* kubernetes: add multicluster support
Add multicluster support via Multi-Cluster Services API (MCS-API) via a
new option `multiclusterZones` in the kubernetes plugin.
When some multicluster zones are passed to the kubernetes plugin, it
will start watching the ServiceImport objects and its associated
EndpointSlices.
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
* kubernetes: implement xfr support for multicluster zones
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
---------
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
In kubernetes' audit logs you'll see:
"userAgent":"coredns/v0.0.0 (linux/amd64) kubernetes/$Format"
This change adds a userAgent to the requests made by CoreDNS against the kubernetes API:
"userAgent":"CoreDNS/v1.11.1 git_commit:ae2bbc29be1aaae0b3ded5d188968a6c97bb3144 (linux/amd64/go1.22)"
Signed-off-by: Manuel Rüger <manuel@rueg.eu>
* support v1 and v1beta1 endpointslice
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* update comments
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
When err=nil try to determine the version of the k8s cluster and disable
endpoint slices. Don't return from connecting to the cluster.
In the future we should just default to true, and delete all this code.
Signed-off-by: Miek Gieben <miek@miek.nl>
* support dual stack clusterIPs
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* stickler
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix ClusterIPs make
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* initial commit
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* convert endpointslices to object.endpoints
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add opt hard coded for now
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* check that server supports endpointslice
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix import grouping
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* dont use endpoint slice in 1.17 or 1.18
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* bump kind/k8s in circle ci to latest
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* drop k8s to latest supported by kind
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* use endpointslice name as endoint Name; index by Service name
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* use index key comparison in nsAddrs()
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add Index to object.Endpoint fixtures; fix direct endpoint name compares
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add slice dup check and test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* todo
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add ep-slice skew dup test for reverse
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* nsaddrs: de-dup ep-slice skew dups; add test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* remove todo
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* address various feedback
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* consolidate endpoint/slice informer code
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix endpoint informer consolidation; use clearer func name
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* log info; use major/minor fields
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix nsAddr and unit test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add latency tracking for endpointslices
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* endpointslice latency unit test & fix
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* code shuffling
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* rename endpointslices in tests
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* remove de-dup from nsAddrs and test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* remove de-dup from findServices / test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
The Kubernetes DNS specification schema version was
updated to 1.1.0 in order to support IPv6
Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
* use all local IPs
* mult/bind ips
* gofmt + boundIPs fix
* fix no matching endpoint case
* don't duplicate NS records in answer
* fix answer dedup
* fix comment
* add multi local ip test case
* fix external ns records
* use k8s service name for ns record
* update test, add func comment
* expand nsAddrs() test cases
* support local ipv6 ip
* use less confusing pod ip in test
Don't add pods to our internal cache that are being deleted. This saves
a field in the struct as well.
Add (extra) comments about adding fields to the
object/{Pod,Service,Endpoint} structs.
Signed-off-by: Miek Gieben <miek@miek.nl>
* kubernetes: never respond with NXDOMAIN for authority label
Return a nodata response when trying to resolve the authority's label
for a record type that doesn't match the record type of the authority.
This guards against poisoning the authority record by requesting the
wrong record type for the authority label. For instance, given an
authoritative resolver that uses subdomain delegation for Kubernetes
services of a cluster that's configured to use IPv4, the parent may be
poisoned by querying it for the authority label of the cluster subdomain
with a AAAA record type, which would otherwise (i.e. without this
change) return an NXDOMAIN. That is, given
cluster.example.com NS 10800 ns.dns.cluster.example.com
ns.dns.cluster.example.com A 10800 10.0.1.2
The parent may be poisoned for the SOA TTL by querying it for a AAAA
record of ns.dns.cluster.example.com, causing the parent to fail
delegate properly until the SOA TTL lapses.
* kubernetes: add tests for authority queries
* Remove context.Context from request.Request
This removes the context from request.Request and makes all the changes
in the code to make it compile again. It's all mechanical. It did
unearth some weirdness in that the context was kept in handler structs
which may cause havoc with concurrently handling of requests.
Fixes#2721
Signed-off-by: Miek Gieben <miek@miek.nl>
* Make test compile
Signed-off-by: Miek Gieben <miek@miek.nl>
This fix deprecates endpoints for out-of-cluster k8s api,
The Corefile still takes multiple endpoints though only
the first one is used. A warning is shown if there are
multiple endpoints.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
