diff options
| author |  Chris O'Haver <cohaver@infoblox.com>
| 2017-02-01 12:56:10 -0500 |
|---|---|---|
| committer |  John Belamaric <jbelamaric@infoblox.com>
| 2017-02-01 12:56:10 -0500 |
| commit | 8beb1b2166102368ba5f19c7cf60850c555b915a (patch) | |
| tree | d19eefd6abc0d2f0cbeb568e0f16ec7b61b23e38 | |
| parent | 3a04d2a306c793b0b3187fa9b52c89db9bd85cb9 (diff) | |
| download | coredns-8beb1b2166102368ba5f19c7cf60850c555b915a.tar.gz coredns-8beb1b2166102368ba5f19c7cf60850c555b915a.tar.zst coredns-8beb1b2166102368ba5f19c7cf60850c555b915a.zip | |
Allow cidr based reverse zone config (#500)
* add cidrs opt
* remove state data from middleware object
| -rw-r--r-- | middleware/kubernetes/handler.go | 7 | ||||
| -rw-r--r-- | middleware/kubernetes/kubernetes.go | 12 | ||||
| -rw-r--r-- | middleware/kubernetes/setup.go | 15 |
3 files changed, 33 insertions, 1 deletions
diff --git a/middleware/kubernetes/handler.go b/middleware/kubernetes/handler.go index f35792881..12277911a 100644 --- a/middleware/kubernetes/handler.go +++ b/middleware/kubernetes/handler.go @@ -26,7 +26,12 @@ func (k Kubernetes) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.M // otherwise delegate to the next in the pipeline. zone := middleware.Zones(k.Zones).Matches(state.Name()) if zone == "" { - return middleware.NextOrFailure(k.Name(), k.Next, ctx, w, r) + // If this is a PTR request, and a the request is in a defined + // pod/service cidr range, process the request in this middleware, + // otherwise pass to next middleware. + if state.Type() != "PTR" || !k.IsRequestInReverseRange(state) { + return middleware.NextOrFailure(k.Name(), k.Next, ctx, w, r) + } } var ( diff --git a/middleware/kubernetes/kubernetes.go b/middleware/kubernetes/kubernetes.go index 7ad2403c6..8c4e08e5d 100644 --- a/middleware/kubernetes/kubernetes.go +++ b/middleware/kubernetes/kubernetes.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "log" + "net" "strings" "time" @@ -41,6 +42,7 @@ type Kubernetes struct { LabelSelector *unversionedapi.LabelSelector Selector *labels.Selector PodMode string + ReverseCidrs []net.IPNet } const ( @@ -128,6 +130,16 @@ func (k *Kubernetes) Reverse(state request.Request, exact bool, opt middleware.O return records, nil, nil } +func (k *Kubernetes) IsRequestInReverseRange(state request.Request) bool { + ip := dnsutil.ExtractAddressFromReverse(state.Name()) + for _, c := range k.ReverseCidrs { + if c.Contains(net.ParseIP(ip)) { + return true + } + } + return false +} + // Lookup implements the ServiceBackend interface. func (k *Kubernetes) Lookup(state request.Request, name string, typ uint16) (*dns.Msg, error) { return k.Proxy.Lookup(state, name, typ) diff --git a/middleware/kubernetes/setup.go b/middleware/kubernetes/setup.go index 7fd9804e0..366084ada 100644 --- a/middleware/kubernetes/setup.go +++ b/middleware/kubernetes/setup.go @@ -3,6 +3,7 @@ package kubernetes import ( "errors" "fmt" + "net" "strings" "time" @@ -84,6 +85,20 @@ func kubernetesParse(c *caddy.Controller) (*Kubernetes, error) { for c.NextBlock() { switch c.Val() { + case "cidrs": + args := c.RemainingArgs() + if len(args) > 0 { + for _, cidrStr := range args { + _, cidr, err := net.ParseCIDR(cidrStr) + if err != nil { + return nil, errors.New(c.Val() + " contains an invalid cidr: " + cidrStr) + } + k8s.ReverseCidrs = append(k8s.ReverseCidrs, *cidr) + + } + continue + } + return nil, c.ArgErr() case "pods": args := c.RemainingArgs() if len(args) == 1 { |