aboutsummaryrefslogtreecommitdiff
path: root/plugin
diff options
context:
space:
mode:
authorGravatar Chris O'Haver <cohaver@infoblox.com> 2020-05-06 12:07:14 -0400
committerGravatar GitHub <noreply@github.com> 2020-05-06 09:07:14 -0700
commit5897a7c03d120e711480b921ab2455b7f1753fb9 (patch)
treecf6c26d5db89e24ba5ba77ac6644adc3996bcef6 /plugin
parent7c7772b735542d2b6a3a8b615f85f4a7db8ffb29 (diff)
downloadcoredns-5897a7c03d120e711480b921ab2455b7f1753fb9.tar.gz
coredns-5897a7c03d120e711480b921ab2455b7f1753fb9.tar.zst
coredns-5897a7c03d120e711480b921ab2455b7f1753fb9.zip
plugin/kubernetes: Mention remote IP requirement for autopath and metadata in README (#3876)
* mention remote IP requirement for autopath and metadata Signed-off-by: Chris O'Haver <cohaver@infoblox.com> * remove whitespace Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
Diffstat (limited to 'plugin')
-rw-r--r--plugin/kubernetes/README.md25
1 files changed, 16 insertions, 9 deletions
diff --git a/plugin/kubernetes/README.md b/plugin/kubernetes/README.md
index eb9b59bb2..654e6526f 100644
--- a/plugin/kubernetes/README.md
+++ b/plugin/kubernetes/README.md
@@ -173,7 +173,8 @@ upstreamNameservers: |
The *kubernetes* plugin can be used in conjunction with the *autopath* plugin. Using this
feature enables server-side domain search path completion in Kubernetes clusters. Note: `pods` must
-be set to `verified` for this to function properly.
+be set to `verified` for this to function properly. Furthermore, the remote IP address in the DNS
+packet received by CoreDNS must be the IP address of the Pod that sent the request.
cluster.local {
autopath @kubernetes
@@ -206,14 +207,20 @@ or the word "any"), then that label will match all values. The labels that acce
The kubernetes plugin will publish the following metadata, if the *metadata*
plugin is also enabled:
- * kubernetes/endpoint: the endpoint name in the query
- * kubernetes/kind: the resource kind (pod or svc) in the query
- * kubernetes/namespace: the namespace in the query
- * kubernetes/port-name: the port name in an SRV query
- * kubernetes/protocol: the protocol in an SRV query
- * kubernetes/service: the service name in the query
- * kubernetes/client-namespace: the client pod's namespace, if `pods verified` mode is enabled
- * kubernetes/client-pod-name: the client pod's name, if `pods verified` mode is enabled
+ * `kubernetes/endpoint`: the endpoint name in the query
+ * `kubernetes/kind`: the resource kind (pod or svc) in the query
+ * `kubernetes/namespace`: the namespace in the query
+ * `kubernetes/port-name`: the port name in an SRV query
+ * `kubernetes/protocol`: the protocol in an SRV query
+ * `kubernetes/service`: the service name in the query
+ * `kubernetes/client-namespace`: the client pod's namespace (see requirements below)
+ * `kubernetes/client-pod-name`: the client pod's name (see requirements below)
+
+The `kubernetes/client-namespace` and `kubernetes/client-pod-name` metadata work by reconciling the
+client IP address in the DNS request packet to a known pod IP address. Therefore the following is required:
+ * `pods verified` mode must be enabled
+ * the remote IP address in the DNS packet received by CoreDNS must be the IP address
+ of the Pod that sent the request.
## Metrics