search

kubernetes / kops

Kubernetes Operations (kOps) - Production Grade k8s Installation, Upgrades and Management
https://kops.sigs.k8s.io/
Apache License 2.0
15.66k stars 4.61k forks source link

DNS None clusters fails OIDC e2e test #16332

Closed rifelpet closed 1 day ago

rifelpet commented 5 months ago

/kind bug Since the migration to dns=none by default, the prow e2e grid is failing the OIDC tests:

https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/e2e-kops-grid-calico-amzn2-k26/1754164241511747584

I0204 15:43:18.456158       1 log.go:198] Full, not-validated claims: 
    openidmetadata.claims{Claims:jwt.Claims{Issuer:"https://api.internal.e2e-e2e-kops-grid-calico-amzn2-k26.test-cncf-aws.k8s.io/", Subject:"system:serviceaccount:svcaccounts-9692:default", Audience:jwt.Audience{"oidc-discovery-test"}, Expiry:1707061997, NotBefore:1707061397, IssuedAt:1707061397, ID:""}, Kubernetes:openidmetadata.kubeClaims{Namespace:"svcaccounts-9692", ServiceAccount:openidmetadata.kubeName{Name:"default", UID:"15bf3196-cfd3-40cb-9ee0-8f05454c7e85"}}}
    I0204 15:43:18.460415       1 log.go:198] Get "https://api.internal.e2e-e2e-kops-grid-calico-amzn2-k26.test-cncf-aws.k8s.io/.well-known/openid-configuration": dial tcp: lookup api.internal.e2e-e2e-kops-grid-calico-amzn2-k26.test-cncf-aws.k8s.io on 100.64.0.10:53: no such host

the test pod created in the cluster is not able to resolve the api.internal domain name.

In https://github.com/kubernetes/kops/pull/12792 we populate coredns pods' /etc/hosts for gossip clusters. We probably need to expand that to cover dns=none clusters too.

k8s-triage-robot commented 2 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 1 month ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot commented 1 day ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-ci-robot commented 1 day ago

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to [this](https://github.com/kubernetes/kops/issues/16332#issuecomment-2214986801): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue with `/reopen` >- Mark this issue as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close not-planned > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.