* make sure client CA and auth type are set if CA is explicitly specified.
added some simple tests to confirm the effect.
* test certificates (forgot to add them in the previous commit)
* made client auth policy configurable with new client_auth option.
README has been updated accordingly.
* fix editorial in README
* Fix for #2842, instead of returning the first Pod, return the one which is Running
* a more memory efficient version of the fix, string -> bool
* fix with no extra fields in struct, return nil at Pod conversion if Pod is not Running
* let Kuberneretes filter for Running Pods using FieldSelector
* filter for Pods that are Running and Pending (implicit)
* pkg/log: fix data race on d
Wrap d in a mutex to prevent data race. This makes is slower, but this
is a debugging aid anyway. It's not used normally.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix tests compilation
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix test compile
Signed-off-by: Miek Gieben <miek@miek.nl>
This fixes a data race on the listener(s) that get started in the
metrics plugins.
It also restore pkg/uniq to its former glory and removes and state being
carried in there; this means for metrics that registry.go was to
replicate that behavior *with* locking (as pkg/uniq doesn't do, or need
that).
Also renamed uniqAddr to just u, to make it slightly shorter.
Signed-off-by: Miek Gieben <miek@miek.nl>
Fix metrics endpoint on a failed reload, follows the same lines as the
previous PRs, see for e.g. 076b8d4f. Test with a Corefile with 2 server
blocks and metrics enabled and then introducing a syntax error:
~~~
[ERROR] Restart failed: Corefile:5 - Error during parsing: Unknown directive 'jfkdjk'
[ERROR] SIGUSR1: starting with listener file descriptors: Corefile:5 - Error during parsing: Unknown directive 'jfkdjk'
~~~
And then curl-ing the metrics endpoint.
See #2659 and as this is the last one.
Fixes: #2659
Getting this all right turns out to be tricky, also it's not easy
testable which is something I should fix.
Signed-off-by: Miek Gieben <miek@miek.nl>
Add OnReStartFailed which makes the health plugin stay up if the
Corefile is corrupt and we revert to the previous version.
Also needs a fix for the channel handling
See #2659
Testing it will log the following when restarting with a corrupted
Corefile
~~~
2019-05-04T18:01:59.431Z [INFO] linux/amd64, go1.12.4,
CoreDNS-1.5.0
linux/amd64, go1.12.4,
[INFO] SIGUSR1: Reloading
[INFO] Reloading
[ERROR] Restart failed: Corefile:5 - Error during parsing: Unknown directive 'bdhfhdhj'
[ERROR] SIGUSR1: starting with listener file descriptors: Corefile:5 - Error during parsing: Unknown directive 'bdhfhdhj'
~~~
After which the curl still works.
This also needed a change to reset the channel used for the metrics
go-routine which gets closed on shutdown, otherwise you'll see:
~~~
^C[INFO] SIGINT: Shutting down
panic: close of closed channel
goroutine 90 [running]:
github.com/coredns/coredns/plugin/health.(*health).OnFinalShutdown(0xc000089bc0, 0xc000063d88, 0x4afe6d)
~~~
Signed-off-by: Miek Gieben <miek@miek.nl>
Small, trivial cleanup: got triggered because I saw a comment on how
health plugins polls other plugins which isn't true.
* Remove useless newHealth function
* healthParse -> parse
* Remove useless constants
Net deletion of code.
Signed-off-by: Miek Gieben <miek@miek.nl>
* kubernetes: never respond with NXDOMAIN for authority label
Return a nodata response when trying to resolve the authority's label
for a record type that doesn't match the record type of the authority.
This guards against poisoning the authority record by requesting the
wrong record type for the authority label. For instance, given an
authoritative resolver that uses subdomain delegation for Kubernetes
services of a cluster that's configured to use IPv4, the parent may be
poisoned by querying it for the authority label of the cluster subdomain
with a AAAA record type, which would otherwise (i.e. without this
change) return an NXDOMAIN. That is, given
cluster.example.com NS 10800 ns.dns.cluster.example.com
ns.dns.cluster.example.com A 10800 10.0.1.2
The parent may be poisoned for the SOA TTL by querying it for a AAAA
record of ns.dns.cluster.example.com, causing the parent to fail
delegate properly until the SOA TTL lapses.
* kubernetes: add tests for authority queries
While running make notices the following:
```
** presubmit/trailing-whitespace
plugin/grpc/README.md:Multiple upstreams are randomized (see `policy`) on first use. When a proxy returns an error
plugin/pprof/setup_test.go: {`pprof :1234 {
plugin/pprof/setup_test.go: {`pprof {
** presubmit/trailing-whitespace: please remove any trailing white space
```
This fix removes the whitespaces
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Add any plugin
This adds the any plugin, a plain copy of coredns/any documented here
https://coredns.io/explugins/any/ as an external plugin.
Fixes: #2785
Signed-off-by: Miek Gieben <miek@miek.nl>
* Stickler bot nit
Signed-off-by: Miek Gieben <miek@miek.nl>
Randomize the author list on request; keep the zowners.go file stable so
a 'go generate' remain stable.
chaos.Owners could potentially be a map and be randomized by ranging
over it, but this seems simpler and fewer lines of code.
Bit of Easter hacking; seems more fair to randomize this list.
Signed-off-by: Miek Gieben <miek@miek.nl>
Various plugins still had this documented, the setup functions still
allow it (which is fine), but update the docs that this arguments isn't
there any more.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fully deprecate NO_RELOAD
Signed-off-by: Xiao An <hac@zju.edu.cn>
* Fully deprecate TIMEOUT
Signed-off-by: Xiao An <hac@zju.edu.cn>
* Update CI tests to adapt to the deprecation of TIMEOUT
Signed-off-by: Xiao An <hac@zju.edu.cn>
* Add documents for directive transfer in plugin auto
Signed-off-by: Xiao An <hac@zju.edu.cn>
* plugin/chaos: add default list of authors
Add a owners_generate.go that generates a Owners variables for use in
the chaos plugin.
Add a default list of authors in the authors.bind CH zone. When doing a
query this now returns:
~~~ sh
% dig authors.bind TXT CH
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5456
;; flags: qr rd; QUERY: 1, ANSWER: 22, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;authors.bind. CH TXT
;; ANSWER SECTION:
authors.bind. 0 CH TXT "bradbeam"
authors.bind. 0 CH TXT "chrisohaver"
authors.bind. 0 CH TXT "dilyevsky"
authors.bind. 0 CH TXT "ekleiner"
authors.bind. 0 CH TXT "fastest963"
authors.bind. 0 CH TXT "fturib"
authors.bind. 0 CH TXT "greenpau"
authors.bind. 0 CH TXT "grobie"
authors.bind. 0 CH TXT "inigohu"
authors.bind. 0 CH TXT "isolus"
authors.bind. 0 CH TXT "johnbelamaric"
authors.bind. 0 CH TXT "miekg"
authors.bind. 0 CH TXT "nchrisdk"
authors.bind. 0 CH TXT "nitisht"
authors.bind. 0 CH TXT "pmoroney"
authors.bind. 0 CH TXT "rajansandeep"
authors.bind. 0 CH TXT "rdrozhdzh"
authors.bind. 0 CH TXT "rtreffer"
authors.bind. 0 CH TXT "stp-ip"
authors.bind. 0 CH TXT "superq"
authors.bind. 0 CH TXT "varyoo"
authors.bind. 0 CH TXT "yongtang"
~~~
This was hard to do previously as we didn't hardcode this in the source,
but now with OWNERS files we can just generate this list.
Privacy wise this isn't worse than being listed in OWNERS file in the
first place. And it's a nice hat tip to the people making CoreDNS
better.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Sticklet bot comments
Signed-off-by: Miek Gieben <miek@miek.nl>
* [plugin/route53]: Do not return NXDOMAIN where it should be NODATA.
Signed-off-by: Dmitry Ilyevskiy <dmitry.ilyevskiy@getcruise.com>
* Fix bad merge.
Signed-off-by: Dmitry Ilyevskiy <dmitry.ilyevskiy@getcruise.com>
* plugin/cancel: add context cancelation plugin
Per review comments on #2704, move this into a plugin that gets called.
Add the most minimal plugin, tests and documenation.
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/cache: add timeout option
review feedback: add option to set custom timeout.
Signed-off-by: Miek Gieben <miek@miek.nl>
* spelling
Signed-off-by: Miek Gieben <miek@miek.nl>
* Remove context.Context from request.Request
This removes the context from request.Request and makes all the changes
in the code to make it compile again. It's all mechanical. It did
unearth some weirdness in that the context was kept in handler structs
which may cause havoc with concurrently handling of requests.
Fixes#2721
Signed-off-by: Miek Gieben <miek@miek.nl>
* Make test compile
Signed-off-by: Miek Gieben <miek@miek.nl>
Add another test case for impossible DNS messages which should not be
cached. This adds a check for a message that denies its own existence.
Fixes#2724.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Don't double report metrics on error
When there is an error use a different function to report the metrics,
in case the plugin chain handled the request the metrics are already
reported.
Fixes: #2717
Signed-off-by: Miek Gieben <miek@miek.nl>
* Compile again
Signed-off-by: Miek Gieben <miek@miek.nl>
* more
Signed-off-by: Miek Gieben <miek@miek.nl>
* Remove server addr from the context
This was added twice, just leave the server which also holds the
address.
Conflicts with #2719 but should be easy to fix.
Signed-off-by: Miek Gieben <miek@miek.nl>
* doesn't need server context
Signed-off-by: Miek Gieben <miek@miek.nl>
The server handles this case no need to also do it in the log plugin.
Means DefaultErrorFunc can be private to the dnsserver and is now
renamed to just errorFunc
Fixes: #2715
Signed-off-by: Miek Gieben <miek@miek.nl>
* Add a GaugeVec for enabled plugins monitoring.
Signed-off-by: Jiacheng Xu <xjcmaxwellcjx@gmail.com>
* Add server label and zone label for enable_plugin matric.
* Add a test for PluginEnabled metric
* Add description for enabledPlugin metric.
* Change the description for the enabledPlugin metric.
* Reset the enabledPlugin metric when restart the server.
* Add the bug session for enabledPlugin metric.
* Remove the resolveTCPAddr
* plugin/kubernetes: add ready function
Add ready function as the health function is now gone.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix readme
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/grpc: New gRPC plugin
* some changes after the first review:
- remove healthcheck. gRPC already has this implicitly implemented
- some naming and stetic changes
- fix some comments
- other minor fixes
* plugin/grpc: New gRPC plugin
* some changes after the first review:
- remove healthcheck. gRPC already has this implicitly implemented
- some naming and stetic changes
- fix some comments
- other minor fixes
* add OWNERS file and change plugin order
* remove Rcode checker
