| Lorenz Brun | fa5c2fc | 2020-09-28 13:32:12 +0200 | [diff] [blame^] | 1 | // Copyright 2020 The Monogon Project Authors. |
| 2 | // |
| 3 | // SPDX-License-Identifier: Apache-2.0 |
| 4 | // |
| 5 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | // you may not use this file except in compliance with the License. |
| 7 | // You may obtain a copy of the License at |
| 8 | // |
| 9 | // http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | // |
| 11 | // Unless required by applicable law or agreed to in writing, software |
| 12 | // distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | // See the License for the specific language governing permissions and |
| 15 | // limitations under the License. |
| 16 | |
| 17 | package dns |
| 18 | |
| 19 | import ( |
| 20 | "fmt" |
| 21 | "net" |
| 22 | "strings" |
| 23 | ) |
| 24 | |
| 25 | // Type ExtraDirective contains additional config directives for CoreDNS. |
| 26 | type ExtraDirective struct { |
| 27 | // ID is the identifier of this directive. There can only be one directive with a given ID active at once. |
| 28 | // The ID is also used to identify which directive to purge. |
| 29 | ID string |
| 30 | // directive contains a full CoreDNS directive as a string. It can also use the $FILE(<filename>) macro, |
| 31 | // which will be expanded to the path of a file from the files field. |
| 32 | directive string |
| 33 | // files contains additional files used in the configuration. The map key is used as the filename. |
| 34 | files map[string][]byte |
| 35 | } |
| 36 | |
| 37 | // NewUpstreamDirective creates a forward with no fallthrough that forwards all requests not yet matched to the given |
| 38 | // upstream DNS servers. |
| 39 | func NewUpstreamDirective(dnsServers []net.IP) *ExtraDirective { |
| 40 | strb := strings.Builder{} |
| 41 | if len(dnsServers) > 0 { |
| 42 | strb.WriteString("forward .") |
| 43 | for _, ip := range dnsServers { |
| 44 | strb.WriteString(" ") |
| 45 | strb.WriteString(ip.String()) |
| 46 | } |
| 47 | } |
| 48 | return &ExtraDirective{ |
| 49 | directive: strb.String(), |
| 50 | } |
| 51 | } |
| 52 | |
| 53 | var kubernetesDirective = ` |
| 54 | kubernetes %v in-addr.arpa ip6.arpa { |
| 55 | kubeconfig $FILE(kubeconfig) default |
| 56 | pods insecure |
| 57 | fallthrough in-addr.arpa ip6.arpa |
| 58 | ttl 30 |
| 59 | } |
| 60 | ` |
| 61 | |
| 62 | // NewKubernetesDirective creates a directive running a "Kubernetes DNS-Based Service Discovery" [1] compliant service |
| 63 | // under clusterDomain. The given kubeconfig needs at least read access to services, endpoints and endpointslices. |
| 64 | // [1] https://github.com/kubernetes/dns/blob/master/docs/specification.md |
| 65 | func NewKubernetesDirective(clusterDomain string, kubeconfig []byte) *ExtraDirective { |
| 66 | return &ExtraDirective{ |
| 67 | ID: "k8s-clusterdns", |
| 68 | directive: fmt.Sprintf(kubernetesDirective, clusterDomain), |
| 69 | files: map[string][]byte{ |
| 70 | "kubeconfig": kubeconfig, |
| 71 | }, |
| 72 | } |
| 73 | } |