aoldershaw
commented
3 years ago @taylorsilva hm, I'm seeing otherwise:
$ k exec -n ci ci-worker-0 -- env | grep GARDEN
CONCOURSE_GARDEN_DNS_PROXY_ENABLE=true
CONCOURSE_WORKER_GARDEN_DNS_PROXY_ENABLE=trueClosed aoldershaw closed 3 years ago
aoldershaw
commented
3 years ago @taylorsilva hm, I'm seeing otherwise:
$ k exec -n ci ci-worker-0 -- env | grep GARDEN
CONCOURSE_GARDEN_DNS_PROXY_ENABLE=true
CONCOURSE_WORKER_GARDEN_DNS_PROXY_ENABLE=true
taylorsilva
commented
3 years ago interesting! I was using k describe but I wonder if that doesn't show everything 🤔
aoldershaw
commented
3 years ago I was using k describe but I wonder if that doesn't show everything
Yeah, probably just shows the env vars you've configured in the spec - but since this is coming from the OCI image itself, I guess it doesn't display it
taylorsilva
commented
3 years ago after more testing I think this is still okay for helm chart/k8s users. In both cases, with DNS proxy enabled or disabled for the guardian runtime, dns requests still make it to the kube dns service. When the proxy is enabled we've just stuck an extra middle-man in the entire thing, but it works regardless.
Now that containerd is the default, we shouldn't enable the DNS proxy for Guardian