kops: Unable to find task "DNSZone/" error when using bastion with gossip-based cluster

I’m following this tutorial https://github.com/kubernetes/kops/blob/master/docs/aws.md and trying to use topology private with bastion and found error below

$ kops version
Version 1.6.2 (git-98ae12a)
$ kops create cluster --topology private --networking calico --bastion="true" kpc-test.k8s.local
I0707 15:03:09.874526   30282 create_cluster.go:655] Inferred --cloud=aws from zone "ap-southeast-1a"
I0707 15:03:09.874687   30282 create_cluster.go:841] Using SSH public key: /home/winggundamth/.ssh/id_rsa.pub
I0707 15:03:10.103989   30282 subnets.go:183] Assigned CIDR 172.20.32.0/19 to subnet ap-southeast-1a
I0707 15:03:10.104042   30282 subnets.go:183] Assigned CIDR 172.20.64.0/19 to subnet ap-southeast-1b
I0707 15:03:10.104076   30282 subnets.go:197] Assigned CIDR 172.20.0.0/22 to subnet utility-ap-southeast-1a
I0707 15:03:10.104107   30282 subnets.go:197] Assigned CIDR 172.20.4.0/22 to subnet utility-ap-southeast-1b
Previewing changes that will be made:

I0707 15:03:12.931898   30282 apply_cluster.go:396] Gossip DNS: skipping DNS validation
W0707 15:03:12.935014   30282 firewall.go:195] Opening etcd port on masters for access from the nodes, for calico.  This is unsafe in untrusted environments.
I0707 15:03:12.936986   30282 loader.go:220] Known tasks:
I0707 15:03:12.937046   30282 loader.go:222]   AutoscalingGroup/bastions.kpc-test.k8s.local
I0707 15:03:12.937053   30282 loader.go:222]   AutoscalingGroup/master-ap-southeast-1a.masters.kpc-test.k8s.local
I0707 15:03:12.937060   30282 loader.go:222]   AutoscalingGroup/nodes.kpc-test.k8s.local
I0707 15:03:12.937066   30282 loader.go:222]   DHCPOptions/kpc-test.k8s.local
I0707 15:03:12.937073   30282 loader.go:222]   DNSName/bastion.kpc-test.k8s.local
I0707 15:03:12.937079   30282 loader.go:222]   EBSVolume/a.etcd-events.kpc-test.k8s.local
I0707 15:03:12.937085   30282 loader.go:222]   EBSVolume/a.etcd-main.kpc-test.k8s.local
I0707 15:03:12.937092   30282 loader.go:222]   ElasticIP/ap-southeast-1a.kpc-test.k8s.local
I0707 15:03:12.937098   30282 loader.go:222]   ElasticIP/ap-southeast-1b.kpc-test.k8s.local
I0707 15:03:12.937103   30282 loader.go:222]   IAMInstanceProfile/bastions.kpc-test.k8s.local
I0707 15:03:12.937109   30282 loader.go:222]   IAMInstanceProfile/masters.kpc-test.k8s.local
I0707 15:03:12.937115   30282 loader.go:222]   IAMInstanceProfile/nodes.kpc-test.k8s.local
I0707 15:03:12.937124   30282 loader.go:222]   IAMInstanceProfileRole/bastions.kpc-test.k8s.local
I0707 15:03:12.937133   30282 loader.go:222]   IAMInstanceProfileRole/masters.kpc-test.k8s.local
I0707 15:03:12.937143   30282 loader.go:222]   IAMInstanceProfileRole/nodes.kpc-test.k8s.local
I0707 15:03:12.937151   30282 loader.go:222]   IAMRole/bastions.kpc-test.k8s.local
I0707 15:03:12.937161   30282 loader.go:222]   IAMRole/masters.kpc-test.k8s.local
I0707 15:03:12.937170   30282 loader.go:222]   IAMRole/nodes.kpc-test.k8s.local
I0707 15:03:12.937179   30282 loader.go:222]   IAMRolePolicy/additional.bastions.kpc-test.k8s.local
I0707 15:03:12.937189   30282 loader.go:222]   IAMRolePolicy/additional.masters.kpc-test.k8s.local
I0707 15:03:12.937198   30282 loader.go:222]   IAMRolePolicy/additional.nodes.kpc-test.k8s.local
I0707 15:03:12.937206   30282 loader.go:222]   IAMRolePolicy/bastions.kpc-test.k8s.local
I0707 15:03:12.937215   30282 loader.go:222]   IAMRolePolicy/masters.kpc-test.k8s.local
I0707 15:03:12.937224   30282 loader.go:222]   IAMRolePolicy/nodes.kpc-test.k8s.local
I0707 15:03:12.937233   30282 loader.go:222]   InternetGateway/kpc-test.k8s.local
I0707 15:03:12.937272   30282 loader.go:222]   Keypair/kops
I0707 15:03:12.937280   30282 loader.go:222]   Keypair/kube-controller-manager
I0707 15:03:12.937289   30282 loader.go:222]   Keypair/kube-proxy
I0707 15:03:12.937297   30282 loader.go:222]   Keypair/kube-scheduler
I0707 15:03:12.937304   30282 loader.go:222]   Keypair/kubecfg
I0707 15:03:12.937314   30282 loader.go:222]   Keypair/kubelet
I0707 15:03:12.937321   30282 loader.go:222]   Keypair/master
I0707 15:03:12.937330   30282 loader.go:222]   LaunchConfiguration/bastions.kpc-test.k8s.local
I0707 15:03:12.937339   30282 loader.go:222]   LaunchConfiguration/master-ap-southeast-1a.masters.kpc-test.k8s.local
I0707 15:03:12.937347   30282 loader.go:222]   LaunchConfiguration/nodes.kpc-test.k8s.local
I0707 15:03:12.937356   30282 loader.go:222]   LoadBalancer/api.kpc-test.k8s.local
I0707 15:03:12.937366   30282 loader.go:222]   LoadBalancer/bastion.kpc-test.k8s.local
I0707 15:03:12.937374   30282 loader.go:222]   LoadBalancerAttachment/api-master-ap-southeast-1a
I0707 15:03:12.937381   30282 loader.go:222]   LoadBalancerAttachment/bastion-elb-attachment
I0707 15:03:12.937390   30282 loader.go:222]   NatGateway/ap-southeast-1a.kpc-test.k8s.local
I0707 15:03:12.937399   30282 loader.go:222]   NatGateway/ap-southeast-1b.kpc-test.k8s.local
I0707 15:03:12.937407   30282 loader.go:222]   Route/0.0.0.0/0
I0707 15:03:12.937415   30282 loader.go:222]   Route/private-ap-southeast-1a-0.0.0.0/0
I0707 15:03:12.937423   30282 loader.go:222]   Route/private-ap-southeast-1b-0.0.0.0/0
I0707 15:03:12.937432   30282 loader.go:222]   RouteTable/kpc-test.k8s.local
I0707 15:03:12.937441   30282 loader.go:222]   RouteTable/private-ap-southeast-1a.kpc-test.k8s.local
I0707 15:03:12.937450   30282 loader.go:222]   RouteTable/private-ap-southeast-1b.kpc-test.k8s.local
I0707 15:03:12.937457   30282 loader.go:222]   RouteTableAssociation/private-ap-southeast-1a.kpc-test.k8s.local
I0707 15:03:12.937466   30282 loader.go:222]   RouteTableAssociation/private-ap-southeast-1b.kpc-test.k8s.local
I0707 15:03:12.937476   30282 loader.go:222]   RouteTableAssociation/utility-ap-southeast-1a.kpc-test.k8s.local
I0707 15:03:12.937484   30282 loader.go:222]   RouteTableAssociation/utility-ap-southeast-1b.kpc-test.k8s.local
I0707 15:03:12.937493   30282 loader.go:222]   SSHKey/kubernetes.kpc-test.k8s.local-c5:9a:fb:74:d4:91:8e:d8:c8:2e:c7:c4:b3:cb:32:b5
I0707 15:03:12.937503   30282 loader.go:222]   SecurityGroup/api-elb.kpc-test.k8s.local
I0707 15:03:12.937512   30282 loader.go:222]   SecurityGroup/bastion-elb.kpc-test.k8s.local
I0707 15:03:12.937521   30282 loader.go:222]   SecurityGroup/bastion.kpc-test.k8s.local
I0707 15:03:12.937531   30282 loader.go:222]   SecurityGroup/masters.kpc-test.k8s.local
I0707 15:03:12.937566   30282 loader.go:222]   SecurityGroup/nodes.kpc-test.k8s.local
I0707 15:03:12.937577   30282 loader.go:222]   SecurityGroupRule/all-master-to-master
I0707 15:03:12.937587   30282 loader.go:222]   SecurityGroupRule/all-master-to-node
I0707 15:03:12.937595   30282 loader.go:222]   SecurityGroupRule/all-node-to-node
I0707 15:03:12.937604   30282 loader.go:222]   SecurityGroupRule/api-elb-egress
I0707 15:03:12.937612   30282 loader.go:222]   SecurityGroupRule/bastion-egress
I0707 15:03:12.937621   30282 loader.go:222]   SecurityGroupRule/bastion-elb-egress
I0707 15:03:12.937630   30282 loader.go:222]   SecurityGroupRule/bastion-to-master-ssh
I0707 15:03:12.937638   30282 loader.go:222]   SecurityGroupRule/bastion-to-node-ssh
I0707 15:03:12.937646   30282 loader.go:222]   SecurityGroupRule/https-api-elb-0.0.0.0/0
I0707 15:03:12.937656   30282 loader.go:222]   SecurityGroupRule/https-elb-to-master
I0707 15:03:12.937665   30282 loader.go:222]   SecurityGroupRule/master-egress
I0707 15:03:12.937675   30282 loader.go:222]   SecurityGroupRule/node-egress
I0707 15:03:12.937684   30282 loader.go:222]   SecurityGroupRule/node-to-master-protocol-ipip
I0707 15:03:12.937692   30282 loader.go:222]   SecurityGroupRule/node-to-master-tcp-1-4001
I0707 15:03:12.937700   30282 loader.go:222]   SecurityGroupRule/node-to-master-tcp-4003-65535
I0707 15:03:12.937710   30282 loader.go:222]   SecurityGroupRule/node-to-master-udp-1-65535
I0707 15:03:12.937717   30282 loader.go:222]   SecurityGroupRule/ssh-elb-to-bastion
I0707 15:03:12.937725   30282 loader.go:222]   SecurityGroupRule/ssh-external-to-bastion-elb-0.0.0.0/0
I0707 15:03:12.937736   30282 loader.go:222]   Subnet/ap-southeast-1a.kpc-test.k8s.local
I0707 15:03:12.937746   30282 loader.go:222]   Subnet/ap-southeast-1b.kpc-test.k8s.local
I0707 15:03:12.937754   30282 loader.go:222]   Subnet/utility-ap-southeast-1a.kpc-test.k8s.local
I0707 15:03:12.937766   30282 loader.go:222]   Subnet/utility-ap-southeast-1b.kpc-test.k8s.local
I0707 15:03:12.937773   30282 loader.go:222]   VPC/kpc-test.k8s.local
I0707 15:03:12.937781   30282 loader.go:222]   VPCDHCPOptionsAssociation/kpc-test.k8s.local
I0707 15:03:12.937794   30282 loader.go:222]   kpc-test.k8s.local-addons-bootstrap
I0707 15:03:12.937803   30282 loader.go:222]   kpc-test.k8s.local-addons-core.addons.k8s.io
I0707 15:03:12.937812   30282 loader.go:222]   kpc-test.k8s.local-addons-dns-controller.addons.k8s.io-k8s-1.6
I0707 15:03:12.937822   30282 loader.go:222]   kpc-test.k8s.local-addons-dns-controller.addons.k8s.io-pre-k8s-1.6
I0707 15:03:12.937832   30282 loader.go:222]   kpc-test.k8s.local-addons-kube-dns.addons.k8s.io-k8s-1.6
I0707 15:03:12.937842   30282 loader.go:222]   kpc-test.k8s.local-addons-kube-dns.addons.k8s.io-pre-k8s-1.6
I0707 15:03:12.937852   30282 loader.go:222]   kpc-test.k8s.local-addons-limit-range.addons.k8s.io
I0707 15:03:12.937863   30282 loader.go:222]   kpc-test.k8s.local-addons-networking.projectcalico.org-k8s-1.6
I0707 15:03:12.937874   30282 loader.go:222]   kpc-test.k8s.local-addons-networking.projectcalico.org-pre-k8s-1.6
I0707 15:03:12.937885   30282 loader.go:222]   kpc-test.k8s.local-addons-storage-aws.addons.k8s.io
I0707 15:03:12.937896   30282 loader.go:222]   secret/admin
I0707 15:03:12.937906   30282 loader.go:222]   secret/kube
I0707 15:03:12.937917   30282 loader.go:222]   secret/kube-proxy
I0707 15:03:12.937927   30282 loader.go:222]   secret/kubelet
I0707 15:03:12.937937   30282 loader.go:222]   secret/system-controller_manager
I0707 15:03:12.937947   30282 loader.go:222]   secret/system-dns
I0707 15:03:12.937958   30282 loader.go:222]   secret/system-logging
I0707 15:03:12.937968   30282 loader.go:222]   secret/system-monitoring
I0707 15:03:12.937980   30282 loader.go:222]   secret/system-scheduler

error building tasks: unexpected error resolving task "DNSName/bastion.kpc-test.k8s.local": Unable to find task "DNSZone/", referenced from DNSName/bastion.kpc-test.k8s.local:.Zone

Anyone knows how to fix this?

About this issue

Original URL
State: closed
Created 7 years ago
Reactions: 17
Comments: 20 (9 by maintainers)

Commits related to this issue

Populate bastion DNS name with name of ELB Fix #2881 — committed to justinsb/kops by justinsb 7 years ago
Fix bug when using bastion in gossip-based cluster This prevents the `Unable to find task "DNSZone/"` error message when creating a gossip-based cluster with a bastion. Fixes #2881 — committed to duboisf/kops by duboisf 6 years ago
Don't try to configure a bastion DNS name in gossip mode It can't be done anyway; instead we make it work (as far as we can), and we document the workaround (which is to access it via the ELB DNS nam... — committed to justinsb/kops by justinsb 4 years ago
Don't try to configure a bastion DNS name in gossip mode It can't be done anyway; instead we make it work (as far as we can), and we document the workaround (which is to access it via the ELB DNS nam... — committed to justinsb/kops by justinsb 4 years ago
Don't try to configure a bastion DNS name in gossip mode It can't be done anyway; instead we make it work (as far as we can), and we document the workaround (which is to access it via the ELB DNS nam... — committed to justinsb/kops by justinsb 4 years ago
Don't try to configure a bastion DNS name in gossip mode It can't be done anyway; instead we make it work (as far as we can), and we document the workaround (which is to access it via the ELB DNS nam... — committed to olemarkus/kops by justinsb 4 years ago

Most upvoted comments

For all of you that still searching for this solution, you can create cluster with private networking first (without bastion), and then add bastion with this.

+10

akhfa on Jan 1, 2018

This behavior still happens without the fix mentioned by @duboisf.

jsierles on Mar 26, 2018

This still is an issue,

I0830 13:28:46.399938   40508 loader.go:293]   prod.k8s.local-addons-storage-aws.addons.k8s.io-v1.7.0

error building tasks: unexpected error resolving task "DNSName/bastion.prod.k8s.local": Unable to find task "DNSZone/", referenced from DNSName/bastion.prod.k8s.local:.Zone

I understand the reasons, since the bastion args are attempting to setup a a R53 entry with bastion.${NAME}, and since the hosted zone does not exist in R53 as prod.k8s.local it fails.

I’ve resorted to deploy with out the bastion, and then updating to including the bastion config

WesleyCharlesBlake on Aug 30, 2018

I’m running in a problem when I try to set up a cluster with private topology. Here is my call:

kops create cluster
–node-size t2.micro
–master-size t2.micro
–zones eu-central-1b
–master-zones eu-central-1b
–dns-zone ${ZONE}
–ssh-public-key=“~/.ssh/id_rsa.pub”
–topology private
–networking calico
–bastion
${NAME}

and I’m getting the error

error building tasks: unexpected error resolving task “DNSName/bastion.mycustomer-kops-cluster.k8s.local”: Unable to find task “DNSZone/itest-uuid.com”, referenced from DNSName/bastion.mycustomer-kops-cluster.k8s.local:.Zone

Could this be the same problem?

JerryPreissler on Nov 23, 2017