-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problems with coredns timeouts and pods DNS resolution with bpf.masquerade enabled #32489
Comments
I'm not able to reproduce this. I installed a kind cluster with Did you try changing this setting on a running cluster, or was it from scratch? |
I create a cluster from scratch each time. In your tests, are you able to resolve anything from some test pod, like alpine packages repo? |
I tried with your exact setup -- except for on linux -- and it worked perfectly. There must be some kind of strange discrepancy -- maybe mac is the issue? One strange thing I see is this line in
whereas on my cluster, I see
Not sure if that's potentially an issue. What happens if you disable encryption? |
I noticed encryption status come and go as I make changes to values file and apply changes by doing I suspect the issue is Mac thing as well, just not sure how to debug it. |
Yeah, at the end of the day, docker on mac is not really a supported platform; it's useful for development -- and many Cilium developers use it! But I'm not sure that we have the expertise to dig in to these sorts of issues. |
So last night I had some movements. Let's say my setup has:
What would be the correct value for Perhaps that's causing the issue on my end. Most importantly, are |
So I ran into this article where apparently, coredns configmap needs to have fixed nameserver instead of relying on After I tried this, there was no codedns timeout errors and traffic flows as expected. I used this config:
Other than this, I'd really appreciate if there are any conflicts or missconfiguration in terms of CIDRs I used in chart values that I'm not aware of. |
Is there an existing issue for this?
What happened?
After enabling
bpf.masquerade=true
, coredns starts timeouting and other pods can't resolve anything.Cilium Version
Client: 1.15.4 9b3f9a8 2024-04-11T17:25:42-04:00 go version go1.21.9 linux/arm64
Daemon: 1.15.4 9b3f9a8 2024-04-11T17:25:42-04:00 go version go1.21.9 linux/arm64
Kernel Version
Linux dev-control-plane 6.6.26-linuxkit #1 SMP Sat Apr 27 04:13:19 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux
Kubernetes Version
Client Version: v1.30.0
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.29.2
Regression
No response
Sysdump
cilium-sysdump-20240512-205923.zip
Relevant log output
I install Cilium with this:
Anything else?
everything works fine until bpf.masquerade is enabled.
That feature alone is the issue as I tried number of different configurations.
My environment is latest kind cluster running on Docker for Mac.
Cilium Users Document
Code of Conduct
The text was updated successfully, but these errors were encountered: