TrueCloudLab/coredns
16
0
Fork 2
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

plugin/kubernetes: partial fix for crazy pod queries (#1349)

Browse source 
This is probably the first in a series to fix "crazy" pod queries.
If the namespace doesn't exist return NXDOMAIN.

It might be worth extending this 1:1 to findServices as well.
This commit is contained in:
Miek Gieben 2018-01-05 17:48:08 +00:00 committed by GitHub
parent 58221f55db
commit f62189372a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

7
plugin/kubernetes/handler_pod_insecure_test.go
View file

@ -25,6 +25,13 @@ var podModeInsecureCases = []test.Case{
test.A("172-0-0-2.podns.pod.cluster.local. 5 IN A 172.0.0.2"), test.A("172-0-0-2.podns.pod.cluster.local. 5 IN A 172.0.0.2"),
}, },
}, },
{
Qname: "blah.pod-nons.pod.cluster.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeNameError,
Ns: []dns.RR{
test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"),
},
},
} }
func TestServeDNSModeInsecure(t *testing.T) { func TestServeDNSModeInsecure(t *testing.T) {

24
plugin/kubernetes/kubernetes.go
View file

@ -311,6 +311,19 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service,
zonePath := msg.Path(zone, "coredns") zonePath := msg.Path(zone, "coredns")
ip := "" ip := ""
if strings.Count(podname, "-") == 3 && !strings.Contains(podname, "--") {
ip = strings.Replace(podname, "-", ".", -1)
} else {
ip = strings.Replace(podname, "-", ":", -1)
}
if k.podMode == podModeInsecure {
if !wildcard(namespace) && !k.namespace(namespace) { // no wildcard, but namespace does not exist
return nil, errNoItems
}
return []msg.Service{{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl}}, err
}
err = errNoItems err = errNoItems
if wildcard(podname) && !wildcard(namespace) { if wildcard(podname) && !wildcard(namespace) {
// If namespace exist, err should be nil, so that we return nodata instead of NXDOMAIN // If namespace exist, err should be nil, so that we return nodata instead of NXDOMAIN
@ -319,22 +332,13 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service,
} }
} }
if strings.Count(podname, "-") == 3 && !strings.Contains(podname, "--") {
ip = strings.Replace(podname, "-", ".", -1)
} else {
ip = strings.Replace(podname, "-", ":", -1)
}
if k.podMode == podModeInsecure {
return []msg.Service{{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl}}, nil
}
// PodModeVerified // PodModeVerified
for _, p := range k.APIConn.PodIndex(ip) { for _, p := range k.APIConn.PodIndex(ip) {
// If namespace has a wildcard, filter results against Corefile namespace list. // If namespace has a wildcard, filter results against Corefile namespace list.
if wildcard(namespace) && !k.namespaceExposed(p.Namespace) { if wildcard(namespace) && !k.namespaceExposed(p.Namespace) {
continue continue
} }
// check for matching ip and namespace // check for matching ip and namespace
if ip == p.Status.PodIP && match(namespace, p.Namespace) { if ip == p.Status.PodIP && match(namespace, p.Namespace) {
s := msg.Service{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl} s := msg.Service{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl}