Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-10-30 17:53:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

Pod insecure2 (#479)

Browse Source 
* return servfail for pod rqsts when pods disabled

* Add integration test for disabled pod mode
This commit is contained in:
Chris O'Haver
2017-01-12 11:57:00 -05:00
committed by John Belamaric
parent 2e366459c5
commit b6a2a5aeaa
2 changed files with 46 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
middleware/kubernetes/kubernetes.go
View File

@@ -341,7 +341,7 @@ func ipFromPodName(podname string) string {
func (k *Kubernetes) findPods(namespace, podname string) (pods []pod, err error) { func (k *Kubernetes) findPods(namespace, podname string) (pods []pod, err error) {
if k.PodMode == PodModeDisabled { if k.PodMode == PodModeDisabled {
return pods, nil return pods, errors.New("pod records disabled")
} }
var ip string var ip string

67
test/kubernetes_test.go
View File

@@ -196,14 +196,7 @@ var dnsTestCases = []test.Case{
}, },
{ {
Qname: "10-20-0-101.test-1.pod.cluster.local.", Qtype: dns.TypeA, Qname: "10-20-0-101.test-1.pod.cluster.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeSuccess, Rcode: dns.RcodeServerFailure,
Answer: []dns.RR{
test.A("10-20-0-101.test-1.pod.cluster.local. 0 IN A 10.20.0.101"),
},
},
{
Qname: "10-20-0-101.test-X.pod.cluster.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeNameError,
Answer: []dns.RR{}, Answer: []dns.RR{},
}, },
{ {
@@ -227,6 +220,21 @@ var dnsTestCases = []test.Case{
}, },
} }
var dnsTestCasesPodsInsecure = []test.Case{
{
Qname: "10-20-0-101.test-1.pod.cluster.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeSuccess,
Answer: []dns.RR{
test.A("10-20-0-101.test-1.pod.cluster.local. 0 IN A 10.20.0.101"),
},
},
{
Qname: "10-20-0-101.test-X.pod.cluster.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeNameError,
Answer: []dns.RR{},
},
}
func createTestServer(t *testing.T, corefile string) (*caddy.Instance, string) { func createTestServer(t *testing.T, corefile string) (*caddy.Instance, string) {
server, err := CoreDNSServer(corefile) server, err := CoreDNSServer(corefile)
if err != nil { if err != nil {
@@ -241,19 +249,7 @@ func createTestServer(t *testing.T, corefile string) (*caddy.Instance, string) {
return server, udp return server, udp
} }
func TestKubernetesIntegration(t *testing.T) { func doIntegrationTests(t *testing.T, corefile string, testCases []test.Case) {
t.Parallel()
corefile :=
`.:0 {
kubernetes cluster.local 0.0.10.in-addr.arpa {
endpoint http://localhost:8080
#endpoint https://kubernetes/
#tls admin.pem admin-key.pem ca.pem
#tls k8s_auth/client2.crt k8s_auth/client2.key k8s_auth/ca2.crt
namespaces test-1
pods insecure
}
`
server, udp := createTestServer(t, corefile) server, udp := createTestServer(t, corefile)
defer server.Stop() defer server.Stop()
@@ -261,7 +257,7 @@ func TestKubernetesIntegration(t *testing.T) {
// test environment. // test environment.
time.Sleep(5 * time.Second) time.Sleep(5 * time.Second)
for _, tc := range dnsTestCases { for _, tc := range testCases {
dnsClient := new(dns.Client) dnsClient := new(dns.Client)
dnsMessage := new(dns.Msg) dnsMessage := new(dns.Msg)
@@ -285,3 +281,30 @@ func TestKubernetesIntegration(t *testing.T) {
//TODO: Check the actual RR values //TODO: Check the actual RR values
} }
} }
func TestKubernetesIntegration(t *testing.T) {
corefile :=
`.:0 {
kubernetes cluster.local 0.0.10.in-addr.arpa {
endpoint http://localhost:8080
#endpoint https://kubernetes/
#tls admin.pem admin-key.pem ca.pem
#tls k8s_auth/client2.crt k8s_auth/client2.key k8s_auth/ca2.crt
namespaces test-1
pods disabled
}
`
doIntegrationTests(t, corefile, dnsTestCases)
}
func TestKubernetesIntegrationPodsInsecure(t *testing.T) {
corefile :=
`.:0 {
kubernetes cluster.local 0.0.10.in-addr.arpa {
endpoint http://localhost:8080
namespaces test-1
pods insecure
}
`
doIntegrationTests(t, corefile, dnsTestCasesPodsInsecure)
}