diff options
| author |  Chris O'Haver <cohaver@infoblox.com>
| 2018-08-27 10:38:49 -0400 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2018-08-27 10:38:49 -0400 |
| commit | 444472891ff124d656a247b63dd126240f5eb35b (patch) | |
| tree | 9f897b8ed7f6a1a401a7bb5927ed6dff56642b62 | |
| parent | d60993e0210cba3576fa0bfa158a23e8abab6f80 (diff) | |
| download | coredns-444472891ff124d656a247b63dd126240f5eb35b.tar.gz coredns-444472891ff124d656a247b63dd126240f5eb35b.tar.zst coredns-444472891ff124d656a247b63dd126240f5eb35b.zip | |
plugin/kubernetes: dont transfer unexposed namespaces (#2044)
dont transfer unexposed namespaces
| -rw-r--r-- | plugin/kubernetes/handler_test.go | 16 | ||||
| -rw-r--r-- | plugin/kubernetes/xfr.go | 3 | ||||
| -rw-r--r-- | plugin/kubernetes/xfr_test.go | 1 |
3 files changed, 20 insertions, 0 deletions
diff --git a/plugin/kubernetes/handler_test.go b/plugin/kubernetes/handler_test.go index f9061bf12..c930e538e 100644 --- a/plugin/kubernetes/handler_test.go +++ b/plugin/kubernetes/handler_test.go @@ -330,6 +330,7 @@ func TestServeDNS(t *testing.T) { k := New([]string{"cluster.local."}) k.APIConn = &APIConnServeTest{} k.Next = test.NextHandler(dns.RcodeSuccess, nil) + k.Namespaces = map[string]bool{"testns": true} ctx := context.TODO() for i, tc := range dnsTestCases { @@ -478,6 +479,21 @@ var svcIndex = map[string][]*api.Service{ ClusterIP: api.ClusterIPNone, }, }}, + "svc1.unexposedns": {{ + ObjectMeta: meta.ObjectMeta{ + Name: "svc1", + Namespace: "unexposedns", + }, + Spec: api.ServiceSpec{ + Type: api.ServiceTypeClusterIP, + ClusterIP: "10.0.0.2", + Ports: []api.ServicePort{{ + Name: "http", + Protocol: "tcp", + Port: 80, + }}, + }, + }}, } func (APIConnServeTest) SvcIndex(s string) []*api.Service { diff --git a/plugin/kubernetes/xfr.go b/plugin/kubernetes/xfr.go index afee4aa20..1b958102b 100644 --- a/plugin/kubernetes/xfr.go +++ b/plugin/kubernetes/xfr.go @@ -78,6 +78,9 @@ func (k *Kubernetes) transfer(c chan dns.RR, zone string) { zonePath := msg.Path(zone, "coredns") serviceList := k.APIConn.ServiceList() for _, svc := range serviceList { + if !k.namespaceExposed(svc.Namespace) { + continue + } svcBase := []string{zonePath, Svc, svc.Namespace, svc.Name} switch svc.Spec.Type { case api.ServiceTypeClusterIP, api.ServiceTypeNodePort, api.ServiceTypeLoadBalancer: diff --git a/plugin/kubernetes/xfr_test.go b/plugin/kubernetes/xfr_test.go index 6ce7e789f..61bacf66e 100644 --- a/plugin/kubernetes/xfr_test.go +++ b/plugin/kubernetes/xfr_test.go @@ -17,6 +17,7 @@ func TestKubernetesXFR(t *testing.T) { k := New([]string{"cluster.local."}) k.APIConn = &APIConnServeTest{} k.TransferTo = []string{"127.0.0.1"} + k.Namespaces = map[string]bool{"testns": true} ctx := context.TODO() w := dnstest.NewMultiRecorder(&test.ResponseWriter{}) |