Handle services of type ExternalName by returning a CNAME #11790
Conversation
smarterclayton
force-pushed
the
support_external_name_dns
branch
from
a55e1ed to
8f5bf24
Compare
|
Wow that took me way too long to figure out the bash craziness in the extended dns test for verifying that dig is working correctly :p. LGTM |
|
I blame Tim Hockin. He's crazy, and I didn't want to rewrite those. On Nov 4, 2016, at 3:49 PM, Andy Goldstein [email protected] wrote: Wow that took me way too long to figure out the bash craziness in the LGTM — |
| @@ -140,8 +140,13 @@ func (b *ServiceResolver) Records(dnsName string, exact bool) ([]msg.Service, er | |||
|
|
|||
| // if has a portal IP and looking at svc | |||
| if svc.Spec.ClusterIP != kapi.ClusterIPNone && !retrieveEndpoints { | |||
| hostValue := svc.Spec.ClusterIP | |||
| if svc.Spec.Type == kapi.ServiceTypeExternalName { | |||
There was a problem hiding this comment.
is this only valid if len(svc.Spec.ClusterIP) == 0?
There was a problem hiding this comment.
Yes, but type dominates clusterIP
| @@ -128,7 +128,7 @@ func (b *ServiceResolver) Records(dnsName string, exact bool) ([]msg.Service, er | |||
| } | |||
|
|
|||
| // no clusterIP and not headless, no DNS | |||
| if len(svc.Spec.ClusterIP) == 0 { | |||
| if len(svc.Spec.ClusterIP) == 0 && svc.Spec.Type != kapi.ServiceTypeExternalName { | |||
There was a problem hiding this comment.
is there any security implication to letting the user control the CNAME that comes back from a DNS query?
There was a problem hiding this comment.
You can already set up a proxy at that name that points to any server. TLS only trusts the name the user gives, not the other way around. Also, you trust the name and the thing the name points to already.
smarterclayton
force-pushed
the
support_external_name_dns
branch
from
8f5bf24 to
ef10971
Compare
| @@ -128,7 +128,7 @@ func (b *ServiceResolver) Records(dnsName string, exact bool) ([]msg.Service, er | |||
| } | |||
|
|
|||
| // no clusterIP and not headless, no DNS | |||
| if len(svc.Spec.ClusterIP) == 0 { | |||
| if len(svc.Spec.ClusterIP) == 0 && svc.Spec.Type != kapi.ServiceTypeExternalName { | |||
| @@ -140,8 +140,13 @@ func (b *ServiceResolver) Records(dnsName string, exact bool) ([]msg.Service, er | |||
|
|
|||
| // if has a portal IP and looking at svc | |||
| if svc.Spec.ClusterIP != kapi.ClusterIPNone && !retrieveEndpoints { | |||
| hostValue := svc.Spec.ClusterIP | |||
| if svc.Spec.Type == kapi.ServiceTypeExternalName { | |||
|
[test] |
Compliance with Kube 1.4
smarterclayton
force-pushed
the
support_external_name_dns
branch
from
ef10971 to
a3f4e25
Compare
|
Evaluated for origin test up to a3f4e25 |
|
continuous-integration/openshift-jenkins/test FAILURE (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/11172/) (Base Commit: 046fad4) |
|
[merge](test passed) |
|
Evaluated for origin merge up to a3f4e25 |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/11182/) (Base Commit: 3c28ed4) (Image: devenv-rhel7_5325) |
Compliance with Kube 1.4
@ncdc [test]