Nslookup fails in kubernetes, /etc/resolv.conf in coredns points 127.0.0.53

ijaketak · July 22, 2024, 8:18am

My configuration k8s-master.nix is here:

let
  masterHostname = "myhost.ijaketak.private";
  masterIp = "192.168.0.193"; # host ip
  masterApiServerPort = 6443;
in
services.kubernetes = {
  roles = [ "master" "node" ];
  masterAddress = masterHostname;
  apiserverAddress = "https://${masterHostname}:${toString masterApiServerPort}";
  easyCerts = true;
  apiserver = {
    enable = true;
    securePort = masterApiServerPort;
    advertiseAddress = masterIp;
  };
  addons.dns = {
    enable = true;
    clusterDomain = "cluster.private";
  };
};

kubectl version:

Client Version: v1.30.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.30.2

kubectl run -it --rm --image=alpine alpine -- sh:

/ # nslookup google.com
Server:         10.0.0.254
Address:        10.0.0.254:53

** server can't find google.com: SERVFAIL

** server can't find google.com: SERVFAIL

/ # ping -c2 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=119 time=9.206 ms
64 bytes from 8.8.8.8: seq=1 ttl=119 time=6.426 ms

--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 6.426/7.816/9.206 ms

kubectl -n kube-system debug coredns-59d4dfbbbd-5cqqz --image=alpine -it -- cat /etc/resolv.conf:

Defaulting debug container name to debugger-hv8hg.
search ijaketak.private ***.jp ***.jp
nameserver 127.0.0.53
options edns0 trust-ad

127.0.0.53(systemd-resolved) cannot be accessed from coredns pods.
How to fix it?

ijaketak · July 23, 2024, 2:02am

Solved.

services.kubernetes.kubelet.extraOpts = ''
  --resolv-conf=/run/systemd/resolve/resolve.conf
'';

kubectl -n kube-system rollout restart deployment/coredns applies the configuration to existing pods.