|
| 1 | ++++ |
| 2 | +title = "k8s_cache" |
| 3 | +description = "*k8s_cache* is a caching plugin with early refreshes for specified pods" |
| 4 | +weight = 10 |
| 5 | +tags = [ "plugin" , "k8s", "cache" ] |
| 6 | +categories = [ "plugin", "external" ] |
| 7 | +date = "2024-04-24T15:20:00+02:00" |
| 8 | +repo = "https://github.com/delta10/k8s_cache" |
| 9 | +home = "https://github.com/delta10/k8s_cache#readme" |
| 10 | ++++ |
| 11 | + |
| 12 | +## Description |
| 13 | + |
| 14 | +This is a fork of [cache](https://github.com/coredns/coredns/tree/master/plugin/cache). It |
| 15 | +adds an option to send a refreshed positive cache item first to pods with the label |
| 16 | +`k8s-cache.coredns.io/early-refresh=true`. Other pods get it only after a specified |
| 17 | +duration. This makes it possible to implement stable NetworkPolicy whitelists on the basis |
| 18 | +of domain names that are resolved with DNS, using [Stable FQDNNetworkPolicies](https://github.com/delta10/fqdnnetworkpolicies). |
| 19 | + |
| 20 | +The implementation uses an additional cache store called the "late cache", which is |
| 21 | +shifted a number of seconds. On expiration, items in the late cache are replaced with |
| 22 | +items from the early cache if they exist. When a request comes in, the plugin normally |
| 23 | +checks first if the response is cached in the late cache, then in the early cache. If the |
| 24 | +source IP matches a pod with the label `k8s-cache.coredns.io/early-refresh=true`, the late |
| 25 | +cache is skipped and the early cache consulted immediately. |
| 26 | + |
| 27 | +This plugin is intended as a replacement of the *cache* plugin and should not be used in |
| 28 | +combination with it. |
| 29 | + |
| 30 | +We will keep the code of this plugin in sync with *cache* as best as we can. |
| 31 | + |
| 32 | +## Syntax |
| 33 | + |
| 34 | +~~~ txt |
| 35 | +k8s_cache [TTL] [ZONES...] { |
| 36 | + earlyrefresh [DURATION] |
| 37 | + success CAPACITY [TTL] [MINTTL] |
| 38 | + denial CAPACITY [TTL] [MINTTL] |
| 39 | + prefetch AMOUNT [[DURATION] [PERCENTAGE%]] |
| 40 | + serve_stale [DURATION] [REFRESH_MODE] |
| 41 | + servfail DURATION |
| 42 | + disable success|denial [ZONES...] |
| 43 | + keepttl |
| 44 | +} |
| 45 | +~~~ |
| 46 | + |
| 47 | +For details, see the [cache documentation](https://coredns.io/plugins/cache/). This plugin |
| 48 | +adds one argument and changes the meaning of some other arguments slightly. |
| 49 | + |
| 50 | +* `earlyrefresh` Set the **DURATION** (e.g., "5s") before which `early-refresh` pods get a |
| 51 | +fresh reply. This option actually ***increases*** the cache duration of successful |
| 52 | +responses for pods not having the early refresh label. Each client receives the current |
| 53 | +cache duration *for it* as TTL response. |
| 54 | +* `prefetch` Works as in *cache*, but it uses the expiration time of the early cache to |
| 55 | +calculate whether prefetches should be done. |
| 56 | +* `serve_stale` Works as in *cache*, but **DURATION** is counted from the expiration of |
| 57 | +the early cache. For positive responses cached in the late cache, `serve_stale` starts |
| 58 | +taking effect only when the late cache expires. After the late cache has expired, stale |
| 59 | +serving will continue for **DURATION** minus the duration of `earlyrefresh`. Pods having |
| 60 | +the early refresh label will never be served stale responses. |
| 61 | + |
| 62 | +## Examples |
| 63 | + |
| 64 | +Keep a positive and negative cache size of 10000 (default) and send cache refreshes 5 |
| 65 | +seconds earlier to pods with the early refresh label. |
| 66 | + |
| 67 | +~~~ corefile |
| 68 | +.:5300 { |
| 69 | + k8s_cache { |
| 70 | + success 10000 |
| 71 | + denial 10000 |
| 72 | + earlyrefresh 5s |
| 73 | + } |
| 74 | + forward . 8.8.8.8 |
| 75 | +} |
| 76 | +~~~ |
| 77 | + |
| 78 | +For general caching examples, see the [cache documentation](https://coredns.io/plugins/cache/). |
0 commit comments