mirror of
https://github.com/coredns/coredns.git
synced 2025-11-02 10:13:14 -05:00
Miek Gieben
@@ -23,7 +23,7 @@ endpoints need to be drained from it.
|
|||||||
every 10 seconds. The plugin hands out responses that adhere to these assignments. Each DNS response
|
every 10 seconds. The plugin hands out responses that adhere to these assignments. Each DNS response
|
||||||
contains a single IP address that's considered the best one. *Traffic* will load balance A and AAAA
|
contains a single IP address that's considered the best one. *Traffic* will load balance A and AAAA
|
||||||
queries. The TTL on these answer is set to 5s. It will only return successful responses either with
|
queries. The TTL on these answer is set to 5s. It will only return successful responses either with
|
||||||
an answer or otherwise a NODATA response. NXDOMAIN responses will *never* be sent.
|
an answer or otherwise a NODATA response. Queries for non-existent clusters get a NXDOMAIN.
|
||||||
|
|
||||||
The *traffic* plugin has no notion of draining, drop overload and anything that advanced, *it just
|
The *traffic* plugin has no notion of draining, drop overload and anything that advanced, *it just
|
||||||
acts upon assignments*. This is means that if a endpoint goes down and *traffic* has not seen a new
|
acts upon assignments*. This is means that if a endpoint goes down and *traffic* has not seen a new
|
||||||
@@ -35,8 +35,9 @@ assignment yet, it will still include this endpoint address in responses.
|
|||||||
traffic TO...
|
traffic TO...
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
* **TO...** are the Envoy control plane endpoint to connect to. The syntax mimics the *forward*
|
This enabled the *traffic* plugin, with a default node id of `coredns` and no TLS.
|
||||||
plugin and must start with `grpc://`.
|
|
||||||
|
* **TO...** are the Envoy control plane endpoint to connect to. This must start with `grpc://`.
|
||||||
|
|
||||||
The extended syntax is available is you want more control.
|
The extended syntax is available is you want more control.
|
||||||
|
|
||||||
@@ -46,7 +47,7 @@ traffic TO... {
|
|||||||
node ID
|
node ID
|
||||||
tls CERT KEY CA
|
tls CERT KEY CA
|
||||||
tls_servername NAME
|
tls_servername NAME
|
||||||
}
|
}
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
* node **ID** is how *traffic* identifies itself to the control plane. This defaults to `coredns`.
|
* node **ID** is how *traffic* identifies itself to the control plane. This defaults to `coredns`.
|
||||||
@@ -57,7 +58,7 @@ traffic TO... {
|
|||||||
* `tls` **CA** - no client authentication is used, and the file CA is used to verify the server certificate
|
* `tls` **CA** - no client authentication is used, and the file CA is used to verify the server certificate
|
||||||
* `tls` **CERT** **KEY** - client authentication is used with the specified cert/key pair.
|
* `tls` **CERT** **KEY** - client authentication is used with the specified cert/key pair.
|
||||||
The server certificate is verified with the system CAs.
|
The server certificate is verified with the system CAs.
|
||||||
* `tls` **CERT** **KEY** **CA** - client authentication is used with the specified cert/key pair.
|
* `tls` **CERT** **KEY** **CA** - client authentication is used with the specified cert/key pair.
|
||||||
The server certificate is verified using the specified CA file.
|
The server certificate is verified using the specified CA file.
|
||||||
|
|
||||||
* `tls_servername` **NAME** allows you to set a server name in the TLS configuration. This is needed
|
* `tls_servername` **NAME** allows you to set a server name in the TLS configuration. This is needed
|
||||||
@@ -120,9 +121,9 @@ Multiple **TO** addresses is not implemented.
|
|||||||
|
|
||||||
## TODO
|
## TODO
|
||||||
|
|
||||||
* reconnecting the stream
|
|
||||||
* acking responses
|
* acking responses
|
||||||
* correctly tracking versions and pruning old clusters.
|
* correctly tracking versions and pruning old clusters.
|
||||||
* metrics?
|
* metrics?
|
||||||
|
* how to exactly deal with health status from the endpoints.
|
||||||
* testing
|
* testing
|
||||||
* credentials (other than TLS)
|
* credentials (other than TLS) - how/what?
|
||||||
|
|||||||
@@ -39,18 +39,20 @@ func (t *Traffic) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg
|
|||||||
return plugin.NextOrFailure(t.Name(), t.Next, ctx, w, r)
|
return plugin.NextOrFailure(t.Name(), t.Next, ctx, w, r)
|
||||||
}
|
}
|
||||||
|
|
||||||
addr := t.c.Select(cluster)
|
|
||||||
if addr != nil {
|
|
||||||
log.Debugf("Found endpoint %q for %q", addr, cluster)
|
|
||||||
} else {
|
|
||||||
log.Debugf("No healthy endpoints found for %q", cluster)
|
|
||||||
}
|
|
||||||
|
|
||||||
m := new(dns.Msg)
|
m := new(dns.Msg)
|
||||||
m.SetReply(r)
|
m.SetReply(r)
|
||||||
m.Authoritative = true
|
m.Authoritative = true
|
||||||
|
|
||||||
|
addr, ok := t.c.Select(cluster)
|
||||||
|
if !ok {
|
||||||
|
m.Ns = soa(state.Zone)
|
||||||
|
m.Rcode = dns.RcodeNameError
|
||||||
|
w.WriteMsg(m)
|
||||||
|
return 0, nil
|
||||||
|
}
|
||||||
|
|
||||||
if addr == nil {
|
if addr == nil {
|
||||||
|
log.Debugf("No (healthy) endpoints found for %q", cluster)
|
||||||
m.Ns = soa(state.Zone)
|
m.Ns = soa(state.Zone)
|
||||||
w.WriteMsg(m)
|
w.WriteMsg(m)
|
||||||
return 0, nil
|
return 0, nil
|
||||||
|
|||||||
@@ -54,10 +54,10 @@ func (a *assignment) clusters() []string {
|
|||||||
|
|
||||||
// Select selects a backend from cla, using weighted random selection. It only selects
|
// Select selects a backend from cla, using weighted random selection. It only selects
|
||||||
// backends that are reporting healthy.
|
// backends that are reporting healthy.
|
||||||
func (a *assignment) Select(cluster string) net.IP {
|
func (a *assignment) Select(cluster string) (net.IP, bool) {
|
||||||
cla := a.clusterLoadAssignment(cluster)
|
cla := a.clusterLoadAssignment(cluster)
|
||||||
if cla == nil {
|
if cla == nil {
|
||||||
return nil
|
return nil, false
|
||||||
}
|
}
|
||||||
|
|
||||||
total := 0
|
total := 0
|
||||||
@@ -81,7 +81,7 @@ func (a *assignment) Select(cluster string) net.IP {
|
|||||||
// continue
|
// continue
|
||||||
// }
|
// }
|
||||||
if r == i {
|
if r == i {
|
||||||
return net.ParseIP(lb.GetEndpoint().GetAddress().GetSocketAddress().GetAddress())
|
return net.ParseIP(lb.GetEndpoint().GetAddress().GetSocketAddress().GetAddress()), true
|
||||||
}
|
}
|
||||||
i++
|
i++
|
||||||
}
|
}
|
||||||
@@ -98,9 +98,9 @@ func (a *assignment) Select(cluster string) net.IP {
|
|||||||
// }
|
// }
|
||||||
r -= int(lb.GetLoadBalancingWeight().GetValue())
|
r -= int(lb.GetLoadBalancingWeight().GetValue())
|
||||||
if r <= 0 {
|
if r <= 0 {
|
||||||
return net.ParseIP(lb.GetEndpoint().GetAddress().GetSocketAddress().GetAddress())
|
return net.ParseIP(lb.GetEndpoint().GetAddress().GetSocketAddress().GetAddress()), true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return nil
|
return nil, false
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -216,5 +216,6 @@ func (c *Client) Receive(stream adsStream) error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Select returns an address that is deemed to be the correct one for this cluster.
|
// Select returns an address that is deemed to be the correct one for this cluster. The returned
|
||||||
func (c *Client) Select(cluster string) net.IP { return c.assignments.Select(cluster) }
|
// boolean indicates if the cluster exists.
|
||||||
|
func (c *Client) Select(cluster string) (net.IP, bool) { return c.assignments.Select(cluster) }
|
||||||
|
|||||||
Reference in New Issue
Block a user