Comments (6)
mdbooth
commented on June 27, 2024
The documentation of this field is quite spectacularly bad: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
"ClusterFirstWithHostNet": For Pods running with hostNetwork, you should explicitly set its DNS policy to "ClusterFirstWithHostNet". Otherwise, Pods running with hostNetwork and "ClusterFirst" will fallback to the behavior of the "Default" policy.
To my eyes that clearly says that pods running with host networking should set ClusterFirstWithHostNet. CCM runs with host networking, so we'd seem to be covered. It doesn't actually say what it does, though.
For reasons I don't understand, most likely legacy API compatibility, ClusterFirst sets the DNS policy to Default if the pod uses host networking. Internally that is mapped to a podDNSType of podDNSHost, which is a much better name. i.e. ClusterFirst means:
Use cluster networking unless the pod uses host networking, in which case use the host's DNS.
ClusterFirstWithHostNet removes the fallthrough and uses ClusterFirst in all cases.
As an early bootstrap service, I don't think CCM can rely on cluster DNS being up. I suspect it is correct to revert this.
@xinity, what was the issue you were hitting which caused you to change it? It's not clear to me from reading #2594 or #2592? I appreciate that CCM is not able to resolve service names internal to the cluster, but why did that matter?
from cloud-provider-openstack.
xinity
commented on June 27, 2024
@mdbooth occm wasn't able to query the internal coredns instance without this new value
It matters because of specific internal dns zone with squid proxy that should be resolved from occm
from cloud-provider-openstack.
mdbooth
commented on June 27, 2024
@mdbooth occm wasn't able to query the internal coredns instance without this new value
It matters because of specific internal dns zone with squid proxy that should be resolved from occm
Right, but why? What was the internal DNS zone, and why was it important that CCM could resolve it?
from cloud-provider-openstack.
jichenjc
commented on June 27, 2024
our CI passed so it should be a smaller portion of error case
and I am also curious why the internal DNS zone is needed here
from cloud-provider-openstack.
mdbooth
commented on June 27, 2024
our CI passed so it should be a smaller portion of error case
I also wondered about that. Does that mean CNI comes up an an uninitialized node, and coredns tolerates uninitialised?
from cloud-provider-openstack.
yankcrime
commented on June 27, 2024
I've just tested the new release of OCCM on a cluster with 1.30 and have hit this issue as well. For anyone else who is struggling to understand the root cause (being this change), the nondescript error from the CCM Pod is:
Error from server: no preferred addresses found; known addresses: []
I only found the underlying error when I SSH'd onto the node where the CCM had been scheduled and looked at the container logs in /var/log/containers.
from cloud-provider-openstack.
Related Issues (20)
- [k8s-keystone-auth] apiVersion unknown HOT 2
- [manila-csi-plugin] If Manila CSI plugin supports Access Mode ReadWriteOnce HOT 5
- Overlapping load balancers when running multiple clusters in the same tenant HOT 2
- [cinder-csi-plugin] How to set my own description when creating a PV HOT 2
- cinder-csi: consider using ClusterFirstWithHostNet DNSPolicy HOT 2
- [k8s-keystone-auth] kubeadm init phase fails when webhook not ready HOT 3
- [occm] Add Openstack server hostId as k8s node label HOT 16
- cinder-csi-plugin] [manila-csi-plugin] Cinder and Manila CSI charts linting fails because @brtknr is no longer a GitHub account
- [occm] LoadBalancer ProxyProtocol v2 feature HOT 4
- [csi-cinder-plugin] Pods stuck in "ContainerCreating" because a volume could not be formatted and mounted
- [occm] doesn't rely on coredns configuration to do dns resolution HOT 1
- Compatibility Matrix HOT 2
- [occm] Support for `spec.loadBalancerClass`? HOT 7
- [csi-cinder-plugin] Ephemeral Volume removal process HOT 1
- [occm] Support `loadbalancer.openstack.org/flavor-name` instead of only `loadbalancer.openstack.org/flavor-id` HOT 7
- need create 1.30 CI HOT 2
- [occm] LoadBalancer created and linked but service pending HOT 6
- Only a Master Node is Getting EXTERNAL-IP Not worker nodes? HOT 5
- [manila-csi-plugin] Cannot extend pvc HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cloud-provider-openstack.