* make sure client CA and auth type are set if CA is explicitly specified.
added some simple tests to confirm the effect.
* test certificates (forgot to add them in the previous commit)
* made client auth policy configurable with new client_auth option.
README has been updated accordingly.
* fix editorial in README
* Fix for #2842, instead of returning the first Pod, return the one which is Running
* a more memory efficient version of the fix, string -> bool
* fix with no extra fields in struct, return nil at Pod conversion if Pod is not Running
* let Kuberneretes filter for Running Pods using FieldSelector
* filter for Pods that are Running and Pending (implicit)
* Add server instance to the context in ServerTLS and ServerHTTPS
The problem with the current code is that there's no way to get the server instance inside a plugin.
Because of that "metrics" plugin sets empty "server" label for requests served over TLS or HTTPS.
* use s.Server instead of s
* Added server to the context of grpc requests
This fix:
1. Update dns to v1.1.12
2. Redirect dns v1.1.3 in caddy to v1.1.12 so that there is only one version of dns.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* pkg/log: fix data race on d
Wrap d in a mutex to prevent data race. This makes is slower, but this
is a debugging aid anyway. It's not used normally.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix tests compilation
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix test compile
Signed-off-by: Miek Gieben <miek@miek.nl>
This fixes a data race on the listener(s) that get started in the
metrics plugins.
It also restore pkg/uniq to its former glory and removes and state being
carried in there; this means for metrics that registry.go was to
replicate that behavior *with* locking (as pkg/uniq doesn't do, or need
that).
Also renamed uniqAddr to just u, to make it slightly shorter.
Signed-off-by: Miek Gieben <miek@miek.nl>
Fix metrics endpoint on a failed reload, follows the same lines as the
previous PRs, see for e.g. 076b8d4f. Test with a Corefile with 2 server
blocks and metrics enabled and then introducing a syntax error:
~~~
[ERROR] Restart failed: Corefile:5 - Error during parsing: Unknown directive 'jfkdjk'
[ERROR] SIGUSR1: starting with listener file descriptors: Corefile:5 - Error during parsing: Unknown directive 'jfkdjk'
~~~
And then curl-ing the metrics endpoint.
See #2659 and as this is the last one.
Fixes: #2659
Getting this all right turns out to be tricky, also it's not easy
testable which is something I should fix.
Signed-off-by: Miek Gieben <miek@miek.nl>
Update this file, give Readiness its own section and remove the talk
about the *reverse* plugin as it does not exist in the main tree
anymore.
Signed-off-by: Miek Gieben <miek@miek.nl>
Add OnReStartFailed which makes the health plugin stay up if the
Corefile is corrupt and we revert to the previous version.
Also needs a fix for the channel handling
See #2659
Testing it will log the following when restarting with a corrupted
Corefile
~~~
2019-05-04T18:01:59.431Z [INFO] linux/amd64, go1.12.4,
CoreDNS-1.5.0
linux/amd64, go1.12.4,
[INFO] SIGUSR1: Reloading
[INFO] Reloading
[ERROR] Restart failed: Corefile:5 - Error during parsing: Unknown directive 'bdhfhdhj'
[ERROR] SIGUSR1: starting with listener file descriptors: Corefile:5 - Error during parsing: Unknown directive 'bdhfhdhj'
~~~
After which the curl still works.
This also needed a change to reset the channel used for the metrics
go-routine which gets closed on shutdown, otherwise you'll see:
~~~
^C[INFO] SIGINT: Shutting down
panic: close of closed channel
goroutine 90 [running]:
github.com/coredns/coredns/plugin/health.(*health).OnFinalShutdown(0xc000089bc0, 0xc000063d88, 0x4afe6d)
~~~
Signed-off-by: Miek Gieben <miek@miek.nl>
Small, trivial cleanup: got triggered because I saw a comment on how
health plugins polls other plugins which isn't true.
* Remove useless newHealth function
* healthParse -> parse
* Remove useless constants
Net deletion of code.
Signed-off-by: Miek Gieben <miek@miek.nl>
* kubernetes: never respond with NXDOMAIN for authority label
Return a nodata response when trying to resolve the authority's label
for a record type that doesn't match the record type of the authority.
This guards against poisoning the authority record by requesting the
wrong record type for the authority label. For instance, given an
authoritative resolver that uses subdomain delegation for Kubernetes
services of a cluster that's configured to use IPv4, the parent may be
poisoned by querying it for the authority label of the cluster subdomain
with a AAAA record type, which would otherwise (i.e. without this
change) return an NXDOMAIN. That is, given
cluster.example.com NS 10800 ns.dns.cluster.example.com
ns.dns.cluster.example.com A 10800 10.0.1.2
The parent may be poisoned for the SOA TTL by querying it for a AAAA
record of ns.dns.cluster.example.com, causing the parent to fail
delegate properly until the SOA TTL lapses.
* kubernetes: add tests for authority queries
While running make notices the following:
```
** presubmit/trailing-whitespace
plugin/grpc/README.md:Multiple upstreams are randomized (see `policy`) on first use. When a proxy returns an error
plugin/pprof/setup_test.go: {`pprof :1234 {
plugin/pprof/setup_test.go: {`pprof {
** presubmit/trailing-whitespace: please remove any trailing white space
```
This fix removes the whitespaces
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Add any plugin
This adds the any plugin, a plain copy of coredns/any documented here
https://coredns.io/explugins/any/ as an external plugin.
Fixes: #2785
Signed-off-by: Miek Gieben <miek@miek.nl>
* Stickler bot nit
Signed-off-by: Miek Gieben <miek@miek.nl>
Randomize the author list on request; keep the zowners.go file stable so
a 'go generate' remain stable.
chaos.Owners could potentially be a map and be randomized by ranging
over it, but this seems simpler and fewer lines of code.
Bit of Easter hacking; seems more fair to randomize this list.
Signed-off-by: Miek Gieben <miek@miek.nl>
Various plugins still had this documented, the setup functions still
allow it (which is fine), but update the docs that this arguments isn't
there any more.
Signed-off-by: Miek Gieben <miek@miek.nl>
* WIP: travis changes
Simplify Travis so it fails less often.
We don't need docker any more, let alone trusty and sudo, so simplifies
this, to just os: linux.
Signed-off-by: Miek Gieben <miek@miek.nl>
* This?
Signed-off-by: Miek Gieben <miek@miek.nl>
each readme starts with the plugin's name as a header, this needs to be
chopped off to provide a good manual page.
Signed-off-by: Miek Gieben <miek@miek.nl>
Mmark recently became able to create manual pages. This removed the
dependency on 'ronn' and just uses mmark (Go program).
Re-hookup Makefile.doc to generate the correct header mmark needs to
see and regenate them all.
Spot checking a few pages suggest they look good and actually better
than rendered with ronn, esp. lists in lists.
Fixes#2757
Signed-off-by: Miek Gieben <miek@miek.nl>
