Merge pull request #93 from tobiaskohlbau/master

add support for ipv6 addresses

Author: networkop

Tiltfile

@@ -41,7 +41,7 @@ k8s_yaml('./test/backend.yml')
 
 # Metallb
 helm_remote('metallb',
-            version="0.11.0",
+            version="0.12.1",
             repo_name='metallb',
             values=['./test/metallb-values.yaml'],
             repo_url='https://metallb.github.io/metallb')

apex_dual_test.go

@@ -2,7 +2,7 @@ package gateway
 
 import (
 	"context"
-	"net"
+	"net/netip"
 	"testing"
 
 	"github.com/coredns/coredns/plugin/pkg/dnstest"
@@ -15,13 +15,13 @@ import (
 func setupEmptyLookupFuncs() {
 
 	if resource := lookupResource("HTTPRoute"); resource != nil {
-		resource.lookup = func(_ []string) []net.IP { return []net.IP{} }
+		resource.lookup = func(_ []string) []netip.Addr { return []netip.Addr{} }
 	}
 	if resource := lookupResource("Ingress"); resource != nil {
-		resource.lookup = func(_ []string) []net.IP { return []net.IP{} }
+		resource.lookup = func(_ []string) []netip.Addr { return []netip.Addr{} }
 	}
 	if resource := lookupResource("Service"); resource != nil {
-		resource.lookup = func(_ []string) []net.IP { return []net.IP{} }
+		resource.lookup = func(_ []string) []netip.Addr { return []netip.Addr{} }
 	}
 }
 

charts/k8s-gateway/templates/deployment.yaml

@@ -20,8 +20,10 @@ spec:
         image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         args: [ "-conf", "/etc/coredns/Corefile" ]
+        {{- if .Values.secure }}
         securityContext:
           runAsUser: 1000
+        {{- end }}
         volumeMounts:
         - name: config-volume
           mountPath: /etc/coredns

charts/k8s-gateway/templates/service.yaml

@@ -32,3 +32,10 @@ spec:
   externalIPs:
     {{- toYaml . | nindent 4 }}
   {{- end }}
+  {{- if .Values.service.ipFamilyPolicy }}
+  ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }}
+  {{- end }}
+  {{- with .Values.service.ipFamilies }}
+  ipFamilies: 
+  {{- toYaml . | nindent 6 }}
+  {{- end -}}

charts/k8s-gateway/values.yaml

@@ -51,6 +51,13 @@ service:
   # externalTrafficPolicy: Local
   # externalIPs:
   #  - 192.168.1.3
+  # One of SingleStack, PreferDualStack, or RequireDualStack.
+  # ipFamilyPolicy: SingleStack
+  # List of IP families (e.g. IPv4 and/or IPv6).
+  # ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
+  # ipFamilies:
+  #   - IPv4
+  #   - IPv6
 
 nodeSelector: {}
 
@@ -63,3 +70,5 @@ priorityClassName: ""
 
 debug:
   enabled: false
+
+secure: true

gateway.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net"
+	"net/netip"
 	"strings"
 
 	"github.com/coredns/coredns/plugin"
@@ -12,14 +13,14 @@ import (
 	"github.com/miekg/dns"
 )
 
-type lookupFunc func(indexKeys []string) []net.IP
+type lookupFunc func(indexKeys []string) []netip.Addr
 
 type resourceWithIndex struct {
 	name   string
 	lookup lookupFunc
 }
 
-var noop lookupFunc = func([]string) (result []net.IP) { return }
+var noop lookupFunc = func([]string) (result []netip.Addr) { return }
 
 var orderedResources = []*resourceWithIndex{
 	{
@@ -143,7 +144,7 @@ func (gw *Gateway) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms
 		}
 	}
 
-	var addrs []net.IP
+	var addrs []netip.Addr
 
 	// Iterate over supported resources and lookup DNS queries
 	// Stop once we've found at least one match
@@ -163,10 +164,40 @@ func (gw *Gateway) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms
 	m := new(dns.Msg)
 	m.SetReply(state.Req)
 
+	var ipv4Addrs []netip.Addr
+	var ipv6Addrs []netip.Addr
+
+	for _, addr := range addrs {
+		if addr.Is4() {
+			ipv4Addrs = append(ipv4Addrs, addr)
+		}
+		if addr.Is6() {
+			ipv6Addrs = append(ipv6Addrs, addr)
+		}
+	}
+
 	switch state.QType() {
 	case dns.TypeA:
 
-		if len(addrs) == 0 {
+		if len(ipv4Addrs) == 0 {
+
+			if !isRootZoneQuery {
+				// No match, return NXDOMAIN
+				m.Rcode = dns.RcodeNameError
+			}
+
+			m.Ns = []dns.RR{gw.soa(state)}
+
+		} else {
+
+			m.Answer = gw.A(state.Name(), ipv4Addrs)
+			// Force to true to fix broken behaviour of legacy glibc `getaddrinfo`.
+			// See https://github.com/coredns/coredns/pull/3573
+			m.Authoritative = true
+		}
+	case dns.TypeAAAA:
+
+		if len(ipv6Addrs) == 0 {
 
 			if !isRootZoneQuery {
 				// No match, return NXDOMAIN
@@ -177,11 +208,12 @@ func (gw *Gateway) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms
 
 		} else {
 
-			m.Answer = gw.A(state.Name(), addrs)
+			m.Answer = gw.AAAA(state.Name(), ipv6Addrs)
 			// Force to true to fix broken behaviour of legacy glibc `getaddrinfo`.
 			// See https://github.com/coredns/coredns/pull/3573
 			m.Authoritative = true
 		}
+
 	case dns.TypeSOA:
 
 		// Force to true to fix broken behaviour of legacy glibc `getaddrinfo`.
@@ -218,12 +250,23 @@ func (gw *Gateway) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms
 func (gw *Gateway) Name() string { return thisPlugin }
 
 // A does the A-record lookup in ingress indexer
-func (gw *Gateway) A(name string, results []net.IP) (records []dns.RR) {
+func (gw *Gateway) A(name string, results []netip.Addr) (records []dns.RR) {
+	dup := make(map[string]struct{})
+	for _, result := range results {
+		if _, ok := dup[result.String()]; !ok {
+			dup[result.String()] = struct{}{}
+			records = append(records, &dns.A{Hdr: dns.RR_Header{Name: name, Rrtype: dns.TypeA, Class: dns.ClassINET, Ttl: gw.ttlLow}, A: net.ParseIP(result.String())})
+		}
+	}
+	return records
+}
+
+func (gw *Gateway) AAAA(name string, results []netip.Addr) (records []dns.RR) {
 	dup := make(map[string]struct{})
 	for _, result := range results {
 		if _, ok := dup[result.String()]; !ok {
 			dup[result.String()] = struct{}{}
-			records = append(records, &dns.A{Hdr: dns.RR_Header{Name: name, Rrtype: dns.TypeA, Class: dns.ClassINET, Ttl: gw.ttlLow}, A: result})
+			records = append(records, &dns.AAAA{Hdr: dns.RR_Header{Name: name, Rrtype: dns.TypeAAAA, Class: dns.ClassINET, Ttl: gw.ttlLow}, AAAA: net.ParseIP(result.String())})
 		}
 	}
 	return records
@@ -232,7 +275,7 @@ func (gw *Gateway) A(name string, results []net.IP) (records []dns.RR) {
 // SelfAddress returns the address of the local k8s_gateway service
 func (gw *Gateway) SelfAddress(state request.Request) (records []dns.RR) {
 
-	var addrs1, addrs2 []net.IP
+	var addrs1, addrs2 []netip.Addr
 	for _, resource := range gw.Resources {
 		results := resource.lookup([]string{gw.apex})
 		if len(results) > 0 {

gateway_test.go

@@ -3,7 +3,7 @@ package gateway
 import (
 	"context"
 	"errors"
-	"net"
+	"net/netip"
 	"strings"
 	"testing"
 
@@ -105,7 +105,7 @@ func TestPluginFallthrough(t *testing.T) {
 }
 
 var tests = []test.Case{
-	// Existing Service | Test 0
+	// Existing Service IPv4 | Test 0
 	{
 		Qname: "svc1.ns1.example.com.", Qtype: dns.TypeA, Rcode: dns.RcodeSuccess,
 		Answer: []dns.RR{
@@ -210,6 +210,13 @@ var tests = []test.Case{
 			test.A("shadow.example.com.	60	IN	A	192.0.2.4"),
 		},
 	},
+	// Existing Service IPv6 | Test 15
+	{
+		Qname: "svc1.ns1.example.com.", Qtype: dns.TypeAAAA, Rcode: dns.RcodeSuccess,
+		Answer: []dns.RR{
+			test.AAAA("svc1.ns1.example.com.	60	IN	AAAA	fd12:3456:789a:1::"),
+		},
+	},
 }
 
 var testsFallthrough = []FallthroughCase{
@@ -240,53 +247,53 @@ var testsFallthrough = []FallthroughCase{
 	},
 }
 
-var testServiceIndexes = map[string][]net.IP{
-	"svc1.ns1": {net.ParseIP("192.0.1.1")},
-	"svc2.ns1": {net.ParseIP("192.0.1.2")},
+var testServiceIndexes = map[string][]netip.Addr{
+	"svc1.ns1": {netip.MustParseAddr("192.0.1.1"), netip.MustParseAddr("fd12:3456:789a:1::")},
+	"svc2.ns1": {netip.MustParseAddr("192.0.1.2")},
 	"svc3.ns1": {},
 }
 
-func testServiceLookup(keys []string) (results []net.IP) {
+func testServiceLookup(keys []string) (results []netip.Addr) {
 	for _, key := range keys {
 		results = append(results, testServiceIndexes[strings.ToLower(key)]...)
 	}
 	return results
 }
 
-var testIngressIndexes = map[string][]net.IP{
-	"domain.example.com":    {net.ParseIP("192.0.0.1")},
-	"svc2.ns1.example.com":  {net.ParseIP("192.0.0.2")},
-	"example.com":           {net.ParseIP("192.0.0.3")},
-	"shadow.example.com":    {net.ParseIP("192.0.0.4")},
-	"shadow-vs.example.com": {net.ParseIP("192.0.0.5")},
+var testIngressIndexes = map[string][]netip.Addr{
+	"domain.example.com":    {netip.MustParseAddr("192.0.0.1")},
+	"svc2.ns1.example.com":  {netip.MustParseAddr("192.0.0.2")},
+	"example.com":           {netip.MustParseAddr("192.0.0.3")},
+	"shadow.example.com":    {netip.MustParseAddr("192.0.0.4")},
+	"shadow-vs.example.com": {netip.MustParseAddr("192.0.0.5")},
 }
 
-func testIngressLookup(keys []string) (results []net.IP) {
+func testIngressLookup(keys []string) (results []netip.Addr) {
 	for _, key := range keys {
 		results = append(results, testIngressIndexes[strings.ToLower(key)]...)
 	}
 	return results
 }
 
-var testVirtualServerIndexes = map[string][]net.IP{
-	"vs1.example.com":       {net.ParseIP("192.0.3.1")},
-	"shadow.example.com":    {net.ParseIP("192.0.3.4")},
-	"shadow-vs.example.com": {net.ParseIP("192.0.3.5")},
+var testVirtualServerIndexes = map[string][]netip.Addr{
+	"vs1.example.com":       {netip.MustParseAddr("192.0.3.1")},
+	"shadow.example.com":    {netip.MustParseAddr("192.0.3.4")},
+	"shadow-vs.example.com": {netip.MustParseAddr("192.0.3.5")},
 }
 
-func testVirtualServerLookup(keys []string) (results []net.IP) {
+func testVirtualServerLookup(keys []string) (results []netip.Addr) {
 	for _, key := range keys {
 		results = append(results, testVirtualServerIndexes[strings.ToLower(key)]...)
 	}
 	return results
 }
 
-var testHTTPRouteIndexes = map[string][]net.IP{
-	"domain.gw.example.com": {net.ParseIP("192.0.2.1")},
-	"shadow.example.com":    {net.ParseIP("192.0.2.4")},
+var testHTTPRouteIndexes = map[string][]netip.Addr{
+	"domain.gw.example.com": {netip.MustParseAddr("192.0.2.1")},
+	"shadow.example.com":    {netip.MustParseAddr("192.0.2.4")},
 }
 
-func testHTTPRouteLookup(keys []string) (results []net.IP) {
+func testHTTPRouteLookup(keys []string) (results []netip.Addr) {
 	for _, key := range keys {
 		results = append(results, testHTTPRouteIndexes[strings.ToLower(key)]...)
 	}