https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# rke2
a
This message was deleted.
c
are you doing this via the rancher cluster yaml, or just directly in rke2's registries.yaml?
t
I tried to do it directly but which one is better?
my registry is tls but selfsigned
c
well if you’re using rancher, you need to do it in rancher - as rancher will overwrite the registries.yaml
if it’s TLS but self-signed, why are you trying to use http?
http, and https with a self-signed cert, are not the same thing.
t
I see but I got the error pulling image from registry that it can not verify certificate legitimate
tls: failed to verify certificate: x509: certificate signed by unknown authority
c
right, so the fix for that is to set 
insecure_skip_verify: true
, not to use http. Trying to use http to talk to a https server does not magically make it ignore the cert. You will get a different error about sending a http request to a https server.
👍 1
t
if I want to add a record to coredns, to resolve this repository, should I edit coredns config map or there is better way to do that?
c
if you do that it will get reverted. Use the helmchart config
t
https://www.suse.com/support/kb/doc/?id=000021179 is this the right link for that?
c
thats a good example, yes
t
is the following corerct for an A record ?
Copy code
apiVersion: <http://helm.cattle.io/v1|helm.cattle.io/v1>
kind: HelmChartConfig
metadata:
  name: rke2-coredns
  namespace: kube-system
spec:
  valuesContent: |-
    zoneFiles:
      - filename: doit.tech.conf
        domain: doit.tech
        contents: |
          doit.tech:53 {
              errors
              cache 30
              hosts {
                  10.10.10.10  doit.tech
                  fallthrough
              }
          }
I just want simply resolve an A record and not forwarding to a NS
should I create this file on each node?
c
I don’t know, I would defer to the coredns docs.
You can place it on one server, or all of them, as long as its the same on all of them. If you change it on one but not on others you may see odd behavior.
👍 1
t
I checked the yaml file and it did not work as expected. do you see anything wrong?
c
which one
where did you put it
t
I create a file in. /var/lib/rancher/rke2/server/manifests/rke2-coredns-config.yaml
Copy code
apiVersion: <http://helm.cattle.io/v1|helm.cattle.io/v1>
kind: HelmChartConfig
metadata:
  name: rke2-coredns
  namespace: kube-system
spec:
  valuesContent: |-
    zoneFiles:
      - filename: doit.tech.conf
        domain: doit.tech
        contents: |
          doit.tech:53 {
              errors
              cache 30
              hosts {
                  10.10.10.10  doit.tech
                  fallthrough
              }
          }
c
that looks fine for me. You might check and see if the corefile has been updated?
if it has, and it still isn’t working, then I would guess that is not the correct configuration.
and would refer back to the coredns docs.
t
kubectl -n kube-system get configmap rke2-coredns-rke2-coredns -o json { "apiVersion": "v1", "data": { "Corefile": ".:53 {\n errors \n health {\n lameduck 5s\n }\n ready \n kubernetes cluster.local cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n ttl 30\n }\n prometheus 0.0.0.0:9153\n forward . /etc/resolv.conf\n cache 30\n loop \n reload \n loadbalance \n}", "x.local.conf": "x.local:53 {\n errors\n cache 30\n hosts {\n 207.xxxx x.local\n fallthrough\n }" }, "kind": "ConfigMap", "metadata": { "annotations": { "meta.helm.sh/release-name": "rke2-coredns", "meta.helm.sh/release-namespace": "kube-system" }, "creationTimestamp": "2023-12-20T050912Z", "labels": { "app.kubernetes.io/instance": "rke2-coredns", "app.kubernetes.io/managed-by": "Helm", "app.kubernetes.io/name": "rke2-coredns", "helm.sh/chart": "rke2-coredns-1.24.006", "k8s-app": "kube-dns", "kubernetes.io/cluster-service": "true", "kubernetes.io/name": "CoreDNS" }, "name": "rke2-coredns-rke2-coredns", "namespace": "kube-system", "resourceVersion": "18897334", "uid": "63ad56de-34f8-4e12-931b-ac12d7678589" } }
c
assuming x.local is what you added, it looks like it worked
wait
that’s not a zone file
that looks like random extra coredns configuration, but you’re trying to use it a zoneFile entry?
t
II just want to resolve x.local to an IP in my cluster
c
that doc does not appear to be correct
you’re trying to spoof DNS for a domain using a zone file?
I would look at the chart values and see what is available
t
let me look at that but my use case is simple I want to resolve an A record in my cluster
160 Views
Open in Slack
PreviousNext
Powered by