diff options
| -rw-r--r-- | plugin/kubernetes/README.md | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/plugin/kubernetes/README.md b/plugin/kubernetes/README.md index eb9b59bb2..654e6526f 100644 --- a/plugin/kubernetes/README.md +++ b/plugin/kubernetes/README.md @@ -173,7 +173,8 @@ upstreamNameservers: | The *kubernetes* plugin can be used in conjunction with the *autopath* plugin. Using this feature enables server-side domain search path completion in Kubernetes clusters. Note: `pods` must -be set to `verified` for this to function properly. +be set to `verified` for this to function properly. Furthermore, the remote IP address in the DNS +packet received by CoreDNS must be the IP address of the Pod that sent the request. cluster.local { autopath @kubernetes @@ -206,14 +207,20 @@ or the word "any"), then that label will match all values. The labels that acce The kubernetes plugin will publish the following metadata, if the *metadata* plugin is also enabled: - * kubernetes/endpoint: the endpoint name in the query - * kubernetes/kind: the resource kind (pod or svc) in the query - * kubernetes/namespace: the namespace in the query - * kubernetes/port-name: the port name in an SRV query - * kubernetes/protocol: the protocol in an SRV query - * kubernetes/service: the service name in the query - * kubernetes/client-namespace: the client pod's namespace, if `pods verified` mode is enabled - * kubernetes/client-pod-name: the client pod's name, if `pods verified` mode is enabled + * `kubernetes/endpoint`: the endpoint name in the query + * `kubernetes/kind`: the resource kind (pod or svc) in the query + * `kubernetes/namespace`: the namespace in the query + * `kubernetes/port-name`: the port name in an SRV query + * `kubernetes/protocol`: the protocol in an SRV query + * `kubernetes/service`: the service name in the query + * `kubernetes/client-namespace`: the client pod's namespace (see requirements below) + * `kubernetes/client-pod-name`: the client pod's name (see requirements below) + +The `kubernetes/client-namespace` and `kubernetes/client-pod-name` metadata work by reconciling the +client IP address in the DNS request packet to a known pod IP address. Therefore the following is required: + * `pods verified` mode must be enabled + * the remote IP address in the DNS packet received by CoreDNS must be the IP address + of the Pod that sent the request. ## Metrics |