fix(kubernetes): panic on empty ListenHosts (#7857)

plugin/kubernetes/local.go

@@ -11,7 +11,7 @@ import (
 func boundIPs(c *caddy.Controller) (ips []net.IP) {
 	conf := dnsserver.GetConfig(c)
 	hosts := conf.ListenHosts
-	if hosts == nil || hosts[0] == "" {
+	if len(hosts) == 0 || hosts[0] == "" {
 		hosts = nil
 		addrs, err := net.InterfaceAddrs()
 		if err != nil {

plugin/kubernetes/setup_test.go

@@ -1,12 +1,14 @@
 package kubernetes
 
 import (
+	"net"
 	"slices"
 	"strings"
 	"testing"
 	"time"
 
 	"github.com/coredns/caddy"
+	"github.com/coredns/coredns/core/dnsserver"
 	"github.com/coredns/coredns/plugin/pkg/fall"
 
 	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -793,3 +795,37 @@ func TestKubernetesParseAPIRateLimiting(t *testing.T) {
 		}
 	}
 }
+
+func TestBoundIPs(t *testing.T) {
+	tests := []struct {
+		name        string
+		listenHosts []string
+		expectIP    net.IP
+	}{
+		{"nil ListenHosts", nil, nil},
+		{"empty slice ListenHosts", []string{}, nil},
+		{"single empty string", []string{""}, nil},
+		{"valid CIDR address", []string{"192.168.1.1/24"}, net.ParseIP("192.168.1.1")},
+		{"loopback filtered", []string{"127.0.0.1/8"}, nil},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			c := caddy.NewTestController("dns", "kubernetes cluster.local")
+			cfg := dnsserver.GetConfig(c)
+			cfg.ListenHosts = tc.listenHosts
+
+			ips := boundIPs(c)
+
+			if tc.expectIP == nil {
+				return
+			}
+			for _, ip := range ips {
+				if ip.Equal(tc.expectIP) {
+					return
+				}
+			}
+			t.Errorf("expected %v in result, got %v", tc.expectIP, ips)
+		})
+	}
+}