prerequisites.html <https://docs.openshift.com/container-platform/3.3/install_config/install/prerequisites.html#prereq-dns> covers some of the implications here.
On Thu, Nov 3, 2016 at 1:36 PM, Clayton Coleman <ccole...@redhat.com> wrote: > Not sure from your output but ff the first entry in the same server isn't > the openshift master address, then Alpine will fail because it doesn't try > multiple name servers for things under cluster.local. But it *might* be > trying a random one, in which case the only solution for alpine is to set > up dnsmasq on the node and have only a single entry in resolv.conf > (dnsmasq) that points to the master and then your internal dns entries. > > On Thu, Nov 3, 2016 at 1:30 PM, Srinivas Naga Kotaru (skotaru) < > skot...@cisco.com> wrote: > >> >> >> >> >> % oc get svc >> >> NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE >> >> net-tools 172.30.112.9 <none> 8080/TCP 18h >> >> >> >> / $ cat /etc/resolv.conf >> >> search sd-testing.svc.cluster.local svc.cluster.local cluster.local >> cisco.com >> >> nameserver 173.36.96.19 >> >> nameserver 173.37.137.85 >> >> nameserver 173.37.142.73 >> >> nameserver 173.37.87.157 >> >> options timeout:1 attempts:1 >> >> options ndots:5 >> >> >> >> / $ dig +short net-tools.sd-testing.svc.cluster.local >> >> 172.30.112.9 >> >> >> >> / $ dig +short yahoo.com >> >> >> >> / $ curl -I yahoo.com >> >> HTTP/1.1 301 Moved Permanently >> >> Date: Thu, 03 Nov 2016 17:22:30 GMT >> >> Server: ATS >> >> Location: https://www.yahoo.com/ >> >> Content-Language: en >> >> Cache-Control: no-store, no-cache >> >> Content-Length: 304 >> >> Content-Type: text/html >> >> Via: https/1.1 ir37.fp.ne1.yahoo.com (ApacheTrafficServer), 1.1 >> alln01-mda1-dmz-wsa-2.cisco.com:80 (Cisco-WSA/9.0.1-162) >> >> Connection: keep-alive >> >> >> >> >> >> $ nslookup 173.37.137.85 >> >> Server: 173.36.96.19 >> >> Address: 173.36.96.19#53 >> >> >> >> ** server can't find 85.137.37.173.in-addr.arpa: REFUSED >> >> >> >> / $ nslookup 173.36.96.19 >> >> Server: 173.36.96.19 >> >> Address: 173.36.96.19#53 >> >> >> >> 19.96.36.173.in-addr.arpa name = l3ipn-id2-002.cisco.com. >> >> >> >> >> >> It seems to be working but didn’t understand why dns resolution against >> other entries in /etc/resolve.conf saying server can’t find. Last 3 entries >> in /etc/resolve.conf are our enterprise DNS servers, which might be >> automatically added to container /etc/resolv.conf from host /etc/resolv.conf >> >> >> >> -- >> >> *Srinivas Kotaru* >> >> >> >> *From: *"ccole...@redhat.com" <ccole...@redhat.com> >> *Date: *Thursday, November 3, 2016 at 10:11 AM >> >> *To: *Srinivas Naga Kotaru <skot...@cisco.com> >> *Cc: *"users@lists.openshift.redhat.com" <users@lists.openshift.redhat. >> com> >> *Subject: *Re: Openshift discovery >> >> >> >> Can you show me the output of dig for kubernetes.default.svc.cluster.local >> AND contents of resolv.conf? >> >> >> >> On Thu, Nov 3, 2016 at 12:38 PM, Srinivas Naga Kotaru (skotaru) < >> skot...@cisco.com> wrote: >> >> SKOTARU-M-H06U:~ $ oc get pods >> >> NAME READY STATUS RESTARTS AGE >> >> net-tools-1-pp4t4 0/1 CrashLoopBackOff 208 17h >> >> SKOTARU-M-H06U:~ $ >> >> >> >> SKOTARU-M-H06U:~ $ oc debug net-tools-1-pp4t4 >> >> Debugging with pod/net-tools-1-pp4t4-debug, original command: sh >> >> Waiting for pod to start ... >> >> Pod IP: 10.1.4.10 >> >> If you don't see a command prompt, try pressing enter. >> >> >> >> / $ dig >> >> >> >> ; <<>> DiG 9.10.4-P3 <<>> >> >> ;; global options: +cmd >> >> ;; Got answer: >> >> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 18102 >> >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 >> >> >> >> ;; QUESTION SECTION: >> >> ;. >> IN NS >> >> >> >> ;; Query time: 0 msec >> >> ;; SERVER: 173.36.96.19#53(173.36.96.19) >> >> ;; WHEN: Thu Nov 03 16:37:12 UTC 2016 >> >> ;; MSG SIZE rcvd: 17 >> >> >> >> >> >> -- >> >> *Srinivas Kotaru* >> >> >> >> *From: *"ccole...@redhat.com" <ccole...@redhat.com> >> *Date: *Thursday, November 3, 2016 at 7:02 AM >> *To: *Srinivas Naga Kotaru <skot...@cisco.com> >> *Cc: *"users@lists.openshift.redhat.com" <users@lists.openshift.redhat. >> com> >> *Subject: *Re: Openshift discovery >> >> >> >> If you "oc debug" the crashing pods, do you get a shell up? >> >> >> On Nov 3, 2016, at 9:56 AM, Srinivas Naga Kotaru (skotaru) < >> skot...@cisco.com> wrote: >> >> Clayton >> >> >> >> Sorry for confusion. Original problem was, Service discovery not working >> in regular openshift apps. Out of the box images as well as custom images. >> >> >> >> I was trying to build a image with a net tools for debugging, so it is >> easy for troubleshoot as out of the box images does not have basic net >> tools. Openshift throwing crash recovery for any image I build, so I might >> be doing some mistake. These images working fine in standard docker. >> >> >> >> >> Sent from my iPhone >> >> >> On Nov 3, 2016, at 6:24 AM, Clayton Coleman <ccole...@redhat.com> wrote: >> >> Alpine uses musl which has known differences from glibc in how it handles >> DNS resolution. *usually* this is because multiple nameservers are listed >> in resolv.conf and the first one doesn't answer queries for >> *svc.cluster.local. You can check that by execing into containers and >> looking at the resolv.conf. >> >> >> >> In 3.3, at the host level we configure dnsmasq by default to offer a >> single resolver (so musl doesn't get confused). You can check how that is >> configured on your hosts. >> >> >> On Nov 2, 2016, at 5:06 PM, Srinivas Naga Kotaru (skotaru) < >> skot...@cisco.com> wrote: >> >> Trying to debug below issue reported by client. For some reason, service >> discover never working in our platform. >> >> >> >> Building an image with net tools for easy troubleshooting these issues >> from platform side. I’m sure making silly mistake, but image build from >> below code always throws CrashLoopBackOff error. >> >> >> >> Wondering what mistake am doing here? >> >> >> >> FROM alpine:latest >> >> RUN apk update && apk add bind-tools net-tools curl >> >> ENTRYPOINT ["sh"] >> >> >> >> I observed any image build throwing the same error. Example ubuntu image >> from dockerhub. What preventing oepnshfit to run ? >> >> >> >> -- >> >> *Srinivas Kotaru* >> >> >> >> >> >> >> >> Tried all of those options. >> >> <image001.png> >> >> >> >> In fact, even the first one should work, since resolve.conf has search >> domains configured. That would be ideal, since it makes the configuration >> of pods dependencies easier to port across projects. >> >> >> Regards, >> >> Tom. >> >> >> >> >> >> _______________________________________________ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> >> > >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users