kubernetes: Windows containers do not use DNS suffix search lists

Is this a BUG REPORT or FEATURE REQUEST?:

/kind bug

/sig windows

What happened:

When deploying Kubernetes pods, the Linux containers will contain the following entries in the /etc/resolv.conf file:

nameserver 10.0.0.10
search e2e-tests-dns-x649p.svc.cluster.local svc.cluster.local cluster.local jqfxe3n5w2rubdex0hknvvd1kf.bx.internal.cloudapp.net
options ndots:5

However, these are not set on Windows containers; the container’s DNS suffix search list is not applied. Only the “Connection-specific DNS suffix” to “svc.cluster.local” (on acs-engine 0.18.0) is set. This means that:

- kubernetes
- kubernetes.default
- kubernetes.default.cluster
- other pods / services in other namespaces

are not all resolvable.

For consistency with the Linux containers, the DNS suffix search list could be applied globally inside the Windows containers:

$dnsSuffixes = @("namespace.svc.cluster.local", "default.svc.cluster.local", "svc.cluster.local", "cluster.local")
Set-DnsClientGlobalSetting -SuffixSearchList $dnsSuffixes

What you expected to happen:

The following names should be resolvable:

- kubernetes
- kubernetes.default
- kubernetes.default.cluster
- other pods / services in current or other namespaces

How to reproduce it (as minimally and precisely as possible):

Create a Windows pod:

kubectl create namespace e2e-tests-dns-x649p
kubectl create -f windows_pod.yaml  # https://paste.ubuntu.com/p/ZgfQS9Wgcf/

kubectl exec -n e2e-tests-dns-x649p dns-test-2ed58282-6d85-11e8-89cc-000c29738e2c -c querier -- cmd /S /C ipconfig /all
kubectl exec -n e2e-tests-dns-x649p dns-test-2ed58282-6d85-11e8-89cc-000c29738e2c -c querier -- cmd /S /C nslookup kubernetes
kubectl exec -n e2e-tests-dns-x649p dns-test-2ed58282-6d85-11e8-89cc-000c29738e2c -c querier -- cmd /S /C nslookup kubernetes.default
kubectl exec -n e2e-tests-dns-x649p dns-test-2ed58282-6d85-11e8-89cc-000c29738e2c -c querier -- cmd /S /C nslookup kubernetes.default.svc
kubectl exec -n e2e-tests-dns-x649p dns-test-2ed58282-6d85-11e8-89cc-000c29738e2c -c querier -- cmd /S /C nslookup dns-test-service

And a Linux pod for comparison:

kubectl create namespace e2e-tests-dns-x649p
kubectl create -f linux_pod.yaml  # https://paste.ubuntu.com/p/kcFcfxYjm3/

kubectl exec -n e2e-tests-dns-x649p dns-test-2ed58282-6d85-11e8-89cc-000c29738e2c -c querier -- cat /etc/resolv.conf
kubectl exec -n e2e-tests-dns-x649p dns-test-2ed58282-6d85-11e8-89cc-000c29738e2c -c querier -- nslookup kubernetes
kubectl exec -n e2e-tests-dns-x649p dns-test-2ed58282-6d85-11e8-89cc-000c29738e2c -c querier -- nslookup kubernetes.default
kubectl exec -n e2e-tests-dns-x649p dns-test-2ed58282-6d85-11e8-89cc-000c29738e2c -c querier -- nslookup kubernetes.default.svc
kubectl exec -n e2e-tests-dns-x649p dns-test-2ed58282-6d85-11e8-89cc-000c29738e2c -c querier -- nslookup dns-test-service

Anything else we need to know?:

Environment:

Kubernetes version (use kubectl version): 1.10
Cloud provider or hardware configuration:
OS (e.g. from /etc/os-release): Windows Server 1803 (10.0.17134.48)
Install tools: acs-engine v0.18.0
Others:

About this issue

Original URL
State: closed
Created 6 years ago
Comments: 19 (15 by maintainers)

Most upvoted comments

@PatrickLang Two potential fixes:

Change the default CNI config file for Windows to include all these suffixes & change CNI to accommodate these suffixes accordingly.
Let kubernetes configure all the DNS info in the pods.

saiyan86 on Jun 13, 2018