hairpin-proxy icon indicating copy to clipboard operation
hairpin-proxy copied to clipboard

Published 20 hours ago verified publisher icon compumike

Incompatibility with node-local-dns

Open hroost opened this issue 1 year ago • 0 comments

Hi,

Recently I run into a incompatibility hairpin-proxy together with node-local-dns: while hairpin-proxy successefully updating configmap/coredns

It seems like hairpin should also follow and keep updated configmap/node-local-dns, appending there the rewrite section.

kubectl get configmap -n kube-system coredns -o=jsonpath='{.data.Corefile}'

.:53 {
    rewrite name example.com proxy-c24e38fb75b2c.hairpin-proxy.svc.cluster.local # Added by hairpin-proxy
    rewrite name www.example.com proxy-c24e38fb75b2c.hairpin-proxy.svc.cluster.local # Added by hairpin-proxy
    errors
    health
    ready
    kubernetes cluster.local in-addr.arpa ip6.arpa {
      pods insecure
      fallthrough in-addr.arpa ip6.arpa
    }
    hosts /etc/coredns/NodeHosts {
      ttl 60
      reload 15s
      fallthrough
    }
    prometheus :9153
    forward . /etc/resolv.conf
    cache 30
    loop
    reload
    loadbalance
    import /etc/coredns/custom/*.override
}
import /etc/coredns/custom/*.server

kubectl get configmap -n kube-system node-local-dns -o=jsonpath='{.data.Corefile}'

cluster.local:53 {
    errors
    cache {
            success 9984 30
            denial 9984 5
    }
    reload
    loop
    bind 169.254.20.10 10.43.0.10
    forward . __PILLAR__CLUSTER__DNS__ {
            force_tcp
    }
    prometheus :9253
    health 169.254.20.10:8080
    }
in-addr.arpa:53 {
    errors
    cache 30
    reload
    loop
    bind 169.254.20.10 10.43.0.10
    forward . __PILLAR__CLUSTER__DNS__ {
            force_tcp
    }
    prometheus :9253
    }
ip6.arpa:53 {
    errors
    cache 30
    reload
    loop
    bind 169.254.20.10 10.43.0.10
    forward . __PILLAR__CLUSTER__DNS__ {
            force_tcp
    }
    prometheus :9253
    }
.:53 {
    errors
    cache 30
    reload
    loop
    bind 169.254.20.10 10.43.0.10
    forward . __PILLAR__UPSTREAM__SERVERS__
    prometheus :9253
    }

It also visible through dns resolving inside the Pod:

# dig +short example.com @10.244.0.12
10.43.108.37
# dig +short example.com @10.43.0.10
167.235.116.70

Here the node-local-dns respond with external LB IP while direct response from coredns pod returning correct replaced IP of hairpin proxy.

I'm running this hairpin fork but the same applies for this one.

Hope this info may help someone to save time and would be great if anybody has idea how implement this feature.

hroost avatar Jul 05 '23 11:07 hroost