously in conjunction with wildcard SSL certs. This option is provided for backward compatibility with kube-dns. * `upstream` **ADDRESS [ADDRESS...]** defines the upstream resolvers used for resolving services
that point to external hosts (External Services). **ADDRESS** can be an ip, an ip:port, or a path
* `verified`: Return an A record if there exists a pod in same namespace with matching IP. This option requires substantially more memory than in insecure mode, since it will maintain a watch on all pods. to a file structured like resolv.conf.
* `federation` **NAME DOMAIN** defines federation membership. One line for each federation
Example: membership. Each line consists of the name of the federation, and the domain.
* `fallthrough` If a query for a record in the cluster zone results in NXDOMAIN, normally that is
what the response will be. However, if you specify this option, the query will instead be passed
``` on down the middleware chain, which can include another middleware to handle the query.
kubernetes cluster.local. {
pods verified
}
```
* `upstream` **ADDRESS [ADDRESS...]**
Defines upstream resolvers used for resolving services that point to external hosts (External Services). **ADDRESS** can be an ip, an ip:port, or a path to a file structured like resolv.conf.
Example:
```
kubernetes cluster.local. {
upstream 12.34.56.78:5053
}
```
* `federation` **NAME DOMAIN**
Defines federation membership. One line for each federation membership. Each line consists of the name of the federation, and the domain.
Example:
```
kubernetes cluster.local. {
federation myfed foo.example.com
}
```
* `fallthrough`
If a query for a record in the cluster zone results in NXDOMAIN, normally that is what the response will be. However, if you specify this option, the query will instead be passed on down the middleware chain, which can include another middleware to handle the query.
## Examples ## Examples