https://rancher.com/ logo
Title
m

magnificent-vr-88571

03/07/2023, 3:44 PM
hi, I have RKE2 cluster deployed in a private network, internet connectivity can be reached through proxy server in aws. Followed https://docs.rke2.io/advanced#configuring-an-http-proxy and set proxy setting. With rke2-coredns using rancher/hardened-coredns:v1.9.3-build20220613 nslookup fails
> kubectl run -it --rm test-pod --image=busybox:1.28 --restart=Never -- /bin/sh
/ # nslookup  kubernetes.default.svc.cluster.local
Server:    10.43.0.10
Address 1: 10.43.0.10 rke2-coredns-rke2-coredns.kube-system.svc.cluster.local

Name:      kubernetes.default.svc.cluster.local
Address 1: 10.43.0.1 kubernetes.default.svc.cluster.local
/ # nslookup  kubernetes
Server:    10.43.0.10
Address 1: 10.43.0.10 rke2-coredns-rke2-coredns.kube-system.svc.cluster.local

Name:      kubernetes
Address 1: 10.43.0.1 kubernetes.default.svc.cluster.local
/ # nslookup  <http://google.com|google.com>
Server:    10.43.0.10
Address 1: 10.43.0.10 rke2-coredns-rke2-coredns.kube-system.svc.cluster.local

nslookup: can't resolve '<http://google.com|google.com>'
corefile content
.:53 {
    errors 
    health  {
        lameduck 5s
    }
    ready 
    kubernetes   cluster.local  cluster.local in-addr.arpa ip6.arpa {
        pods insecure
        fallthrough in-addr.arpa ip6.arpa
        ttl 30
    }
    prometheus   0.0.0.0:9153
    forward . /etc/resolv.conf
    cache   30
    loop 
    reload 
    loadbalance 
}
resolv.conf
nameserver 127.0.0.53
search default.svc.cluster.local svc.cluster.local
nameserver 8.8.8.8
nameserver 8.8.4.4
options edns0 trust-ad
Looking for inputs to resolve
a

abundant-noon-17295

03/07/2023, 3:59 PM
what ’s
echo $https_proxy $HTTPS_PROXY
?
m

magnificent-vr-88571

03/07/2023, 4:04 PM
by default its a empty line printed
set proxy environment variables manually and tried, still facing issue.
/ # export https_proxy="http://<proxyserver>:3128"
/ # export HTTP_PROXY="http://<proxyserver>:3128"
/ # export HTTPs_PROXY="http://<proxyserver>:3128"
/ # export HTTPS_PROXY="http://<proxyserver>:3128"
/ # HTTPS_PROXY="http://<proxyserver>:3128"
/ # HTTP_PROXY="http://<proxyserver>:3128"
/ # https_proxy="http://<proxyserver>:3128"
/ # https_proxy="http://<proxyserver>:3128"
/ # http_proxy="http://<proxyserver>:3128"
/ #
/ #
/ # nslookup  <http://google.com|google.com>
Server:    10.43.0.10
Address 1: 10.43.0.10 rke2-coredns-rke2-coredns.kube-system.svc.cluster.local

nslookup: can't resolve '<http://google.com|google.com>'
a

abundant-noon-17295

03/07/2023, 4:06 PM
what about
CONTAINERD_HTTPS_PROXY
?
m

magnificent-vr-88571

03/07/2023, 4:07 PM
/ # printenv
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=<tcp://10.43.0.1:443>
HOSTNAME=test-pod1
SHLVL=1
HOME=/root
TERM=xterm
KUBERNETES_PORT_443_TCP_ADDR=10.43.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=<tcp://10.43.0.1:443>
KUBERNETES_SERVICE_HOST=10.43.0.1
all the nodes are set with following variables but not
CONTAINERD
prefix variables.
HTTP_PROXY=<http://your-proxy.example.com:8888>
HTTPS_PROXY=<http://your-proxy.example.com:8888>
NO_PROXY=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16