plugin/kubernetes: partial fix for crazy pod queries (#1349)

This is probably the first in a series to fix "crazy" pod queries. If the namespace doesn't exist return NXDOMAIN. It might be worth extending this 1:1 to findServices as well.

plugin/kubernetes: partial fix for crazy pod queries (#1349)
This is probably the first in a series to fix "crazy" pod queries. If the namespace doesn't exist return NXDOMAIN. It might be worth extending this 1:1 to findServices as well.
f6218937 · Miek Gieben · GitHub · 58221f55 · f6218937 · f6218937
Commit f6218937 authored Jan 05, 2018 by Miek Gieben Committed by GitHub Jan 05, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 9 deletions

plugin/kubernetes/handler_pod_insecure_test.go plugin/kubernetes/handler_pod_insecure_test.go +7 -0

plugin/kubernetes/kubernetes.go plugin/kubernetes/kubernetes.go +13 -9

No files found.
--- a/plugin/kubernetes/handler_pod_insecure_test.go
+++ b/plugin/kubernetes/handler_pod_insecure_test.go
@@ -25,6 +25,13 @@ var podModeInsecureCases = []test.Case{
 			test.A("172-0-0-2.podns.pod.cluster.local.	5	IN	A	172.0.0.2"),
 		},
 	},
+	{
+		Qname: "blah.pod-nons.pod.cluster.local.", Qtype: dns.TypeA,
+		Rcode: dns.RcodeNameError,
+		Ns: []dns.RR{
+			test.SOA("cluster.local.	300	IN	SOA	ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"),
+		},
+	},
 }

 func TestServeDNSModeInsecure(t *testing.T) {

--- a/plugin/kubernetes/kubernetes.go
+++ b/plugin/kubernetes/kubernetes.go
@@ -311,14 +311,6 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service,
 	zonePath := msg.Path(zone, "coredns")
 	ip := ""

-	err = errNoItems
-	if wildcard(podname) && !wildcard(namespace) {
-		// If namespace exist, err should be nil, so that we return nodata instead of NXDOMAIN
-		if k.namespace(namespace) {
-			err = nil
-		}
-	}
-
 	if strings.Count(podname, "-") == 3 && !strings.Contains(podname, "--") {
 		ip = strings.Replace(podname, "-", ".", -1)
 	} else {
@@ -326,7 +318,18 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service,
 	}

 	if k.podMode == podModeInsecure {
-		return []msg.Service{{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl}}, nil
+		if !wildcard(namespace) && !k.namespace(namespace) { // no wildcard, but namespace does not exist
+			return nil, errNoItems
+		}
+		return []msg.Service{{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl}}, err
+	}
+
+	err = errNoItems
+	if wildcard(podname) && !wildcard(namespace) {
+		// If namespace exist, err should be nil, so that we return nodata instead of NXDOMAIN
+		if k.namespace(namespace) {
+			err = nil
+		}
 	}

 	// PodModeVerified
@@ -335,6 +338,7 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service,
 		if wildcard(namespace) && !k.namespaceExposed(p.Namespace) {
 			continue
 		}
+
 		// check for matching ip and namespace
 		if ip == p.Status.PodIP && match(namespace, p.Namespace) {
 			s := msg.Service{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl}