Geek Answers Handbook

Kubernetes: Problems with VPN and DNS Server

I deployed the docker-openvpn container in my (local) Kubernetes cluster to locally access my services safely and debug dependent services.

I can connect to the cluster through the openVPN server. However, I cannot resolve my Services through DNS .

I managed to get to the point where, after setting up the routes on the VPN server:

  • I can ping Pod over IP ( subnet 10.2.0.0/16 )
  • I can ping the service over IP ( subnet 10.3.0.0/16 as DNS, which is at 10.3.0.10 )
  • I can curl perform IP Services and get the data I need.

but when I nslookup kubernetes or any service , I get:

 nslookup kubernetes ;; Got recursion not available from 10.3.0.10, trying next server ;; Got SERVFAIL reply from 10.3.0.10, trying next server

I still lack something for the data to be returned from the DNS server, but they cannot figure out what I need to do.

How to debug this SERVFAIL problem in Kubernetes DNS ?

EDIT:

Things I noticed and I want to understand:

  • nslookup works to resolve the service name in any module except openvpn pod
  • while nslookup works in these other Pods, ping does not work.
  • similarly, the traceroute in these other Pods leads to the 10.0.2.2 flannel layer, and then stops there.

from this, I assume that ICMP should be blocked at the flannel level, and this does not help me figure out where the DNS is blocked.

EDIT2:

I finally figured out how to make nslookup work: I had to push the DNS lookup domain to the client using

 push "dhcp-option DOMAIN-SEARCH cluster.local" push "dhcp-option DOMAIN-SEARCH svc.cluster.local" push "dhcp-option DOMAIN-SEARCH default.svc.cluster.local"

add with option -p to docker-openvpn image

so i get

 docker run -v /etc/openvpn:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig \ -u udp://192.168.10.152:1194 \ -n 10.3.0.10 \ -n 192.168.10.1 \ -n 8.8.8.8 \ -n 75.75.75.75 \ -n 75.75.75.76 \ -s 10.8.0.0/24 \ -d \ -p "route 10.2.0.0 255.255.0.0" \ -p "route 10.3.0.0 255.255.0.0" \ -p "dhcp-option DOMAIN cluster.local" \ -p "dhcp-option DOMAIN-SEARCH svc.cluster.local" \ -p "dhcp-option DOMAIN-SEARCH default.svc.cluster.local"

nslookup now works, but curl is still not

+8
docker dns kubernetes vpn
source share
2 answers

Finally, my configuration is as follows:

 docker run -v /etc/openvpn:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig \ -u udp://192.168.10.152:1194 \ -n 10.3.0.10 \ -n 192.168.10.1 \ -n 8.8.8.8 \ -n 75.75.75.75 \ -n 75.75.75.76 \ -s 10.8.0.0/24 \ -N \ -p "route 10.2.0.0 255.255.0.0" \ -p "route 10.3.0.0 255.255.0.0" \ -p "dhcp-option DOMAIN-SEARCH cluster.local" \ -p "dhcp-option DOMAIN-SEARCH svc.cluster.local" \ -p "dhcp-option DOMAIN-SEARCH default.svc.cluster.local"

-u for the address and port of the VPN server

-n for all DNS servers using

-s to determine the VPN subnet (by default it is 10.2.0.0, which is already used by Kubernetes)

-d to disable NAT

-p to enter parameters to the client

-n to enable NAT: for this setting it is important that Kubernetes

The last part, by clicking search domains to the client, became the key to nslookup , etc. for work.

Note that the curl did not work at first, but it seems to start working after a few seconds. This way it works, but it takes a little time to fix it.

+8
source share

Try spinning -4. It may allow AAAA, even if A. is present.

+1
source share

More articles:


All Articles