plugin/kubernetes: correctly set NODATA for ns (#1229)

* plugin/kubernetes: Add GetNamespaceByName

A bare or wildcard query for just the namespace should return NODATA,
not NXDOMAIN, otherwise we deny the entirety of the names under the
namespace.

Add test to check for this in pod verified mode.

* Review

More comments and move namespace code to namespace.go

1 files changed, 15 insertions, 0 deletions

diff --git a/plugin/kubernetes/controller.go b/plugin/kubernetes/controller.go
index 89b608703..c47c33819 100644
--- a/plugin/kubernetes/controller.go
+++ b/plugin/kubernetes/controller.go
@@ -36,6 +36,7 @@ type dnsController interface {
 	EndpointsList() []*api.Endpoints
 
 	GetNodeByName(string) (*api.Node, error)
+	GetNamespaceByName(string) (*api.Namespace, error)
 
 	Run()
 	HasSynced() bool
@@ -388,6 +389,9 @@ func (dns *dnsControl) EndpointsList() (eps []*api.Endpoints) {
 	return eps
 }
 
+// GetNodeByName return the node by name. If nothing is found an error is
+// returned. This query causes a roundtrip to the k8s API server, so use
+// sparingly. Currently this is only used for Federation.
 func (dns *dnsControl) GetNodeByName(name string) (*api.Node, error) {
 	v1node, err := dns.client.Nodes().Get(name, meta.GetOptions{})
 	if err != nil {
@@ -395,3 +399,14 @@ func (dns *dnsControl) GetNodeByName(name string) (*api.Node, error) {
 	}
 	return v1node, nil
 }
+
+// GetNamespaceByName returns the namespace by name. If nothing is found an
+// error is returned. This query causes a roundtrip to the k8s API server, so
+// use sparingly.
+func (dns *dnsControl) GetNamespaceByName(name string) (*api.Namespace, error) {
+	v1ns, err := dns.client.Namespaces().Get(name, meta.GetOptions{})
+	if err != nil {
+		return &api.Namespace{}, err
+	}
+	return v1ns, nil
+}