Closed nicolaibaralmueller closed 4 years ago
nicolaibaralmueller
commented
4 years ago Update:
Can't ping anything outside the pods. Not even google. Does anybody know how to fix this?
DNS is enabled and /etc/resolv.conf on the kubernetes host has the correct DNS servers.
geerlingguy
commented
4 years ago What kind of Kubernetes cluster are you running? If it's something like AWS EKS, maybe there are some VPC or CNI settings that are missing.
If the problem is pods inside your cluster can't resolve DNS, that is probably not an issue with this operator, and you'd need to do some Googling to find out what might be happening.
Check https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/ for starters.
nicolaibaralmueller
commented
4 years ago What kind of Kubernetes cluster are you running? If it's something like AWS EKS, maybe there are some VPC or CNI settings that are missing.
If the problem is pods inside your cluster can't resolve DNS, that is probably not an issue with this operator, and you'd need to do some Googling to find out what might be happening.
Check https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/ for starters.
I'm running a clean Ubuntu Server with microk8s. I've enabled ingress, dns, dashboard and storage.
Hostsystem has no problem resolving dns names.
Haven't been able to figure this one out yet.
geerlingguy
commented
4 years ago @nicolaibaralmueller - Have you run through all the options in the dns-debugging doc I linked? One simple thing is to check if your cluster DNS is working in general by starting a pod and trying to ping or nslookup from inside it. If that's not working, the problem doesn't come from tower-operator, it would be a cluster-level issue. I haven't personally used microk8s but I searched for microk8s dns resolution and found these issues:
nicolaibaralmueller
commented
4 years ago Thanks @geerlingguy.
Adding our internal DNS servers with below command helped resolve local domain dns issue.
microk8s.kubectl -n kube-system edit configmap/coredns
I might need to run below command inside the web pod but I'm asked for the sudo password which is not known to me?
secret_key and admin_password values are not accepted.
iptables -P FORWARD ACCEPT
What is the sudo password for the awx pods?
geerlingguy
commented
4 years ago I'm not sure if the AWX pods are running iptables... I've never tried managing them using sudo or anything. This sounds like a potentially very specific use case that I don't think this operator can do much to help with—if you're encountering container-level networking problems, it's probably something you'd need to ask about in AWX repos or in Kubernetes forums.
As I'm not sure I can do much to help, I'm going to close this issue.
Hi Jeff,
I've copied over ldap settings from our existing awx and added source control credentials in order to add projects.
However both ldap and git access does not work (connection timeout). The kubernetes host can ping the git server.
As far as I understand default network policy should allow all. Am I missing something?
Thanks