-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EKS Windows node pods unable to resolve DNS to Linux Pods #606
Comments
Can you provide us with the below mentioned details:
|
First I like to mention that, the DNS resolution failing instance was a Statefull set deployment with one of the service being headeless service. But Linux nodes doesn't have any issue with this. Please find the requested details below. - AMI ID: ami-034770f7a9c1471e4 Windows IP Configuration Host Name . . . . . . . . . . . . : windows-server-iis-66bf9745b-lsl52 Ethernet adapter vEthernet (cid-abcb2ffd84f59e562878e32ba19a89dc8ab0cbb35414808ff281ddec2e71945d): Connection-specific DNS Suffix . : default.svc.cluster.local - Resolve-DNSName (w and w/o DNS suffix) from within the pod/container << Without DNS Suffix >> << With DNS Suffix> Ping statistics for 192.168.70.251: CNI Config (Windows Node) : Not sure how to fetch these details. |
@vsiddharth Do you have any inputs on this? Waiting for your resolution |
Inside your container, can you run the following command and share the result? When you say DNS lookup doesn't work, how are you validating? Just ping command? Try resolve-dnsname and let us know. |
Hi @somujay . thanks for the response. Please find the dns resolution report PS C:> resolve-dnsname mysql-0.mysql
================================================================ PS C:> resolve-dnsname mysql-0.mysql.default.svc.cluster.local Name Type TTL Section IPAddress mysql-0.mysql.default.svc.cluster.local A 5 Answer 192.168.70.251 ================================================================= As an additional info, there is an activemq server running in another Linux node in the same cluster. For that service DNS resolution is successful. PS C:> resolve-dnsname activemq Name Type TTL Section IPAddress activemq.default.svc.cluster.local A 5 Answer 10.100.63.59 |
@somujay Do you have any help on this. ? |
This is a Windows limitation:
So "service.namespace" is not expected to work on Windows pods. You shouldn't need to Set-DnsClientGlobalSetting inside the pod before the FQDN works though, but only "service" and the full FQDNs work on Windows. Likewise, you can't just change the pod DNS mode to get Partially-Qualified Domain Name resolution either (same link):
Apps in another namespace from their database need to use the FQDN, and please add the final dot to avoid using the search path to make extra, unnecessary DNS requests. |
I am currently having an issue.. Windows pods can not resolve .default.svc.cluster.local however, i was able to resolve this when i exec into the windows pods. Question: I am currently using coredns |
EKS relies on EKS Windows relies on the above mechanism for DNS resolution. Please ensure that the core-dns pods are reachable from the EKS Windows worker nodes by adjusting the security groups if required. When pods are scheduled onto a EKS Windows worker node, the CNI plugin creates HNS Endpoints with required DNS details including both nameservers using DNSClusterIP and a DNS Suffix Search List. Refer https://github.com/aws/amazon-vpc-cni-plugins/blob/master/plugins/vpc-shared-eni/network/bridge_windows.go#L165 for more details. |
The customer reached out to Somu Jayabalan personally and was able to resolve the issue by updating the kubernetes Jenkins plugin and reported EKS was working fine. |
Yes, you can close the issue. Thanks |
Hi all, Run this line before starting your windows container (I choose google's DNS, but your choice is up to you): |
Env: AWS EKS 1.18 I would appreciate if someone can clarify my understanding and possible resolve my problem. I am aware that there a limitation with windows container where PQDN is not supported. But I am having trouble to resolve just the leaf name ex: "ping mysql" doesn't resolve
From Windows Node attached to k8s cluster`
From sample windows application running in a pod in windows node
If I add the DNSSuffix using I don't see any issues with Linux pod and I cannot update the DNS-SuffixSearchList while creating the pod as it varies for each env like dev, ci, qa, staging, prod. I can confirm the following:
Any help/comment is appriciated. |
Tell us about your request
Set-DnsClientGlobalSetting -SuffixSearchList @("default.svc.cluster.local", "svc.cluster.local", "cluster.local", "us-east1.compute.internal") the ping to modified dns works. That is i have to suffix ".default.svc.cluster.local" to my original dns name. for eg: mysql-0.mysql to mysql-0.mysql.default.svc.cluster.local will work. But I dont' think that's how its supposed to be. Linux services works without this suffix.
Which service(s) is this request for?
EKS
Are you currently working around this issue?
Yes from long time.
The text was updated successfully, but these errors were encountered: