search

gravitl / netmaker

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
https://netmaker.io
Other
9.48k stars 550 forks source link

CoreDNS HA #564

Open boomfly opened 2 years ago

boomfly commented 2 years ago

I deploy 2 Netmaker servers in different aws regions.

Servers HA works normally cause its wildcard dns record *.netmaker.example.com, but CoreDNS does not have self dns, it have only IP address.

So i have 2 servers:

Assume dashboard.netmaker.example.com resolve 192.168.0.1 and i make AccessKey from that server, it produces for example:

{
  "corednsaddr": "192.168.0.1", // This is Evil line
  "apiconn": "api.netmaker.example.com:443",
  "apihost": "api.netmaker.example.com",
  "apiport": "8081",
  "grpcconn": "grpc.netmaker.example.com:443",
  "grpchost": "grpc.netmaker.example.com",
  "grpcport": "50051",
  "grpcssl": "on",
  "checkininterval": "15",
  "network": "example",
  "key": "{SECRET_KEY}",
  "localrange": "",
  "grpcwg": "",
  "grpcwgaddr": "",
  "grpcwgport": "",
  "grpcwgpubkey": "",
  "grpcwgendpoint": ""
}

corednsaddr field will be places in ServerConf section of the client config and never pulls updates in future.

So when server aws-eu-west-1-netmaker (192.168.0.1) is down and wildcard changed it target ip to second server aws-eu-central-1-netmaker (192.168.1.1), corednsaddr setting on all client stays the same as when they initiated and my network lost private DNS. This means my k3s worker nodes can't resolve k3s.example k3s masters domain.

Please help, maybe i'am doing something wrong?

afeiszli commented 2 years ago

@boomfly I'm not sure if we'll be able to resolve this. If I'm restating the issue correctly, you need to be able to set coredns address using a domain name instead of an IP? Issue is we use resolvectl to set DNS, and it will not take a domain to set dns.

boomfly commented 2 years ago

The issue in corednsaddress:

"corednsaddr": "192.168.0.1", // This is Evil line

Cause it is HARD CODED with initial config and in HA server mode this is not working.

What if this variable will be updated with available peers info from current available server.

afeiszli commented 2 years ago

What would you like this value to be dynamically updated to, the server's public IP, or netmaker node's private IP in the network? I think option 2 is potentially a good solution, but also the CoreDNS container's network is not bridged with netmaker's network, so currently you cannot use the private address from netmaker to reach CoreDNS.

boomfly commented 2 years ago

Yes option when CoreDNS be private Netmaker Server IP is best!

But...

We launch servers separately with this env:

sed -i 's/COREDNS_IP/<default interface ip>/g' docker-compose.yml

On each server COREDNS_IP with it own address.

So when first server is down and we switch domain api.netmaker.example.com:443 to second server network is actually be working.

But DNS is NOT, cause dns config is HARD CODED when peer added to network.

I there a way to auto update coredns address on peers when first server is down and it connect to different server?

Without this feature i think HA useless.