diff options
| -rw-r--r-- | plugin/kubernetes/handler_pod_insecure_test.go | 2 | ||||
| -rw-r--r-- | plugin/kubernetes/handler_test.go | 7 | ||||
| -rw-r--r-- | plugin/kubernetes/kubernetes.go | 22 | ||||
| -rw-r--r-- | plugin/kubernetes/parse.go | 8 |
4 files changed, 33 insertions, 6 deletions
diff --git a/plugin/kubernetes/handler_pod_insecure_test.go b/plugin/kubernetes/handler_pod_insecure_test.go index 160ba451d..0eb6598d9 100644 --- a/plugin/kubernetes/handler_pod_insecure_test.go +++ b/plugin/kubernetes/handler_pod_insecure_test.go @@ -55,7 +55,7 @@ var podModeInsecureCases = []test.Case{ }, { Qname: "podns.pod.cluster.local.", Qtype: dns.TypeA, - Rcode: dns.RcodeNameError, + Rcode: dns.RcodeSuccess, Ns: []dns.RR{ test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"), }, diff --git a/plugin/kubernetes/handler_test.go b/plugin/kubernetes/handler_test.go index c930e538e..fa4a698ad 100644 --- a/plugin/kubernetes/handler_test.go +++ b/plugin/kubernetes/handler_test.go @@ -323,6 +323,13 @@ var dnsTestCases = []test.Case{ test.SOA("cluster.local. 303 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1499347823 7200 1800 86400 60"), }, }, + { + Qname: "testns.svc.cluster.local.", Qtype: dns.TypeA, + Rcode: dns.RcodeSuccess, + Ns: []dns.RR{ + test.SOA("cluster.local. 303 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1499347823 7200 1800 86400 60"), + }, + }, } func TestServeDNS(t *testing.T) { diff --git a/plugin/kubernetes/kubernetes.go b/plugin/kubernetes/kubernetes.go index eaadb142c..4bdcd4877 100644 --- a/plugin/kubernetes/kubernetes.go +++ b/plugin/kubernetes/kubernetes.go @@ -343,6 +343,16 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service, zonePath := msg.Path(zone, "coredns") ip := "" + // handle empty pod name + if podname == "" { + if k.namespace(namespace) || wildcard(namespace) { + // NODATA + return nil, nil + } + // NXDOMAIN + return nil, errNoItems + } + if strings.Count(podname, "-") == 3 && !strings.Contains(podname, "--") { ip = strings.Replace(podname, "-", ".", -1) } else { @@ -362,6 +372,7 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service, return []msg.Service{{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl}}, err } + // PodModeVerified err = errNoItems if wildcard(podname) && !wildcard(namespace) { // If namespace exist, err should be nil, so that we return nodata instead of NXDOMAIN @@ -370,7 +381,6 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service, } } - // PodModeVerified for _, p := range k.APIConn.PodIndex(ip) { // If namespace has a wildcard, filter results against Corefile namespace list. if wildcard(namespace) && !k.namespaceExposed(p.Namespace) { @@ -411,6 +421,16 @@ func (k *Kubernetes) findServices(r recordRequest, zone string) (services []msg. serviceList []*api.Service ) + // handle empty service name + if r.service == "" { + if k.namespace(r.namespace) || wildcard(r.namespace) { + // NODATA + return nil, nil + } + // NXDOMAIN + return nil, errNoItems + } + if wildcard(r.service) || wildcard(r.namespace) { serviceList = k.APIConn.ServiceList() endpointsListFunc = func() []*api.Endpoints { return k.APIConn.EndpointsList() } diff --git a/plugin/kubernetes/parse.go b/plugin/kubernetes/parse.go index db7239827..60d2d3402 100644 --- a/plugin/kubernetes/parse.go +++ b/plugin/kubernetes/parse.go @@ -43,10 +43,10 @@ func parseRequest(state request.Request) (r recordRequest, err error) { r.port = "*" r.protocol = "*" - r.service = "*" - r.namespace = "*" - // r.endpoint is the odd one out, we need to know if it has been set or not. If it is - // empty we should skip the endpoint check in k.get(). Hence we cannot set if to "*". + // for r.name, r.namespace and r.endpoint, we need to know if they have been set or not... + // For endpoint: if empty we should skip the endpoint check in k.get(). Hence we cannot set if to "*". + // For name: myns.svc.cluster.local != *.myns.svc.cluster.local + // For namespace: svc.cluster.local != *.svc.cluster.local // start at the right and fill out recordRequest with the bits we find, so we look for // pod|svc.namespace.service and then either |