Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
97 changes: 97 additions & 0 deletions Makefile.ocp
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
# Makefile.ocp — OpenShift plugin management for CoreDNS
#
# Usage:
# make -f Makefile.ocp generate-plugins # prune plugins and regenerate
# make -f Makefile.ocp verify-plugins # CI check: fail if tree is dirty
#
# After an upstream rebase:
# 1. (Optional) Add new plugins to openshift-plugins.cfg if needed
# 2. Run: make -f Makefile.ocp generate-plugins
# 3. Commit the result

OPENSHIFT_PLUGINS_CFG := openshift-plugins.cfg
PLUGIN_CFG := plugin.cfg
PLUGIN_DIR := plugin

# Infrastructure directories under plugin/ that are never plugins.
INFRA_DIRS := pkg test deprecated import

# Plugin directories that are NOT registered in openshift-plugins.cfg but
# are imported as code dependencies by kept plugins. Update this list if
# a kept plugin gains a new cross-plugin import after an upstream rebase.
#
# debug — imported by forward
# dnstap — imported by forward
# etcd — etcd/msg imported by kubernetes
# metadata — imported by cache, kubernetes, forward
# transfer — imported by kubernetes
# whoami — imported by bufsize (tests)
# erratic — imported by ready (tests)
DEP_DIRS := debug dnstap etcd metadata transfer whoami erratic

.PHONY: generate-plugins
generate-plugins:
@echo "==> Overwriting $(PLUGIN_CFG) with $(OPENSHIFT_PLUGINS_CFG)"
cp $(OPENSHIFT_PLUGINS_CFG) $(PLUGIN_CFG)
@echo "==> Removing unused plugin directories"
@$(call remove-unused-plugins)
@echo "==> Regenerating plugin Go files"
go generate coredns.go
@echo "==> Tidying modules"
go mod tidy
@echo "==> Vendoring dependencies"
go mod vendor
@echo "==> Done. Review changes with 'git diff --stat'"

.PHONY: verify-plugins
verify-plugins:
@echo "==> Verifying plugin tree matches $(OPENSHIFT_PLUGINS_CFG)"
@diff -q $(OPENSHIFT_PLUGINS_CFG) $(PLUGIN_CFG) || \
(echo "ERROR: $(PLUGIN_CFG) does not match $(OPENSHIFT_PLUGINS_CFG)"; exit 1)
@$(call check-no-unused-plugins)
@echo "==> Plugin tree is clean"

# All directories that must be preserved: infrastructure, active plugins
# (from openshift-plugins.cfg), and code-dependency plugins (DEP_DIRS).
define kept-plugin-dirs
$$(grep -v '^\s*#' $(OPENSHIFT_PLUGINS_CFG) | grep -v '^\s*$$' | cut -d: -f2 | grep -v '/')
endef

# remove-unused-plugins deletes plugin/<name>/ directories not in the
# kept set (active plugins + DEP_DIRS + INFRA_DIRS).
define remove-unused-plugins
kept=$(kept-plugin-dirs); \
for dir in $(PLUGIN_DIR)/*/; do \
name=$$(basename "$$dir"); \
skip=false; \
for s in $(INFRA_DIRS) $(DEP_DIRS); do \
if [ "$$name" = "$$s" ]; then skip=true; break; fi; \
done; \
if $$skip; then continue; fi; \
if echo "$$kept" | grep -qx "$$name"; then continue; fi; \
echo " removing $(PLUGIN_DIR)/$$name"; \
rm -rf "$$dir"; \
done
endef

# check-no-unused-plugins fails if any plugin directories exist that
# should have been removed.
define check-no-unused-plugins
kept=$(kept-plugin-dirs); \
stale=""; \
for dir in $(PLUGIN_DIR)/*/; do \
name=$$(basename "$$dir"); \
skip=false; \
for s in $(INFRA_DIRS) $(DEP_DIRS); do \
if [ "$$name" = "$$s" ]; then skip=true; break; fi; \
done; \
if $$skip; then continue; fi; \
if echo "$$kept" | grep -qx "$$name"; then continue; fi; \
stale="$$stale $$name"; \
done; \
if [ -n "$$stale" ]; then \
echo "ERROR: unused plugin directories found:$$stale"; \
echo "Run 'make -f Makefile.ocp generate-plugins' to fix."; \
exit 1; \
fi
endef
51 changes: 51 additions & 0 deletions OPENSHIFT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# OpenShift CoreDNS Fork

This is the OpenShift fork of [CoreDNS](https://coredns.io). It is deployed
and managed by the
[cluster-dns-operator](https://github.com/openshift/cluster-dns-operator).

## Plugin management

The operator generates the CoreDNS Corefile and only uses a subset of upstream
plugins. Unused plugins are removed to reduce the binary size, dependency
footprint, and attack surface.

The file `openshift-plugins.cfg` is the source of truth for the kept plugin
set. It uses the same `name:package` format as the upstream `plugin.cfg`.

### Regenerating after a rebase

After rebasing onto a new upstream version:

```
make -f Makefile.ocp generate-plugins
```

This will:

1. Overwrite `plugin.cfg` with `openshift-plugins.cfg`
2. Remove plugin directories under `plugin/` that are not needed
3. Regenerate the Go files (`core/plugin/zplugin.go`, `core/dnsserver/zdirectives.go`)
4. Run `go mod tidy` and `go mod vendor`

Review the result with `git diff --stat`, then commit.

### Adding or removing a plugin

Edit `openshift-plugins.cfg`, then run `make -f Makefile.ocp generate-plugins`.

If a kept plugin imports another plugin as a Go package (not as a registered
Corefile directive), that dependency directory must be listed in the `DEP_DIRS`
variable in `Makefile.ocp`. The build will fail with a clear error if a
dependency is missing.

### CI verification

The pipeline should run:

```
make -f Makefile.ocp verify-plugins
```

This checks that `plugin.cfg` matches `openshift-plugins.cfg` and that no
unused plugin directories are present.
42 changes: 0 additions & 42 deletions core/dnsserver/zdirectives.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,60 +10,18 @@ package dnsserver
// (after) them during a request, but they must not
// care what plugin above them are doing.
var Directives = []string{
"root",
"metadata",
"geoip",
"cancel",
"tls",
"quic",
"timeouts",
"multisocket",
"reload",
"nsid",
"bufsize",
"bind",
"debug",
"trace",
"ready",
"health",
"pprof",
"prometheus",
"errors",
"log",
"dnstap",
"local",
"dns64",
"acl",
"any",
"chaos",
"loadbalance",
"tsig",
"ocp_dnsnameresolver",
"cache",
"rewrite",
"header",
"dnssec",
"autopath",
"minimal",
"template",
"transfer",
"hosts",
"route53",
"azure",
"clouddns",
"k8s_external",
"kubernetes",
"file",
"auto",
"secondary",
"etcd",
"loop",
"forward",
"grpc",
"erratic",
"whoami",
"on",
"sign",
"view",
"nomad",
}
42 changes: 0 additions & 42 deletions core/plugin/zplugin.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,61 +4,19 @@ package plugin

import (
// Include all plugins.
_ "github.com/coredns/caddy/onevent"
_ "github.com/coredns/coredns/plugin/acl"
_ "github.com/coredns/coredns/plugin/any"
_ "github.com/coredns/coredns/plugin/auto"
_ "github.com/coredns/coredns/plugin/autopath"
_ "github.com/coredns/coredns/plugin/azure"
_ "github.com/coredns/coredns/plugin/bind"
_ "github.com/coredns/coredns/plugin/bufsize"
_ "github.com/coredns/coredns/plugin/cache"
_ "github.com/coredns/coredns/plugin/cancel"
_ "github.com/coredns/coredns/plugin/chaos"
_ "github.com/coredns/coredns/plugin/clouddns"
_ "github.com/coredns/coredns/plugin/debug"
_ "github.com/coredns/coredns/plugin/dns64"
_ "github.com/coredns/coredns/plugin/dnssec"
_ "github.com/coredns/coredns/plugin/dnstap"
_ "github.com/coredns/coredns/plugin/erratic"
_ "github.com/coredns/coredns/plugin/errors"
_ "github.com/coredns/coredns/plugin/etcd"
_ "github.com/coredns/coredns/plugin/file"
_ "github.com/coredns/coredns/plugin/forward"
_ "github.com/coredns/coredns/plugin/geoip"
_ "github.com/coredns/coredns/plugin/grpc"
_ "github.com/coredns/coredns/plugin/header"
_ "github.com/coredns/coredns/plugin/health"
_ "github.com/coredns/coredns/plugin/hosts"
_ "github.com/coredns/coredns/plugin/k8s_external"
_ "github.com/coredns/coredns/plugin/kubernetes"
_ "github.com/coredns/coredns/plugin/loadbalance"
_ "github.com/coredns/coredns/plugin/local"
_ "github.com/coredns/coredns/plugin/log"
_ "github.com/coredns/coredns/plugin/loop"
_ "github.com/coredns/coredns/plugin/metadata"
_ "github.com/coredns/coredns/plugin/metrics"
_ "github.com/coredns/coredns/plugin/minimal"
_ "github.com/coredns/coredns/plugin/multisocket"
_ "github.com/coredns/coredns/plugin/nomad"
_ "github.com/coredns/coredns/plugin/nsid"
_ "github.com/coredns/coredns/plugin/pprof"
_ "github.com/coredns/coredns/plugin/quic"
_ "github.com/coredns/coredns/plugin/ready"
_ "github.com/coredns/coredns/plugin/reload"
_ "github.com/coredns/coredns/plugin/rewrite"
_ "github.com/coredns/coredns/plugin/root"
_ "github.com/coredns/coredns/plugin/route53"
_ "github.com/coredns/coredns/plugin/secondary"
_ "github.com/coredns/coredns/plugin/sign"
_ "github.com/coredns/coredns/plugin/template"
_ "github.com/coredns/coredns/plugin/timeouts"
_ "github.com/coredns/coredns/plugin/tls"
_ "github.com/coredns/coredns/plugin/trace"
_ "github.com/coredns/coredns/plugin/transfer"
_ "github.com/coredns/coredns/plugin/tsig"
_ "github.com/coredns/coredns/plugin/view"
_ "github.com/coredns/coredns/plugin/whoami"

_ "github.com/openshift/coredns-ocp-dnsnameresolver"
)
Loading