DNS
The dns
collector can be used to help diagnose DNS resolution problems, such as detecting search domain misconfiguration. During execution, the collector does the following:
- Output
Kubernetes
Service Cluster IP retrieved from kube-apiserver - Run a test pod of image
registry.k8s.io/e2e-test-images/agnhost:2.39
, and rundig
command- to
kubernetes
Service and output content of/etc/resolv.conf
- to a non-resolveable domain to check for potential wildcard DNS issue
- to
- Check if DNS pods are running
- Check if DNS service is up
- Check if DNS endpoints are populated
- Output CoreDNS/KubeDNS config
Parameters
In addition to the shared collector properties, the dns
collector accepts the following parameters:
image
(Optional)
Utility image to run dig
command. Must have dig
installed. Defaults to registry.k8s.io/e2e-test-images/agnhost:2.39
.
nonResolvable
(Optional)
A non-resolveable domain. The collector will make a DNS query to this domain. Defaults to *
.
See the examples below for use cases.
Example Collector Definition
apiVersion: troubleshoot.sh/v1beta2
kind: SupportBundle
metadata:
name: sample
spec:
collectors:
- dns:
image: registry.k8s.io/e2e-test-images/agnhost:2.39
nonResolvable: "*"
Included resources
When this collector is executed, it includes the following file in a support bundle:
/dns/debug.txt
=== Kubernetes Cluster IP from API Server: 10.43.0.1
=== Test DNS resolution in pod registry.k8s.io/e2e-test-images/jessie-dnsutils:1.3:
=== /etc/resolv.conf ===
search default.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.43.0.10
options ndots:5
=== dig kubernetes ===
10.43.0.1
=== dig non-existent-domain ===
=== Running kube-dns pods: coredns-77ccd57875-76dt4
=== Running kube-dns service: 10.43.0.10
=== kube-dns endpoints: 10.42.0.6:53
=== CoreDNS config:
.:53 {
errors
health
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
hosts /etc/coredns/NodeHosts {
ttl 60
reload 15s
fallthrough
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
import /etc/coredns/custom/*.override
}
import /etc/coredns/custom/*.server
/dns/debug.json
{
"kubernetesClusterIP": "10.43.0.1",
"podResolvConf": "search default.svc.cluster.local svc.cluster.local cluster.local\nnameserver 10.43.0.10\noptions ndots:5\n",
"query": {
"kubernetes": {
"name": "kubernetes",
"address": "10.43.0.1"
},
"nonResolvableDomain": {
"name": "*",
"address": ""
}
},
"kubeDNSPods": ["coredns-77ccd57875-76dt4"],
"kubeDNSService": "10.43.0.10",
"kubeDNSEndpoints": "10.42.0.6:53"
}