dns: kube-dns 1.14.7 does not resolve cluster services without external dns

If host does not have working DNS nameserver in /etc/resolv.conf, kube-dns fails to resolve cluster services.

I created a single-machine k8s cluster (1.7.4, kube-dns 1.14.7) in a VM for a machine that has no internet/intranet connectivity for a hack lab. Thus, it has no working DNS on the host, but the DNS IP in the /etc/resolv.conf is blocked by firewall.

In this case, kube-dns fails to resolve any cluster service in any namespace, including kube-dns itself, unless queried using FQDN, kube-dns.kube-system.svc.cluster.local, despite /etc/resolv.conf in container pointing correctly to kube-dns, and containing correct search options (kube-system.svc.cluster.local svc.cluster.local cluster.local).

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 16 (4 by maintainers)

Most upvoted comments

/remove-lifecycle stale

Very much valid issue still.

+4
tuminoid on Mar 12, 2018

Using configurations in this gist (please correct if something wrong), this does not help. It also doesn’t make a difference if nameserver 192.168.200.7 is used for hosts /etc/resolv.conf. Also tried without hostNetwork, no difference. Removing unbound’s access-control makes no difference either.

If I use kube-dns 1.9, which we had prior upgrading to 1.14.7, it just works, no matter the resolv.conf on the host has.

+1
tuminoid on Nov 30, 2017
Read more comments on GitHub
← dns: High level of i/o timeout erros in nodelocaldns pod when coredns pod on same node
dns: kube-dns never resolves if a domain returns NOERROR with 0 answer records once →