[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Configure resolv.conf Pods



If skydns is running on a port other than 53 you'll need to pass -p
flag to dig to specify the port. The kubernetes service (172.30.0.1)
translates port 53 into the port that skydns is running on so when
using the service ip that's not necessary, but if you're accessing the
master's ip you'll have to account for that. Also, this means you need
firewall rules allowing access on that port between all nodes and your
master, maybe that's the missing piece?

--
Scott

On Wed, Oct 5, 2016 at 5:17 AM, Fran Barrera <franbarrera6 gmail com> wrote:
> Ok, I found this:
>
> # dig @IP_MASTER kubernetes.default.svc.cluster.local
> no resolve
>
> And if I do this on the other environment resolved correctly.
>
> The logs of dnsmasq seems look good:
>
> using nameserver 8.8.8.8#53
> using nameserver 172.30.0.1#53 for domain 30.172.in-addr.arpa
> using nameserver 172.30.0.1#53 for domain cluster.local
> read /etc/hosts - 11 addresses
>
> Is the same in both environments.
>
> And node-config.yaml the dnsIP is set correctly.
>
> Thanks,
> Fran.
>
>
> 2016-10-04 18:08 GMT+02:00 Scott Dodson <sdodson redhat com>:
>>
>> Ok, to debug this, at the host level `dig @node-ip
>> kubernetes.default.svc.cluster.local` and `dig @node-ip www.google.es`
>> replace node-ip with the node's ip address, and then review the
>> journal for dnsmasq, `journalctl -lu dnsmasq`. If everything looks
>> fine there then I'd verify that the dnsIP is set correctly in
>> node-config.yaml
>>
>> --
>> Scott
>>
>> On Tue, Oct 4, 2016 at 11:35 AM, Fran Barrera <franbarrera6 gmail com>
>> wrote:
>> > No, the problem isn't a conflict port because i've moved skydns to port
>> > 5353.
>> >
>> > Now, I have seen a bit more the problem, from a pod I can't resolver any
>> > openshift service and if I try a ping to www.google.es for example take
>> > ~ 10
>> > seconds. It's like dnsmasq is not forwarding to skydns? but my
>> > configuration
>> > is the same in both environments.
>> >
>> > Thanks,
>> > Fran.
>> >
>> >
>> >
>> >
>> > 2016-10-04 14:53 GMT+02:00 Scott Dodson <sdodson redhat com>:
>> >>
>> >> Hmm, I thought it was there in more recent versions too? The reason
>> >> that this is there is because we want 'fran.project' or 'frans' to use
>> >> the search path to resolve 'fransapp.project.svc.cluster.local' so
>> >> pods can reference the service without knowing the FQDN.
>> >>
>> >> Can you elaborate on how it's failing in the 1.0.8 environment? I
>> >> imagine the problem there is that there's probably a conflict on port
>> >> 53 on your masters which are also nodes? To work around this we've
>> >> moved skydns to port 8053, check master-config.yaml for
>> >> dnsConfig.bindAddress and see if it's binding to port 53 or 8053. If
>> >> you move it to 8053 and restart the master does it help?
>> >>
>> >> --
>> >> Scott
>> >>
>> >> On Tue, Oct 4, 2016 at 4:25 AM, Fran Barrera <franbarrera6 gmail com>
>> >> wrote:
>> >> > Hi Scott,
>> >> >
>> >> > I have configured dnsmasq as you commented and working good in my
>> >> > environment, but I have another environment in 1.0.8 version and the
>> >> > problem
>> >> > is the "option ndots:5" If i delete this option everything working
>> >> > good
>> >> > but
>> >> > I don't know why Openshift set this automatically in /etc/resolv.conf
>> >> >
>> >> > I see in other version that this options is dissapeared but in older
>> >> > version
>> >> > not. Is there any way to delete this option?
>> >> >
>> >> > Thanks,
>> >> > Fran
>> >> >
>> >> > 2016-10-03 14:43 GMT+02:00 Scott Dodson <sdodson redhat com>:
>> >> >>
>> >> >> Maybe I'm misunderstanding the question, but you'd configure dnsmasq
>> >> >> to forward 'cluster.local' to skydns and all other requests to your
>> >> >> desired nameservers, place a file in /etc/dnsmasq.d/ like this
>> >> >>
>> >> >> strict-order
>> >> >> no-resolv
>> >> >> domain-needed
>> >> >> server=/cluster.local/172.30.0.1
>> >> >> server=/30.172.in-addr.arpa/172.30.0.1
>> >> >> server=4.4.4.4
>> >> >> server=8.8.8.8
>> >> >>
>> >> >> Again, the installer does this for you automatically using a
>> >> >> NetworkManager dispatcher script to configure dnsmasq. You can see
>> >> >> what it does here
>> >> >>
>> >> >>
>> >> >>
>> >> >> https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
>> >> >>
>> >> >> On Mon, Oct 3, 2016 at 3:41 AM, Fran Barrera
>> >> >> <franbarrera6 gmail com>
>> >> >> wrote:
>> >> >> > Hi Scott,
>> >> >> >
>> >> >> > If I set dnsmasq in the node-config.yaml. How I can forward
>> >> >> > cluster
>> >> >> > dns
>> >> >> > to
>> >> >> > skydns? Because Openshift services don't have any domain, right?
>> >> >> >
>> >> >> > Thanks,
>> >> >> > Fran
>> >> >> >
>> >> >> > 2016-09-30 14:56 GMT+02:00 Scott Dodson <sdodson redhat com>:
>> >> >> >>
>> >> >> >> Fran,
>> >> >> >>
>> >> >> >> If you set dnsIP in your node-config.yaml file it will make that
>> >> >> >> IP
>> >> >> >> address the first nameserver in your pod's resolv.conf. I don't
>> >> >> >> know
>> >> >> >> how to add timeout options to pod's resolv.conf, but hopefully
>> >> >> >> you
>> >> >> >> should have timeout issues.
>> >> >> >>
>> >> >> >> BTW, the installer should be configuring dnsmasq on each node and
>> >> >> >> setting dnsIP to the local host's IP address starting with Origin
>> >> >> >> 1.2
>> >> >> >> and OCP 3.2. dnsmasq is then responsible for forwarding cluster
>> >> >> >> dns
>> >> >> >> to
>> >> >> >> skydns and other requests to the host's default resolver.
>> >> >> >>
>> >> >> >> --
>> >> >> >> Scott
>> >> >> >>
>> >> >> >> On Fri, Sep 30, 2016 at 8:39 AM, Fran Barrera
>> >> >> >> <franbarrera6 gmail com>
>> >> >> >> wrote:
>> >> >> >> > Hi All,
>> >> >> >> >
>> >> >> >> > In my environment, the master is the DNS server (dnsmasq) and
>> >> >> >> > my
>> >> >> >> > problem
>> >> >> >> > is
>> >> >> >> > that I have very slow resolution. The resolv.conf of pods is:
>> >> >> >> >
>> >> >> >> > nameserver 172.30.0.1
>> >> >> >> > nameserver master_ip
>> >> >> >> >
>> >> >> >> > I need to change this conf adding first the master IP or add a
>> >> >> >> > options
>> >> >> >> > timeout because the slow is because try first with kubernetes
>> >> >> >> > dns
>> >> >> >> > and
>> >> >> >> > 10
>> >> >> >> > seconds later try with dns master. I've followed this guide
>> >> >> >> > https://access.redhat.com/solutions/2215521 but not change
>> >> >> >> > anything.
>> >> >> >> >
>> >> >> >> > Any helps?
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > _______________________________________________
>> >> >> >> > users mailing list
>> >> >> >> > users lists openshift redhat com
>> >> >> >> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>> >> >> >> >
>> >> >> >
>> >> >> >
>> >> >
>> >> >
>> >
>> >
>
>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]