Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom dns policy makes sdp-dnsmasq crash #38

Open
thomascellerier opened this issue Nov 18, 2021 · 6 comments
Open

Custom dns policy makes sdp-dnsmasq crash #38

thomascellerier opened this issue Nov 18, 2021 · 6 comments

Comments

@thomascellerier
Copy link
Collaborator

thomascellerier commented Nov 18, 2021

Given a pod including the following spec:

     dnsConfig:
       nameservers:
       - 10.97.2.20
       - 10.97.2.23
     dnsPolicy: None

Results in the sdp-dnsmasq sidecar failing to start:

Unable to get the kube dns service!. Dying now!

We should at least detect the issue and emit a relevant error.

@lepiolet
Copy link
Collaborator

Right now we detect it but the error is really far from relevant :D

Since we don't support that option (I don't really know if there is a user case for it) we can just let the injector to fail the validation of the POD in that case.

@thomascellerier
Copy link
Collaborator Author

Yes let's just make it clear the dnsPolicy: None is not supported right now.
We should be explicit about which dnsPolicy we support.

@lepiolet
Copy link
Collaborator

#61 This PR made the injector to override the dnsConfig always into something like this

   dnsConfig:
       nameservers:
       - 127.0.0.1
       searches:
       - svc.cluster.local
       - cluster.local
     dnsPolicy: None```

where searches can be configured.

The injector discovers the DNS service in the cluster and pass it to sdp-dnsmasq container to configure the DNS to be compatible with the sdp-client

@anoncam
Copy link

anoncam commented Jul 8, 2022

what does your Corefile look like?

@anoncam
Copy link

anoncam commented Jul 8, 2022

Have you tried adding something like:

spec:
  hostname: 
  subdomain: 
  containers:
  - image: # image ref
    name: sdp # name reference to corresponding service `metadata.name`
---
# associated service
apiVersion: v1
kind: Service
metadata:
  name: sdp # or something similar
spec:
  selector:
    name: sdp
  clusterIP: None
  ports:
  - name: foo # Actually, no port is needed.
    port: 1234
    targetPort: 1234

using approach outlined here

@anoncam
Copy link

anoncam commented Nov 10, 2022

FIX:: can't use reserved port...ie: 53.

use 50053 or something that ur non-root user can open without needing privs ... or got back to running as root.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

3 participants