{"id":18074182,"url":"https://github.com/maxlaverse/ndots-admission-controller","last_synced_at":"2025-07-07T14:09:54.150Z","repository":{"id":41466957,"uuid":"509729148","full_name":"maxlaverse/ndots-admission-controller","owner":"maxlaverse","description":"A Kubernetes Admission Controller that set ndots in Pods","archived":false,"fork":false,"pushed_at":"2025-06-16T21:18:29.000Z","size":154,"stargazers_count":6,"open_issues_count":3,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-16T22:32:11.661Z","etag":null,"topics":["dns","kubernetes","ndots"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/maxlaverse.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-07-02T10:49:29.000Z","updated_at":"2025-06-16T21:17:17.000Z","dependencies_parsed_at":"2024-01-08T11:18:18.302Z","dependency_job_id":"763f1bca-f682-473d-9461-3252b5fb6f8e","html_url":"https://github.com/maxlaverse/ndots-admission-controller","commit_stats":{"total_commits":38,"total_committers":3,"mean_commits":"12.666666666666666","dds":0.2894736842105263,"last_synced_commit":"5295aaade96aa18b25e58785f7661744865d262d"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/maxlaverse/ndots-admission-controller","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxlaverse%2Fndots-admission-controller","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxlaverse%2Fndots-admission-controller/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxlaverse%2Fndots-admission-controller/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxlaverse%2Fndots-admission-controller/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/maxlaverse","download_url":"https://codeload.github.com/maxlaverse/ndots-admission-controller/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxlaverse%2Fndots-admission-controller/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264089668,"owners_count":23555785,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dns","kubernetes","ndots"],"created_at":"2024-10-31T10:11:33.240Z","updated_at":"2025-07-07T14:09:54.127Z","avatar_url":"https://github.com/maxlaverse.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ndots-admission-controller\n\n![Tests](https://github.com/maxlaverse/ndots-admission-controller/actions/workflows/tests.yml/badge.svg?branch=main)\n![Go Version](https://img.shields.io/github/go-mod/go-version/maxlaverse/ndots-admission-controller)\n![Releases](https://img.shields.io/github/v/release/maxlaverse/ndots-admission-controller?include_prereleases)\n\nA [Kubernetes Admission Controller] that injects `spec.dnsConfig.options.ndots:1` inside Pods upon creation (if not present).\nThis prevents most of the DNS resolvers from issuing extra DNS requests based on the local search list, which improves performance at the expense of portability.\n\n## Supported Versions\n\nThe controller has been tested and built with the following components:\n* Kubernetes \u003e= 1.19\n* Cert-Manager \u003e= 1.4.0\n\n## Installation\n\n```bash\nhelm repo add maxlaverse https://maxlaverse.github.io/helm-charts/\nhelm repo update\nhelm install ndots-admission-controller maxlaverse/ndots-admission-controller\n```\n\n## What is ndots ?\n\nFrom [man resolv.conf]\n\u003e ndots:n\n\u003e\n\u003e Sets a threshold for the number of dots which must appear in a name [...] before an initial absolute query will be made.\n\u003e The default for n is 1, meaning that if there are any dots in a name, the name will be tried first as an absolute name before any search list elements are appended to it.\n\u003e The value for this option is silently capped to 15. \n\nBy default, Kubernetes sets [ndots:5] with at least `\u003cnamespace\u003e.svc.cluster.local`, `svc.cluster.local`, and `cluster.local` as search items (see [author's explanation on the number 5])\n\n**Example**:\nFor a Pod running in the `default` Kubernetes namespace, when trying to resolve `google.com` the DNS resolver would make the following requests:\n* `google.com.default.svc.cluster.local`\n* `google.com.svc.cluster.local`\n* `google.com.cluster.local`\n* `google.com`\n\nThe first 3 requests are unnecessary as we know the exact name of the domain we want to reach.\nTo prevent this behavior, we have two possibilities:\n1. append a final dot to the hostname, making it fully qualified: `google.com =\u003e google.com.`.\n2. set `ndots` to `1` or `0`.\n\nThe first solution is inconvenient:\n* it requires appending the final dot in a lot of different places that are not always easily accessible (e.g. libraries of SaaS providers).\n* some load-balancers return SSL errors because the Common Name doesn't match anymore.\n* monitoring tools would often treat both `google.com` and `google.com.` as separate domains.\n\nThe _ndots-admission-controller_ is an implementation of the second solution.\n\n## License\n\nDistributed under the Apache License. See [LICENSE](./LICENSE) for more information.\n\n[Kubernetes Admission Controller]: https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/\n[ndots:5]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/\n[author's explanation on the number 5]: https://github.com/kubernetes/kubernetes/issues/33554#issuecomment-266251056\n[man resolv.conf]: https://man5.pgdp.sse.in.tum.de/resolver.5.html","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaxlaverse%2Fndots-admission-controller","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmaxlaverse%2Fndots-admission-controller","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaxlaverse%2Fndots-admission-controller/lists"}