https://rancher.com/ logo
Powered by
#rke2
Title
# rke2
m

millions-australia-75015

10/19/2022, 11:29 AM
Hello Team! I am trying an airgap install of an RKE2 cluster on AlmaLinux 8 VMs. My environment has no upstream DNS server and I left pretty much all of the RKE2's config to default. I have an issue with CoreDNS though.. My problem is that none of my pods are resolving the name of the services I create (could not resolve host: <service name>). Basically CoreDNS seems to be in a failed state My coredns pods are in CrashingLoopBackOff state and the logs are "Plugin/forward: no nameserver found". In this configuration I haven't changed the Corefile yet, and thus I have "forward . /etc/resolv.conf" in the file. Every server node in my cluster has an empty resolv.conf since I have no parent/upstream DNS server. I've tried to add "nameserver 8.8.8.8" to "/etc/resolv.conf", and after deleting the coredns pods so they can get recreated, they went into a running state but the logs are full of error contacting 8.8.8.8 server (obviously) and pods still can't resolve services' name. I've also tried to remove the forward plugin from the Corefile, the coredns pods are correctly running with no error in logs but all of my pods keep running the same name resolution error. I've launched a busybox pod to help me debugging and every nslookup command gives me a connection refused on the IP of the ClusterIP of coredns.
I've tried to add "nameserver 127.0.0.1" to "/etc/resolv.conf" instead, but then the coredns pods give me error logs indicating there is an infinite resolution loop (basically what's mentioned here https://coredns.io/plugins/loop/#troubleshooting)
c

creamy-pencil-82913

10/19/2022, 4:09 PM
You will probably need to use a dummy default route and dummy upstream DNS server that returns nxdomain or the like. Kubernetes can be used in an airgap configuration, but some of the iptables rules and other things will only work right if packets go through the normal routing process. So you can have an airgaped network without too much extra configuration, but an airgapped host takes more work.
h

hallowed-cpu-88027

10/20/2022, 7:31 AM
Hi! thanks for your reply. We've tried that but nslookup still fail with "no servers could be reached" error.. Seems to be something else than dns resolution.
c

creamy-pencil-82913

10/20/2022, 8:33 AM
Did you add a dummy default route? All the stuff that routes to clusterip services won't work without it.
h

hallowed-cpu-88027

10/20/2022, 10:15 AM
I tried to set up a dummy interface but no success.. i'm not sure i did it right, could you be more specific about how to do it please ? Sorry, I am not a network expert..
e

echoing-oxygen-99290

10/31/2022, 3:07 AM
in your 
/etc/netplan/<default file>.yaml
you need to add a dummy route, for example:
Copy code
routes:
            - to: default
                via: 172.16.0.1
Or when installing ubuntu you can set this IP as the 
gateway
when prompted go configure a network device
12 Views
Powered by