I switched to Talos from k3s, and upon trying to use pod-gateway, it instead crashes.
What did you expect to happen:
I did not expect it to choke on the K8S_DNS part when that resolves to v4 and v6.
Anything else you would like to add:
Talos version 1.7.5
Kubernetes: 1.30.2
Additional Information:
Defaulted container "vpn-gateway-pod-gateway" out of: vpn-gateway-pod-gateway, gluetun, netshoot, routes (init)
+ cat /default_config/settings.sh
#!/bin/bash
# hostname of the gateway - it must accept vxlan and DHCP traffic
# clients get it as env variable
GATEWAY_NAME="$gateway"
# K8S DNS IP address
# clients get it as env variable
K8S_DNS_IPS="$K8S_DNS_ips"
# Blank sepated IPs not sent to the POD gateway but to the default K8S
# This is needed, for example, in case your CNI does
# not add a non-default rule for the K8S addresses (Flannel does)
NOT_ROUTED_TO_GATEWAY_CIDRS=""
# Vxlan ID to use
VXLAN_ID="42"
# VXLAN need an /24 IP range not conflicting with K8S and local IP ranges
VXLAN_IP_NETWORK="172.16.0"
# Keep a range of IPs for static assignment in nat.conf
VXLAN_GATEWAY_FIRST_DYNAMIC_IP=20
# If using a VPN, interface name created by it
VPN_INTERFACE=tun0
# Prevent non VPN traffic to leave the gateway
VPN_BLOCK_OTHER_TRAFFIC=true
# If VPN_BLOCK_OTHER_TRAFFIC is true, allow VPN traffic over this port
VPN_TRAFFIC_PORT=443
# Traffic to these IPs will be send through the K8S gateway
VPN_LOCAL_CIDRS="10.0.0.0/8 192.168.0.0/16"
# DNS queries to these domains will be resolved by K8S DNS instead of
# the default (typcally the VPN client changes it)
DNS_LOCAL_CIDRS="local"
# dnsmasq monitors directories. /etc/resolv.conf in a container is in another
# file system so it does not work. To circumvent this a copy is made using
# inotifyd
RESOLV_CONF_COPY=/etc/resolv_copy.conf
# ICMP heartbeats are used to ensure the pod-gateway is connectable from the clients.
# The following value can be used to to provide more stability in an unreliable network connection.
CONNECTION_RETRY_COUNT=1
# you want to disable DNSSEC with the gateway then set this to false
GATEWAY_ENABLE_DNSSEC=true
# If you use nftables for iptables you need to set this to yes
IPTABLES_NFT=no
# Set to WAN/VPN IP to enable SNAT instead of Masquerading
SNAT_IP=""
# Set the VPN MTU. It also adjust the VXLAN MTU to avoid fragmenting the package in the gateway (VXLAN-> MTU)
VPN_INTERFACE_MTU=""
+ . /default_config/settings.sh
++ GATEWAY_NAME=
++ K8S_DNS_IPS=
++ NOT_ROUTED_TO_GATEWAY_CIDRS=
++ VXLAN_ID=42
++ VXLAN_IP_NETWORK=172.16.0
++ VXLAN_GATEWAY_FIRST_DYNAMIC_IP=20
++ VPN_INTERFACE=tun0
++ VPN_BLOCK_OTHER_TRAFFIC=true
++ VPN_TRAFFIC_PORT=443
++ VPN_LOCAL_CIDRS='10.0.0.0/8 192.168.0.0/16'
++ DNS_LOCAL_CIDRS=local
++ RESOLV_CONF_COPY=/etc/resolv_copy.conf
++ CONNECTION_RETRY_COUNT=1
++ GATEWAY_ENABLE_DNSSEC=true
++ IPTABLES_NFT=no
++ SNAT_IP=
++ VPN_INTERFACE_MTU=
+ cat /config/settings.sh
#!/bin/sh
# Generated by vpn-gateway-pod-gateway
DNS_LOCAL_CIDRS="local"
NOT_ROUTED_TO_GATEWAY_CIDRS="10.0.0.0/8 192.168.0.0/16"
VPN_BLOCK_OTHER_TRAFFIC="false"
VPN_INTERFACE="wg0"
VPN_LOCAL_CIDRS="10.0.0.0/8 192.168.0.0/16"
VPN_TRAFFIC_PORT="51820"
VXLAN_GATEWAY_FIRST_DYNAMIC_IP="20"
VXLAN_ID="44"
VXLAN_IP_NETWORK="172.16.1"
+ . /config/settings.sh
++ DNS_LOCAL_CIDRS=local
++ NOT_ROUTED_TO_GATEWAY_CIDRS='10.0.0.0/8 192.168.0.0/16'
++ VPN_BLOCK_OTHER_TRAFFIC=false
++ VPN_INTERFACE=wg0
++ VPN_LOCAL_CIDRS='10.0.0.0/8 192.168.0.0/16'
++ VPN_TRAFFIC_PORT=51820
++ VXLAN_GATEWAY_FIRST_DYNAMIC_IP=20
++ VXLAN_ID=44
++ VXLAN_IP_NETWORK=172.16.1
+ '[' '!' -f /etc/resolv.conf.org ']'
+ cp /etc/resolv.conf /etc/resolv.conf.org
/etc/resolv.conf.org written
+ echo '/etc/resolv.conf.org written'
++ grep nameserver /etc/resolv.conf.org
++ cut '-d ' -f2
+ K8S_DNS='10.96.0.10
2001:14ba:74ae:3405::1e:a'
+ cat
+ [[ true == true ]]
+ cat
+ for local_cidr in $DNS_LOCAL_CIDRS
+ cat
+ /bin/copy_resolv.sh
copying /etc/resolv.conf to /etc/resolv_copy.conf
+ dnsmasq=18
+ dnsmasq -k
+ inotifyd=19
+ inotifyd /bin/copy_resolv.sh /etc/resolv.conf:ce
+ trap _kill_procs SIGTERM
+ wait -n
dnsmasq: bad option at line 30 of /etc/dnsmasq.d//pod-gateway.conf
Details
What steps did you take and what happened:
I switched to Talos from k3s, and upon trying to use pod-gateway, it instead crashes.
What did you expect to happen:
I did not expect it to choke on the K8S_DNS part when that resolves to v4 and v6.
Anything else you would like to add:
Talos version 1.7.5 Kubernetes: 1.30.2
Additional Information: