getaddrinfo ENOTFOUND with newest versions

[kkendzia]

Hi, at the moment I update all versions for our local deployments (with kind). We use a local dnsmasq container which resolves fine. The problem is, that all containers can resolve the local vault address, but not external-secrets. I've read about that node has a problem with this itself, but I don't have any idea how to fix this. Maybe you know. I've updated from 1.19.7 and ext-sec 6.4.0 (there everything worked out just fine).

kind-image: kindest/node:v1.22.2 external-secrets helm: 8.3.2 ldd: ldd --version musl libc (x86_64) Version 1.2.2

nslookup works fine in the ext-sec container or in every other, but not inside node.

{"level":50,"message_time":"2021-10-26T08:02:36.762Z","pid":23,"hostname":"extsec-kubernetes-external-secrets-6bd4b4d7b9-cj8h2","payload":{"name":"RequestError","message":"Error: getaddrinfo ENOTFOUND vault.dev.local.mydomain.tld","cause":{"errno":-3008,"code":"ENOTFOUND","syscall":"getaddrinfo","hostname":"vault.dev.local.mydomain.tld"},"error":{"errno":-3008,"code":"ENOTFOUND","syscall":"getaddrinfo","hostname":"vault.dev.local.mydomain.tld"},"options":{"json":{"role":"kube-auth","jwt":"eyJhbGciOiJSUzI1NiIsImtpZCI6Ii1sVmJpTld3X2x2WWJSSmNpWGducktkNW92RkhfUHRaakcyNDlLZGNWX2cifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjY2NzcwNjU2LCJpYXQiOjE2MzUyMzQ2NTYsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJleHRzZWMtc3lzdGVtIiwicG9kIjp7Im5hbWUiOiJleHRzZWMta3ViZXJuZXRlcy1leHRlcm5hbC1zZWNyZXRzLTZiZDRiNGQ3YjktY2o4aDIiLCJ1aWQiOiI0OWEwN2I5YS04MTQyLTRkMDUtYWRkNy1hYjkyNDJmMTYzNTkifSwic2VydmljZWFjY291bnQiOnsibmFtZSI6ImV4dHNlYy1rdWJlcm5ldGVzLWV4dGVybmFsLXNlY3JldHMiLCJ1aWQiOiJiMjM2NzQ5Mi1hZGYyLTQwOTctODIxNy02MDY3YzNkMjMyNzQifSwid2FybmFmdGVyIjoxNjM1MjM4MjYzfSwibmJmIjoxNjM1MjM0NjU2LCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZXh0c2VjLXN5c3RlbTpleHRzZWMta3ViZXJuZXRlcy1leHRlcm5hbC1zZWNyZXRzIn0.dzTB_U8Cjj_AcsUEXzY6lFslJysL-5uv3bm9MhowOqmqMTl4a8B667KQGHejtlE7kMapwu-gaox_nTO8--rrU202C6n_W444G-55xM9fHxeoBWSWccDwAocaryzUZWG-rd7NnDDrKvNQh7mWxLBxPnylDA-0HQIo0G2mRBw9x09dZBUD_fPIReTLEnEP0y2IzfnmcM0qEwsPxwB91cbQYWGheK3uR7CVabR_fI_RtDs-jfnPAFBenxoIPkUjR2i60ayb3R1zYsSGK0BukKTeP9pQJcAIEjhkltJbqk2Z_aPP6WuzIikQ-nETBKMHgAoTaIrmFFuEjOH03dQL8zITtQ"},"resolveWithFullResponse":true,"simple":false,"strictSSL":true,"followAllRedirects":true,"method":"POST","path":"/auth/k8s-local/login","headers":{},"uri":"https://vault.dev.local.mydomain.tld/v1/auth/k8s-local/login","transform2xxOnly":false}},"msg":"failure while polling the secret kind-demo/kind-demo-external-secret-file"}

[up-to-you]

Same issue, non-determenistic occurences. Reproduced on k3s v1.22.3+k3s1. Not reproduced on 1.21 version.

[up-to-you]

For those who struggled with this issue on K3s - it doesn't have anything with kubernetes-external-secrets. It was DNS/networking issue in K3s.

Solved using installation below: curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_VERSION="v1.22.3+k3s1" INSTALL_K3S_EXEC="server --flannel-backend=host-gw --disable traefik --disable servicelb --disable-network-policy" sh -

Pay attention at flannel backend

[github-actions[bot]]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.

[github-actions[bot]]

This issue was closed because it has been stalled for 30 days with no activity.