Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

If "KUBERNETES_SERVICE_HOST" is domain, initial installation is not possible. (tigera-operator for windows) #9536

Open
moonek opened this issue Nov 27, 2024 · 2 comments

Comments

@moonek
Copy link

moonek commented Nov 27, 2024

In an environment where tigera-operator is being installed for the first time considering the use of Windows, if KUBERNETES_SERVICE_HOST is a domain, the operator does not work properly.

kubectl apply -f - << EOF
kind: ConfigMap
apiVersion: v1
metadata:
  name: kubernetes-services-endpoint
  namespace: tigera-operator
data:
  KUBERNETES_SERVICE_HOST: myk8s.api-endpoint.com # example
  KUBERNETES_SERVICE_PORT: 6443
EOF

In the initial k8s environment, coredns is not run before tigera-operator installs calico-cni.
Because the dnsPolicy of tigera-operator deployment is set to ClusterFirstWithHostNet, the above domain cannot be lookup.
https://github.com/projectcalico/calico/blob/240c89fe44512db49957eea27c3bbf2d18f33785/manifests/tigera-operator.yaml#L24758-L24760

Therefore, an error occurs in tigera-operator and calico-cni is not installed.

Expected Behavior

If KUBERNETES_SERVICE_HOST is a domain, an initial install must also be done.

Current Behavior

A domain lookup failure error continues to occur in the tigera-operator pod.

Possible Solution

If change tigera-operator's dnsPolicy to Default, it will not lookup coredns first, but will normally lookup the apiserver address from the dns nameserver set in the host.
After making this change, calico-cni was installed normally, but I am not sure if this is the correct method.
Please give me clear instructions on what to do.

Steps to Reproduce (for bugs)

Context

Your Environment

  • Calico version
  • Calico dataplane (iptables, windows etc.)
  • Tigera Operator: v1.34.5
  • Orchestrator version (e.g. kubernetes, mesos, rkt): kubernetes v1.30.6
  • Operating System and version:
  • Link to your project (optional):
@sridhartigera
Copy link
Member

We have seen similar cases where the operator needs to resolve DNS. We solve it by specifying nameservers under the dnsConfig in the operator deployment spec.

@sridhartigera
Copy link
Member

@moonek Did you get a chance to try adding the nameserver config?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants