diff options
| author |  Chris O'Haver <cohaver@infoblox.com>
| 2017-01-20 02:22:11 -0500 |
|---|---|---|
| committer |  Miek Gieben <miek@miek.nl>
| 2017-01-20 07:22:11 +0000 |
| commit | adfd7d5b195f244234b577c6103224200d85c714 (patch) | |
| tree | 21e457f5f7cf3745d8e8efc1bf79db21cbb4312e /middleware/kubernetes/kubernetes.go | |
| parent | 51a34d934deb79f764e40d4ea1f3d232f5f75d79 (diff) | |
| download | coredns-adfd7d5b195f244234b577c6103224200d85c714.tar.gz coredns-adfd7d5b195f244234b577c6103224200d85c714.tar.zst coredns-adfd7d5b195f244234b577c6103224200d85c714.zip | |
Add pod cache and verified pod responses (#483)
* Add pod cache and verified pod responses
* add ip indexing for pod cache
Diffstat (limited to 'middleware/kubernetes/kubernetes.go')
| -rw-r--r-- | middleware/kubernetes/kubernetes.go | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/middleware/kubernetes/kubernetes.go b/middleware/kubernetes/kubernetes.go index 9141cd40a..c59f98835 100644 --- a/middleware/kubernetes/kubernetes.go +++ b/middleware/kubernetes/kubernetes.go @@ -45,6 +45,7 @@ type Kubernetes struct { const ( PodModeDisabled = "disabled" // default. pod requests are ignored + PodModeVerified = "verified" // Pod requests are answered only if they exist PodModeInsecure = "insecure" // ALL pod requests are answered without verfying they exist DnsSchemaVersion = "1.0.0" // https://github.com/kubernetes/dns/blob/master/docs/specification.md ) @@ -197,7 +198,7 @@ func (k *Kubernetes) InitKubeCache() error { log.Printf("[INFO] Kubernetes middleware configured with the label selector '%s'. Only kubernetes objects matching this label selector will be exposed.", unversionedapi.FormatLabelSelector(k.LabelSelector)) } - k.APIConn = newdnsController(kubeClient, k.ResyncPeriod, k.Selector) + k.APIConn = newdnsController(kubeClient, k.ResyncPeriod, k.Selector, k.PodMode == PodModeVerified) return err } @@ -384,9 +385,30 @@ func (k *Kubernetes) findPods(namespace, podname string) (pods []pod, err error) return pods, nil } - // TODO: implement cache verified pod responses - return pods, nil + // PodModeVerified + objList, err := k.APIConn.podLister.Indexer.ByIndex(podIPIndex, ip) + if err != nil { + return nil, err + } + nsWildcard := symbolContainsWildcard(namespace) + for _, o := range objList { + p, ok := o.(*api.Pod) + if !ok { + return nil, errors.New("expected type *api.Pod") + } + // If namespace has a wildcard, filter results against Corefile namespace list. + if nsWildcard && (len(k.Namespaces) > 0) && (!dnsstrings.StringInSlice(p.Namespace, k.Namespaces)) { + continue + } + // check for matching ip and namespace + if ip == p.Status.PodIP && symbolMatches(namespace, p.Namespace, nsWildcard) { + s := pod{name: podname, namespace: namespace, addr: ip} + pods = append(pods, s) + return pods, nil + } + } + return pods, nil } // Get retrieves matching data from the cache. |