aboutsummaryrefslogtreecommitdiff
path: root/middleware/kubernetes/kubernetes.go
diff options
context:
space:
mode:
Diffstat (limited to 'middleware/kubernetes/kubernetes.go')
-rw-r--r--middleware/kubernetes/kubernetes.go28
1 files changed, 25 insertions, 3 deletions
diff --git a/middleware/kubernetes/kubernetes.go b/middleware/kubernetes/kubernetes.go
index 9141cd40a..c59f98835 100644
--- a/middleware/kubernetes/kubernetes.go
+++ b/middleware/kubernetes/kubernetes.go
@@ -45,6 +45,7 @@ type Kubernetes struct {
const (
PodModeDisabled = "disabled" // default. pod requests are ignored
+ PodModeVerified = "verified" // Pod requests are answered only if they exist
PodModeInsecure = "insecure" // ALL pod requests are answered without verfying they exist
DnsSchemaVersion = "1.0.0" // https://github.com/kubernetes/dns/blob/master/docs/specification.md
)
@@ -197,7 +198,7 @@ func (k *Kubernetes) InitKubeCache() error {
log.Printf("[INFO] Kubernetes middleware configured with the label selector '%s'. Only kubernetes objects matching this label selector will be exposed.", unversionedapi.FormatLabelSelector(k.LabelSelector))
}
- k.APIConn = newdnsController(kubeClient, k.ResyncPeriod, k.Selector)
+ k.APIConn = newdnsController(kubeClient, k.ResyncPeriod, k.Selector, k.PodMode == PodModeVerified)
return err
}
@@ -384,9 +385,30 @@ func (k *Kubernetes) findPods(namespace, podname string) (pods []pod, err error)
return pods, nil
}
- // TODO: implement cache verified pod responses
- return pods, nil
+ // PodModeVerified
+ objList, err := k.APIConn.podLister.Indexer.ByIndex(podIPIndex, ip)
+ if err != nil {
+ return nil, err
+ }
+ nsWildcard := symbolContainsWildcard(namespace)
+ for _, o := range objList {
+ p, ok := o.(*api.Pod)
+ if !ok {
+ return nil, errors.New("expected type *api.Pod")
+ }
+ // If namespace has a wildcard, filter results against Corefile namespace list.
+ if nsWildcard && (len(k.Namespaces) > 0) && (!dnsstrings.StringInSlice(p.Namespace, k.Namespaces)) {
+ continue
+ }
+ // check for matching ip and namespace
+ if ip == p.Status.PodIP && symbolMatches(namespace, p.Namespace, nsWildcard) {
+ s := pod{name: podname, namespace: namespace, addr: ip}
+ pods = append(pods, s)
+ return pods, nil
+ }
+ }
+ return pods, nil
}
// Get retrieves matching data from the cache.
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-04 14:26:21 +0000