-
Hi ! I'm trying to deploy coredns on a self managed kubernetes cluster (v1.21.4), i'm using the official helm chart (version 1.8.4) with the following values: service:
clusterIP: "172.16.255.42"
serviceAccount:
create: true
hpa:
enabled: true
minReplicas: 1
maxReplicas: 2
metrics: []
servers:
- zones:
- zone: .
port: 53
plugins:
- name: errors
- name: health
configBlock: |-
lameduck 5s
- name: ready
- name: kubernetes
parameters: cluster.local 172.16.0.0/16 in-addr.arpa ip6.arpa
configBlock: |-
pods verified
fallthrough in-addr.arpa ip6.arpa
ttl 30
- name: prometheus
parameters: 0.0.0.0:9153
- name: forward
parameters: . 1.1.1.1 9.9.9.9
- name: cache
parameters: 30
- name: loop
- name: reload
- name: loadbalance
- name: autopath
parameters: "@kubernetes" Note that if i remove the kubernetes plugin, its work without issue (without internal resolving ofc). Also i've tried to increase verbosity with Here are the log from the pod itself:
I'm guessing that coredns can't fetch data from the kubernetes api but i can't understand why, i've tried to reach the api from another pod without issue:
I also have checked logs for the apiserver but there is no errors or anything that links to a potential coredns request.
I've looked around everywhere that i could think of without having luck, does anyone have an idea to debug this further ? |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 5 replies
-
Solved ! It was because the certificate of my kube-apiserver didn't allowed the ip of the internal kubernetes service :) |
Beta Was this translation helpful? Give feedback.
-
/close
…On Sun, 21 Nov 2021, 18:21 Valentin Marchaud, ***@***.***> wrote:
Solved ! It was because the certificate of my kube-apiserver didn't
allowed the ip of the internal kubernetes service :)
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#4990 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACWIWYYHKJKYCD2Z2KI6PLUNETAPANCNFSM5IMQMZVQ>
.
|
Beta Was this translation helpful? Give feedback.
-
Also, i have created the k3s with |
Beta Was this translation helpful? Give feedback.
Solved ! It was because the certificate of my kube-apiserver didn't allowed the ip of the internal kubernetes service :)