diff options
| author |  Miek Gieben <miek@miek.nl>
| 2018-01-06 15:56:54 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2018-01-06 15:56:54 +0000 |
| commit | 75a8a17da4fc95c086dfb447d29c02e7dbd05561 (patch) | |
| tree | b6277f3344a0bbbd00f1a4b33c3aa2480b0c75dc /plugin | |
| parent | a8e268e33b35d1ebea57a2bf825e16b0a717925b (diff) | |
| download | coredns-75a8a17da4fc95c086dfb447d29c02e7dbd05561.tar.gz coredns-75a8a17da4fc95c086dfb447d29c02e7dbd05561.tar.zst coredns-75a8a17da4fc95c086dfb447d29c02e7dbd05561.zip | |
plugin/kubernetes: fix pod insecure mode (#1354)
Fixes #1331
Diffstat (limited to 'plugin')
| -rw-r--r-- | plugin/backend.go | 4 | ||||
| -rw-r--r-- | plugin/kubernetes/handler_pod_insecure_test.go | 28 | ||||
| -rw-r--r-- | plugin/kubernetes/kubernetes.go | 6 |
3 files changed, 36 insertions, 2 deletions
diff --git a/plugin/backend.go b/plugin/backend.go index 7b5b2f467..fad61d418 100644 --- a/plugin/backend.go +++ b/plugin/backend.go @@ -9,8 +9,8 @@ import ( // ServiceBackend defines a (dynamic) backend that returns a slice of service definitions. type ServiceBackend interface { - // Services communicates with the backend to retrieve the service definition. Exact indicates - // on exact much are that we are allowed to recurs. + // Services communicates with the backend to retrieve the service definitions. Exact indicates + // on exact match should be returned. Services(state request.Request, exact bool, opt Options) ([]msg.Service, error) // Reverse communicates with the backend to retrieve service definition based on a IP address diff --git a/plugin/kubernetes/handler_pod_insecure_test.go b/plugin/kubernetes/handler_pod_insecure_test.go index 6dcfd5629..b086f3fe6 100644 --- a/plugin/kubernetes/handler_pod_insecure_test.go +++ b/plugin/kubernetes/handler_pod_insecure_test.go @@ -26,12 +26,40 @@ var podModeInsecureCases = []test.Case{ }, }, { + Qname: "blah.podns.pod.cluster.local.", Qtype: dns.TypeA, + Rcode: dns.RcodeNameError, + Ns: []dns.RR{ + test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"), + }, + }, + { + Qname: "blah.podns.pod.cluster.local.", Qtype: dns.TypeAAAA, + Rcode: dns.RcodeNameError, + Ns: []dns.RR{ + test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"), + }, + }, + { + Qname: "blah.podns.pod.cluster.local.", Qtype: dns.TypeHINFO, + Rcode: dns.RcodeNameError, + Ns: []dns.RR{ + test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"), + }, + }, + { Qname: "blah.pod-nons.pod.cluster.local.", Qtype: dns.TypeA, Rcode: dns.RcodeNameError, Ns: []dns.RR{ test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"), }, }, + { + Qname: "podns.pod.cluster.local.", Qtype: dns.TypeA, + Rcode: dns.RcodeNameError, + Ns: []dns.RR{ + test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"), + }, + }, } func TestServeDNSModeInsecure(t *testing.T) { diff --git a/plugin/kubernetes/kubernetes.go b/plugin/kubernetes/kubernetes.go index 4e79738e7..785a16ae3 100644 --- a/plugin/kubernetes/kubernetes.go +++ b/plugin/kubernetes/kubernetes.go @@ -321,6 +321,12 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service, if !wildcard(namespace) && !k.namespace(namespace) { // no wildcard, but namespace does not exist return nil, errNoItems } + + // If ip does not parse as an IP address, we return an error, otherwise we assume a CNAME and will try to resolve it in backend_lookup.go + if net.ParseIP(ip) == nil { + return nil, errNoItems + } + return []msg.Service{{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl}}, err } |