Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
m
millions-australia-75015
10/19/2022, 11:29 AMHello Team! I am trying an airgap install of an RKE2 cluster on AlmaLinux 8 VMs. My environment has no upstream DNS server and I left pretty much all of the RKE2's config to default. I have an issue with CoreDNS though..
My problem is that none of my pods are resolving the name of the services I create (could not resolve host: <service name>). Basically CoreDNS seems to be in a failed state
My coredns pods are in CrashingLoopBackOff state and the logs are "Plugin/forward: no nameserver found".
In this configuration I haven't changed the Corefile yet, and thus I have "forward . /etc/resolv.conf" in the file. Every server node in my cluster has an empty resolv.conf since I have no parent/upstream DNS server.
I've tried to add "nameserver 8.8.8.8" to "/etc/resolv.conf", and after deleting the coredns pods so they can get recreated, they went into a running state but the logs are full of error contacting 8.8.8.8 server (obviously) and pods still can't resolve services' name.
I've also tried to remove the forward plugin from the Corefile, the coredns pods are correctly running with no error in logs but all of my pods keep running the same name resolution error.
I've launched a busybox pod to help me debugging and every nslookup command gives me a connection refused on the IP of the ClusterIP of coredns.
I've tried to add "nameserver 127.0.0.1" to "/etc/resolv.conf" instead, but then the coredns pods give me error logs indicating there is an infinite resolution loop (basically what's mentioned here https://coredns.io/plugins/loop/#troubleshooting)
c
creamy-pencil-82913
10/19/2022, 4:09 PMYou will probably need to use a dummy default route and dummy upstream DNS server that returns nxdomain or the like. Kubernetes can be used in an airgap configuration, but some of the iptables rules and other things will only work right if packets go through the normal routing process. So you can have an airgaped network without too much extra configuration, but an airgapped host takes more work.
h
hallowed-cpu-88027
10/20/2022, 7:31 AMHi! thanks for your reply. We've tried that but nslookup still fail with "no servers could be reached" error.. Seems to be something else than dns resolution.
c
creamy-pencil-82913
10/20/2022, 8:33 AMDid you add a dummy default route? All the stuff that routes to clusterip services won't work without it.
h
hallowed-cpu-88027
10/20/2022, 10:15 AMI tried to set up a dummy interface but no success.. i'm not sure i did it right, could you be more specific about how to do it please ? Sorry, I am not a network expert..
e
echoing-oxygen-99290
10/31/2022, 3:07 AMin your
/etc/netplan/<default file>.yamlroutes:
- to: default
via: 172.16.0.1gateway