diff options
| author |  Miek Gieben <miek@miek.nl>
| 2018-01-05 17:48:08 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2018-01-05 17:48:08 +0000 |
| commit | f62189372af6d866a8bce890bf44a0284a599b59 (patch) | |
| tree | 535ef32be90a4041971c27470ab78829fd4e5451 /plugin/kubernetes | |
| parent | 58221f55db5675c6107d19679c46a216ed072aca (diff) | |
| download | coredns-f62189372af6d866a8bce890bf44a0284a599b59.tar.gz coredns-f62189372af6d866a8bce890bf44a0284a599b59.tar.zst coredns-f62189372af6d866a8bce890bf44a0284a599b59.zip | |
plugin/kubernetes: partial fix for crazy pod queries (#1349)
This is probably the first in a series to fix "crazy" pod queries.
If the namespace doesn't exist return NXDOMAIN.
It might be worth extending this 1:1 to findServices as well.
Diffstat (limited to 'plugin/kubernetes')
| -rw-r--r-- | plugin/kubernetes/handler_pod_insecure_test.go | 7 | ||||
| -rw-r--r-- | plugin/kubernetes/kubernetes.go | 22 |
2 files changed, 20 insertions, 9 deletions
diff --git a/plugin/kubernetes/handler_pod_insecure_test.go b/plugin/kubernetes/handler_pod_insecure_test.go index 276d4bbb3..6dcfd5629 100644 --- a/plugin/kubernetes/handler_pod_insecure_test.go +++ b/plugin/kubernetes/handler_pod_insecure_test.go @@ -25,6 +25,13 @@ var podModeInsecureCases = []test.Case{ test.A("172-0-0-2.podns.pod.cluster.local. 5 IN A 172.0.0.2"), }, }, + { + Qname: "blah.pod-nons.pod.cluster.local.", Qtype: dns.TypeA, + Rcode: dns.RcodeNameError, + Ns: []dns.RR{ + test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"), + }, + }, } func TestServeDNSModeInsecure(t *testing.T) { diff --git a/plugin/kubernetes/kubernetes.go b/plugin/kubernetes/kubernetes.go index 3a2c4870d..4e79738e7 100644 --- a/plugin/kubernetes/kubernetes.go +++ b/plugin/kubernetes/kubernetes.go @@ -311,14 +311,6 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service, zonePath := msg.Path(zone, "coredns") ip := "" - err = errNoItems - if wildcard(podname) && !wildcard(namespace) { - // If namespace exist, err should be nil, so that we return nodata instead of NXDOMAIN - if k.namespace(namespace) { - err = nil - } - } - if strings.Count(podname, "-") == 3 && !strings.Contains(podname, "--") { ip = strings.Replace(podname, "-", ".", -1) } else { @@ -326,7 +318,18 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service, } if k.podMode == podModeInsecure { - return []msg.Service{{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl}}, nil + if !wildcard(namespace) && !k.namespace(namespace) { // no wildcard, but namespace does not exist + return nil, errNoItems + } + return []msg.Service{{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl}}, err + } + + err = errNoItems + if wildcard(podname) && !wildcard(namespace) { + // If namespace exist, err should be nil, so that we return nodata instead of NXDOMAIN + if k.namespace(namespace) { + err = nil + } } // PodModeVerified @@ -335,6 +338,7 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service, if wildcard(namespace) && !k.namespaceExposed(p.Namespace) { continue } + // check for matching ip and namespace if ip == p.Status.PodIP && match(namespace, p.Namespace) { s := msg.Service{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl} |