* Exclude External IP addresses from being added to the existing kubernetes' plugin IP->Service index
* Add support for PTR requests on External IPs of Services to the k8s_external plugin
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* Use GetByKey instead of List in GetNamespaceByName.
* Add ToNamespace to reduce memory for namespace cache.
Signed-off-by: Mat Lowery <mlowery@ebay.com>
* support dual stack clusterIPs
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* stickler
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix ClusterIPs make
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* initial commit
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* convert endpointslices to object.endpoints
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add opt hard coded for now
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* check that server supports endpointslice
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix import grouping
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* dont use endpoint slice in 1.17 or 1.18
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* bump kind/k8s in circle ci to latest
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* drop k8s to latest supported by kind
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* use endpointslice name as endoint Name; index by Service name
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* use index key comparison in nsAddrs()
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add Index to object.Endpoint fixtures; fix direct endpoint name compares
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add slice dup check and test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* todo
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add ep-slice skew dup test for reverse
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* nsaddrs: de-dup ep-slice skew dups; add test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* remove todo
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* address various feedback
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* consolidate endpoint/slice informer code
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix endpoint informer consolidation; use clearer func name
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* log info; use major/minor fields
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix nsAddr and unit test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add latency tracking for endpointslices
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* endpointslice latency unit test & fix
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* code shuffling
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* rename endpointslices in tests
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* remove de-dup from nsAddrs and test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* remove de-dup from findServices / test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* use all local IPs
* mult/bind ips
* gofmt + boundIPs fix
* fix no matching endpoint case
* don't duplicate NS records in answer
* fix answer dedup
* fix comment
* add multi local ip test case
* fix external ns records
* use k8s service name for ns record
* update test, add func comment
* expand nsAddrs() test cases
* support local ipv6 ip
* use less confusing pod ip in test
* kubernetes: never respond with NXDOMAIN for authority label
Return a nodata response when trying to resolve the authority's label
for a record type that doesn't match the record type of the authority.
This guards against poisoning the authority record by requesting the
wrong record type for the authority label. For instance, given an
authoritative resolver that uses subdomain delegation for Kubernetes
services of a cluster that's configured to use IPv4, the parent may be
poisoned by querying it for the authority label of the cluster subdomain
with a AAAA record type, which would otherwise (i.e. without this
change) return an NXDOMAIN. That is, given
cluster.example.com NS 10800 ns.dns.cluster.example.com
ns.dns.cluster.example.com A 10800 10.0.1.2
The parent may be poisoned for the SOA TTL by querying it for a AAAA
record of ns.dns.cluster.example.com, causing the parent to fail
delegate properly until the SOA TTL lapses.
* kubernetes: add tests for authority queries
* Remove context.Context from request.Request
This removes the context from request.Request and makes all the changes
in the code to make it compile again. It's all mechanical. It did
unearth some weirdness in that the context was kept in handler structs
which may cause havoc with concurrently handling of requests.
Fixes#2721
Signed-off-by: Miek Gieben <miek@miek.nl>
* Make test compile
Signed-off-by: Miek Gieben <miek@miek.nl>
This was added, but didn't see any use. For a large, complex chunk of
code we should have some users of it.
Remove all watch functionally from plugins, servers and packages.
Fixes: #2548
Signed-off-by: Miek Gieben <miek@miek.nl>
This is a relic from the etcd integration and only used to remove in the
final answer returned to the client. We do need it. Make it a constant
and only one character wide.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Convert to runtime.Object to smaller structs
This adds conversion for all the objects we want to keep in the cache.
It keeps the minimum for CoreDNS to function and throws away the rest.
The conversion:
api.Endpoints -> object.Endpoints
api.Pod -> object.Pod
api.Serivce -> object.Service
We needed to copy some client-go stuff to insert a conversion function
into NewIndexInformers.
Some unrelated cleanups in the watch functionality as that needed to be
touched because of the above translation of objects.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Reduce test line-count
Signed-off-by: Miek Gieben <miek@miek.nl>
* ....and fix test
Signed-off-by: Miek Gieben <miek@miek.nl>
* Drop use of append
Signed-off-by: Miek Gieben <miek@miek.nl>
* cosmetic changes
Signed-off-by: Miek Gieben <miek@miek.nl>
* that was a typo
Signed-off-by: Miek Gieben <miek@miek.nl>
* re-introduce append here
We can't really use len() here because we don't know the number before
hand.
Signed-off-by: Miek Gieben <miek@miek.nl>
* comment in better place
Signed-off-by: Miek Gieben <miek@miek.nl>
* Make the timestamp a bool; thats where it is used for
Signed-off-by: Miek Gieben <miek@miek.nl>
* Set incoming object to nil
Explicataliy discard the converted object; we did a deep copy it's
not needed anymore.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Per Chris's comment
Signed-off-by: Miek Gieben <miek@miek.nl>
* Add part 1 watch functionality. (squashed)
* add funcs for service/endpoint fqdns
* add endpoints watch
* document exposed funcs
* only send subset deltas
* locking for watch map
* tests and docs
* add pod watch
* remove debugs prints
* feedback part 1
* add error reporting to proto
* inform clients of server stop+errors
* add grpc options param
* use proper context
* Review feedback:
* Removed client (will move to another repo)
* Use new log functions
* Change watchChan to be for string not []string
* Rework how k8s plugin stores watch tracking info to simplify
* Normalize the qname on watch request
* Add blank line back
* Revert another spurious change
* Fix tests
* Add stop channel.
Fix tests.
Better docs for plugin interface.
* fmt.Printf -> log.Warningf
* Move from dnsserver to plugin/pkg/watch
* gofmt
* remove dead client watches
* sate linter
* linter omg
* plugin/kubernetes: axfr
Hook up dynamic SOA serial by setting ResourceEventHandlerFuncs in
dnsController.
Add prototype of returns msg.Services via the Transfer function. Leave
expanding this to RRs out of scope for a bit.
* plugin/kubernetes: axfr
Respond to AXFR queries
* Fixing race condition
* Fixing instantiation of dnstest writer
* Updates from review
* Update k8s client-go to v6.0.0
This fix updates k8s client-go to v6.0.0 as CoreDNS is supported
in 1.9 and v6.0.0 is the recommended version.
There are quite some massive changes that need to be made:
1. k8s.io/client-go/pkg/api/v1 has been changed to k8s.io/api/v1 (repo changed from `client-go` to `api`)
2. kubernetes.Clientset adds one extra layer, so that `kubernetes.Clientset.Services()` and like has been changed to `kubernetes.Clientset.CoreV1().Services()`
Also, we have to stick with specific commits of `k8s.io/apimachinery` and the newly introduced `k8s.io/api`
because go dep still could not figure out the right version to fetch.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Update vendor with `dep ensure --update` and `dep prune`
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* plugin/kubernetes: Add GetNamespaceByName
A bare or wildcard query for just the namespace should return NODATA,
not NXDOMAIN, otherwise we deny the entirety of the names under the
namespace.
Add test to check for this in pod verified mode.
* Review
More comments and move namespace code to namespace.go
Change to use a new 'endpoints' directive and use a constant
Add initial docs for 'endpoints' directive
Add tests to Kubernetes setup for endpoints
Changes based on PR feedback
endpoint_pod_names is a boolean config option. Chahanged docs to reflect this.
Add a test when endpoints_pod_names is not set
Update README.md
Remove endpointNameModeName as it is no longer used
* plugin/kubernetes: wait until api is ready
Wait for HasSynced before allowing startup to avoid startup race.
Also do a small refactor in findServices() to pull a check out of the
loop - only needs to be done once.
* sigh
* Rename middleware to plugin
first pass; mostly used 'sed', few spots where I manually changed
text.
This still builds a coredns binary.
* fmt error
* Rename AddMiddleware to AddPlugin
* Readd AddMiddleware to remain backwards compat
2017-09-14 09:36:06 +01:00
Renamed from middleware/kubernetes/kubernetes_test.go (Browse further)
