K
Q

Pods cant reach kube-dns

1/4/2022

I'm newbie at kubernetes. I set up a local cluster with 1 master and 2 workers (worker1,worker2) using kubeadm and virtualbox. I chose containerd as my Container Runtime.

I'm facing a issue with networking that it's driving me crazy.

I cant ping any outside address from pods because DNS is not resolving

I used the following to set up the cluster:

kubeadm init --apiserver-advertise-address=10.16.10.10 --apiserver-cert-extra-sans=10.16.10.10 --node-name=master0 --pod-network-cidr=10.244.0.0/16

Swap and SELinux are disabled.

I'm using flannel.

[masterk8s@master0 .kube]$ kubectl get nodes -o wide
NAME      STATUS   ROLES                  AGE     VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION                CONTAINER-RUNTIME
master0   Ready    control-plane,master   3h26m   v1.23.1   10.16.10.10   <none>        CentOS Linux 7 (Core)   3.10.0-1160.49.1.el7.x86_64   containerd://1.4.12
worker1   Ready    <none>                 169m    v1.23.1   10.16.10.11   <none>        CentOS Linux 7 (Core)   3.10.0-1160.49.1.el7.x86_64   containerd://1.4.12
worker2   Ready    <none>                 161m    v1.23.1   10.16.10.12   <none>        CentOS Linux 7 (Core)   3.10.0-1160.49.1.el7.x86_64   containerd://1.4.12

 
 NAMESPACE     NAME                                  READY   STATUS    RESTARTS       AGE    IP            NODE      NOMINATED NODE   READINESS GATES
default       pod/dnsutils                          1/1     Running   1 (59m ago)    119m   10.244.3.2    worker1   <none>           <none>
default       pod/nginx                             1/1     Running   0              11s    10.244.4.2    worker2   <none>           <none>
kube-system   pod/coredns-64897985d-lnzs7           1/1     Running   0              126m   10.244.0.2    master0   <none>           <none>
kube-system   pod/coredns-64897985d-vfngl           1/1     Running   0              126m   10.244.0.3    master0   <none>           <none>
kube-system   pod/etcd-master0                      1/1     Running   1 (125m ago)   126m   10.16.10.10   master0   <none>           <none>
kube-system   pod/kube-apiserver-master0            1/1     Running   1 (125m ago)   126m   10.16.10.10   master0   <none>           <none>
kube-system   pod/kube-controller-manager-master0   1/1     Running   1 (125m ago)   126m   10.16.10.10   master0   <none>           <none>
kube-system   pod/kube-flannel-ds-6g4dm             1/1     Running   0              81m    10.16.10.12   worker2   <none>           <none>
kube-system   pod/kube-flannel-ds-lvgpf             1/1     Running   0              89m    10.16.10.11   worker1   <none>           <none>
kube-system   pod/kube-flannel-ds-pkm4k             1/1     Running   1 (125m ago)   126m   10.16.10.10   master0   <none>           <none>
kube-system   pod/kube-proxy-8gnfx                  1/1     Running   0              89m    10.16.10.11   worker1   <none>           <none>
kube-system   pod/kube-proxy-cbws6                  1/1     Running   0              81m    10.16.10.12   worker2   <none>           <none>
kube-system   pod/kube-proxy-fxvm5                  1/1     Running   1 (125m ago)   126m   10.16.10.10   master0   <none>           <none>
kube-system   pod/kube-scheduler-master0            1/1     Running   1 (125m ago)   126m   10.16.10.10   master0   <none>           <none>


NAMESPACE     NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE    SELECTOR
default       service/kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP                  126m   <none>
kube-system   service/kube-dns     ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   126m   k8s-app=kube-dns

cat /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf 

# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS

master:

[masterk8s@master0 .kube]$ ip r
default via 10.0.2.2 dev enp0s3 
default via 10.16.10.1 dev enp0s9 proto static metric 102 
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100 
10.16.10.0/24 dev enp0s9 proto kernel scope link src 10.16.10.10 metric 102 
10.244.0.0/24 dev cni0 proto kernel scope link src 10.244.0.1 
10.244.3.0/24 via 10.244.3.0 dev flannel.1 onlink 
10.244.4.0/24 via 10.244.4.0 dev flannel.1 onlink 
192.168.56.0/24 dev enp0s8 proto kernel scope link src 192.168.56.100 metric 101

worker1:

[workerk8s@worker1 ~]$ ip r
default via 10.0.2.2 dev enp0s3 proto dhcp metric 100 
default via 10.16.10.1 dev enp0s9 proto static metric 102 
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100 
10.16.10.0/24 dev enp0s9 proto kernel scope link src 10.16.10.11 metric 102 
10.244.0.0/24 via 10.244.0.0 dev flannel.1 onlink 
10.244.3.0/24 dev cni0 proto kernel scope link src 10.244.3.1 
10.244.4.0/24 via 10.244.4.0 dev flannel.1 onlink 
192.168.56.0/24 dev enp0s8 proto kernel scope link src 192.168.56.101 metric 101

I can reach kube-dns cluster-IP from master:

[masterk8s@master0 .kube]$ telnet 10.96.0.10 53
Trying 10.96.0.10...
Connected to 10.96.0.10.
Escape character is '^]'.

But cannot from worker:

[workerk8s@worker1 ~]$ telnet 10.96.0.10 53
Trying 10.96.0.10...
^C

I used dnsutils pod from kubernetes (https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/) to do some tests:

(This pod's been deployed on worker1 but same issue for worker2)

[masterk8s@master0 .kube]$ kubectl exec -i -t dnsutils -- nslookup kubernetes.default
^C
command terminated with exit code 1



[masterk8s@master0 .kube]$ kubectl exec -i -t dnsutils --  cat /etc/resolv.conf
search default.svc.cluster.local svc.cluster.local cluster.local Home
nameserver 10.96.0.10
options ndots:5

There's connection between nodes. But pods on different nodes can't ping each other. Example:

default       pod/dnsutils                          1/1     Running   1 (59m ago)    119m   10.244.3.2    worker1   <none>           <none>
default       pod/nginx                             1/1     Running   0              11s    10.244.4.2    worker2   <none>           <none>

10.244.3.2 is only reachable from worker1 and 10.224.4.2 only reachable from worker2.

My guessing is there's something wrong with kube-proxy but don't know what it could be.

I can't see any errors in pod logs.

Any suggestions?

Thanks

EDITED:

SOLVED

Flannel was using wrong interface, as my nodes have 3 network interfaces, I specified the correct one with --iface

name: kube-flannel
        image: quay.io/coreos/flannel:v0.15.1
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        - --iface=enp0s9

Also realized firewalld was blocking requests to DNS, and solved that adding (https://stackoverflow.com/questions/60708270/how-can-i-use-flannel-without-disabing-firewalld-kubernetes):

firewall-cmd --add-masquerade --permanent
-- miguelan94
dns
flanneld
kubernetes
networking

Similar Questions

Docker image deployment tool for Kubernetes
HPA labelSelector not filtering external metrics
Mongodb yaml `selector` does not match template `labels`
Application log files to ELK
no kind "TZCronJob" is registered for version "cronjobber.hidde.co/v1alpha1"

0 Answers