Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Submariner does not add LightHouse DNS entry in corefile section of configmap in case of RKE2 cluster. #1602

Closed
manojgop opened this issue Jul 26, 2024 · 8 comments · Fixed by submariner-io/submariner-operator#3295
Closed

Submariner does not add LightHouse DNS entry in corefile section of configmap in case of RKE2 cluster. #1602

manojgop opened this issue Jul 26, 2024 · 8 comments · Fixed by submariner-io/submariner-operator#3295
Assignees
@vthapar @tpantelis
Labels
bug Something isn't working K3s priority:medium

Comments

@manojgop
Copy link

manojgop commented Jul 26, 2024
edited
Loading

What happened:

Submariner does not add LightHouse DNS entry in configmap "corefile" section in case of RKE2 cluster. For RKE2, I see "rke2-coredns" instead of core-dns. rke2-coredns is NOT configured to forward requests for domain clusterset.local to Lighthouse CoreDNS Server in the cluster making the query. I had to edit this config file manually in "corefile" section in all clusters to make it work.

The output of kubectl -n kube-system describe configmap rke2-coredns-rke2-coredns is as following. The forward rule is present in lighthouse.server section. But that didn't work in case of RKE2.

Data
====
Corefile:
----
.:53 {
    errors
    health  {
        lameduck 5s
    }
    ready
    kubernetes   cluster.local  cluster.local in-addr.arpa ip6.arpa {
        pods insecure
        fallthrough in-addr.arpa ip6.arpa
        ttl 30
    }
    prometheus   0.0.0.0:9153
    forward   . /etc/resolv.conf
    cache   30
    loop
    reload
    loadbalance
}
lighthouse.server:
----
clusterset.local:53 {
    forward . 10.43.180.127
}

nslookup nginx.default.svc.clusterset.local returned server can't find nginx.default.svc.clusterset.local: NXDOMAIN

I had to manually edit config map and keep following section in the corefile section of the configmap

clusterset.local:53 {
    forward . 10.43.180.127
} 


Data
====
Corefile:
----
#lighthouse-start
clusterset.local:53 {
    forward . 10.43.180.127
}
#lighthouse-end
.:53 {
    errors
    health  {
        lameduck 5s
    }
    ready
    kubernetes   cluster.local  cluster.local in-addr.arpa ip6.arpa {
        pods insecure
        fallthrough in-addr.arpa ip6.arpa
        ttl 30
    }
    prometheus   0.0.0.0:9153
    forward   . /etc/resolv.conf
    cache   30
    loop
    reload
    loadbalance
}

Adding the rules in lighthouse.server section seems to be a issue. Looks like RKE2 is expecting the rules in Corefile section

What you expected to happen:

Lighthouse DNS to work for exported services in RKE2 clusters

How to reproduce it (as minimally and precisely as possible):

Try using submariner with RKE2 cluster and export service

Anything else we need to know?: Check Slack for more details slack comments

Environment:

  • Diagnose information (use subctl diagnose all):
  • Gather information (use subctl gather):
  • Cloud provider or hardware configuration:
  • Install tools:
  • Others:
@manojgop manojgop added the bug Something isn't working label Jul 26, 2024
@manojgop manojgop changed the title Submariner does not add LightHouse DNS entry in configmap in case of RKE2 cluster. Submariner does not add LightHouse DNS entry in corefile section of configmap in case of RKE2 cluster. Jul 27, 2024
@dfarrell07 dfarrell07 added the K3s label Jul 30, 2024
@dfarrell07
Copy link
Member

ACK, thanks for the report @manojgop. This does seem to be an issue. @vthapar can provide some details.

@dfarrell07 dfarrell07 moved this to Todo in Submariner 0.19 Jul 30, 2024
@vthapar
Copy link
Contributor

vthapar commented Jul 30, 2024

CustomDNSCONfig was added at the time for an issue with Azure/AKS clusters where they required DNS configuration to be in a separate file and xyz.server format. That is why we use lighthouse.server. But rke2 expects it in the Corefile section itself. This will require some work, and potentially a new flag without breaking any existing AKS deployments.

@tpantelis tpantelis self-assigned this Oct 19, 2024
@github-project-automation github-project-automation bot moved this to Backlog in Backlog Oct 19, 2024
@tpantelis tpantelis moved this from Backlog to Next Version Candidate in Backlog Oct 19, 2024
@maayanf24 maayanf24 removed this from Backlog Oct 29, 2024
@maayanf24 maayanf24 moved this to Todo in Submariner 0.20 Oct 29, 2024
@Kirubel-Fikru
Copy link

Do you happen to have any updates here? I have a similar issue where Submariner is incorrectly trying to update the non-existent dns-default ConfigMap. Where i get this error in the submariner operator pod.

Reconciler error error="error updating Openshift DNS operator: error trying to update microshift coredns configmap "openshift-dns" in namespace "openshift-dns": error updating DNS ConfigMap: error creating or updating resource: configmaps "dns-default" not found" ServiceDiscovery={"name":"service-discovery","namespace":"submariner-operator"} controller=servicediscovery-controller controllerGroup=submariner.io controllerKind=ServiceDiscovery name=service-discovery namespace=submariner-operator reconcileID=3e519719-b537-4219-9ece-4f106e15b05e.

It is attempting to interact with OpenShift-specific resources (like the openshift-dns namespace) that aren’t present in a default RKE2 environment?

@tpantelis
Copy link
Contributor

This is scheduled for the 0.20 release and will be worked on based on priority. Of course we always welcome contributions.

@tpantelis
Copy link
Contributor

Reconciler error error="error updating Openshift DNS operator: error trying to update microshift coredns configmap "openshift-dns" in namespace "openshift-dns": error updating DNS ConfigMap: error creating or updating resource: configmaps "dns-default" not found" ServiceDiscovery={"name":"service-discovery","namespace":"submariner-operator"} controller=servicediscovery-controller controllerGroup=submariner.io controllerKind=ServiceDiscovery name=service-discovery namespace=submariner-operator reconcileID=3e519719-b537-4219-9ece-4f106e15b05e.

It is attempting to interact with OpenShift-specific resources (like the openshift-dns namespace) that aren’t present in a default RKE2 environment?

That's a last resort b/c it didn't find the standard "coredns" ConfigMap and no custom config map was specified. @manojgop apparently did the latter but it didn't modify the "Corefile" section as explained here

@tpantelis
Copy link
Contributor

tpantelis commented Dec 4, 2024
edited
Loading

So RKE2 uses the same CoreDNS ConfigMap as other providers but, for some reason, names it "rke-coredns" rather than the standard "coredns" that LH is expecting. I think a simple solution is to expand our search criteria - first search for "coredns" in the kube-system namespace as we do now and, if not found, search for a ConfigMap in the same namespace with the suffix "-coredns". This way RKE2 just works out-of-the-box w/o having to specify a custom ConfigMap. @vthapar @aswinsuryan

@tpantelis tpantelis moved this from Todo to In Progress in Submariner 0.20 Dec 4, 2024
@Kirubel-Fikru
Copy link

I think this is a good solution. But one more question for clarification. Won't that be a problem if we have multiple ConfigMaps with the "-coredns" suffix?

@tpantelis
Copy link
Contributor

tpantelis commented Dec 4, 2024
edited
Loading

I think this is a good solution. But one more question for clarification. Won't that be a problem if we have multiple ConfigMaps with the "-coredns" suffix?

Is that possible with RKE? I don't have an RKE setup - do you see multiple in your setup? We'd also look for the presence of the Corefile data entry. I'd think there would only be one of these.

Also, is the "rke-coredns" name well-known and hard-coded out-of-box or can the user change it to whatever they want? Is it possible Rancher could change the name to something completely different in the future?

tpantelis added a commit to tpantelis/submariner-operator that referenced this issue Dec 5, 2024
@tpantelis
Handle non-standard coredns ConfigMap name in SD controller
199cea1 
Fixes submariner-io/lighthouse#1602

Signed-off-by: Tom Pantelis <tompantelis@gmail.com>
@tpantelis tpantelis mentioned this issue Dec 5, 2024
Merged
tpantelis added a commit to tpantelis/submariner-operator that referenced this issue Dec 5, 2024
@tpantelis
Handle non-standard coredns ConfigMap name in SD controller
9e5a83b 
Fixes submariner-io/lighthouse#1602

Signed-off-by: Tom Pantelis <tompantelis@gmail.com>
@github-project-automation github-project-automation bot moved this from In Progress to Done in Submariner 0.20 Dec 9, 2024
@github-project-automation github-project-automation bot moved this from In Progress to Done in Submariner 0.20 Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vthapar vthapar

@tpantelis tpantelis

Labels
bug Something isn't working K3s priority:medium
Projects
Submariner 0.20
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Handle non-standard coredns ConfigMap name in SD controller tpantelis/submariner-operator
5 participants
@dfarrell07 @vthapar @tpantelis @manojgop @Kirubel-Fikru