Open dmoore247 opened 6 years ago
There's a work around / solution:
Adding the following to krb5.conf disables distributed checks and reverse DNS lookups, which were not working within minikube cluster. Add these lines to the [libdefaults]
section:
dns_lookup_realm = false
dns_lookup_kdc = false
dns_fallback = false
I got some deeper understanding of this though this link https://kerberos.mit.narkive.com/mf3vf81O/slow-response-with-multiple-kdcs
The symptoms I observed were that kerberos was looking through a list of possible kdc master candidates before getting the right one. Having both a correct nameserver in /etc/resolv.conf
as well as the right kdc master names in /etc/krb5.conf
helped us with the issue
Kerberos (kinit) is very slow ~180 seconds to spawn another container. Messages (note timestamps):