diff options
author | 2020-05-06 12:07:14 -0400 | |
---|---|---|
committer | 2020-05-06 09:07:14 -0700 | |
commit | 5897a7c03d120e711480b921ab2455b7f1753fb9 (patch) | |
tree | cf6c26d5db89e24ba5ba77ac6644adc3996bcef6 /plugin | |
parent | 7c7772b735542d2b6a3a8b615f85f4a7db8ffb29 (diff) | |
download | coredns-5897a7c03d120e711480b921ab2455b7f1753fb9.tar.gz coredns-5897a7c03d120e711480b921ab2455b7f1753fb9.tar.zst coredns-5897a7c03d120e711480b921ab2455b7f1753fb9.zip |
plugin/kubernetes: Mention remote IP requirement for autopath and metadata in README (#3876)
* mention remote IP requirement for autopath and metadata
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* remove whitespace
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
Diffstat (limited to 'plugin')
-rw-r--r-- | plugin/kubernetes/README.md | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/plugin/kubernetes/README.md b/plugin/kubernetes/README.md index eb9b59bb2..654e6526f 100644 --- a/plugin/kubernetes/README.md +++ b/plugin/kubernetes/README.md @@ -173,7 +173,8 @@ upstreamNameservers: | The *kubernetes* plugin can be used in conjunction with the *autopath* plugin. Using this feature enables server-side domain search path completion in Kubernetes clusters. Note: `pods` must -be set to `verified` for this to function properly. +be set to `verified` for this to function properly. Furthermore, the remote IP address in the DNS +packet received by CoreDNS must be the IP address of the Pod that sent the request. cluster.local { autopath @kubernetes @@ -206,14 +207,20 @@ or the word "any"), then that label will match all values. The labels that acce The kubernetes plugin will publish the following metadata, if the *metadata* plugin is also enabled: - * kubernetes/endpoint: the endpoint name in the query - * kubernetes/kind: the resource kind (pod or svc) in the query - * kubernetes/namespace: the namespace in the query - * kubernetes/port-name: the port name in an SRV query - * kubernetes/protocol: the protocol in an SRV query - * kubernetes/service: the service name in the query - * kubernetes/client-namespace: the client pod's namespace, if `pods verified` mode is enabled - * kubernetes/client-pod-name: the client pod's name, if `pods verified` mode is enabled + * `kubernetes/endpoint`: the endpoint name in the query + * `kubernetes/kind`: the resource kind (pod or svc) in the query + * `kubernetes/namespace`: the namespace in the query + * `kubernetes/port-name`: the port name in an SRV query + * `kubernetes/protocol`: the protocol in an SRV query + * `kubernetes/service`: the service name in the query + * `kubernetes/client-namespace`: the client pod's namespace (see requirements below) + * `kubernetes/client-pod-name`: the client pod's name (see requirements below) + +The `kubernetes/client-namespace` and `kubernetes/client-pod-name` metadata work by reconciling the +client IP address in the DNS request packet to a known pod IP address. Therefore the following is required: + * `pods verified` mode must be enabled + * the remote IP address in the DNS packet received by CoreDNS must be the IP address + of the Pod that sent the request. ## Metrics |