Open bzvestey opened 3 years ago
@bzvestey do u have this problem only on arch linux ?
For the information above I was specifically using Manjaro (downstream of Arch), in case that helps. I have tested three other configurations today and this is the results:
Minikube logs
Failing command
I have the same issue:
Ubuntu 20.04.2 LTS Fresh install of minikube version: v1.21.0 commit: 76d74191d82c47883dc7e1319ef7cebd3e00ee11
kubectl run busybox --image=busybox --rm -ti --restart=Never --command -- ping -c 3 google.com
64 bytes from 142.250.181.46: seq=1 ttl=113 time=5.371 ms 64 bytes from 142.250.181.46: seq=2 ttl=113 time=5.089 ms --- google.com ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 5.089/6.048/7.685 ms pod "busybox" deleted
kubectl run busybox --image=ubuntu --rm -ti --restart=Never --command -- bash -c "apt-get update && apt-get install -y iputils-ping && ping -c 3 google.com"
If you don't see a command prompt, try pressing enter. Get:2 http://archive.ubuntu.com/ubuntu focal InRelease [51 B] Err:2 http://archive.ubuntu.com/ubuntu focal InRelease Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?) Get:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease [51 B] Err:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?) Get:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease [51 B] Err:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?) Reading package lists... Done N: See apt-secure(8) manpage for repository creation and user configuration details. N: Updating from such a repository can't be done securely, and is therefore disabled by default. E: The repository 'http://security.ubuntu.com/ubuntu focal-security InRelease' is not signed. E: Failed to fetch http://security.ubuntu.com/ubuntu/dists/focal-security/InRelease Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?) N: See apt-secure(8) manpage for repository creation and user configuration details. N: Updating from such a repository can't be done securely, and is therefore disabled by default. E: The repository 'http://archive.ubuntu.com/ubuntu focal InRelease' is not signed. E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal/InRelease Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?) E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?) E: The repository 'http://archive.ubuntu.com/ubuntu focal-updates InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?) E: The repository 'http://archive.ubuntu.com/ubuntu focal-backports InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. pod "busybox" deleted pod default/busybox terminated (Error)
I have done some testing of this issue on my side today, and think I have another important part of this. The internal domain name also needs to be in the search
line of the resolv.conf file on the host machine.
So from my understanding so far, these two things are important to my issue:
bzvestey.com
search
line of the resolv.conf file on the host machine.Example resolv.conf file:
search bzvestey.com
nameserver 1.1.1.1
I have done some testing of this issue on my side today, and think I have another important part of this. The internal domain name also needs to be in the
search
line of the resolv.conf file on the host machine.So from my understanding so far, these two things are important to my issue:
- Networks internal domain name needs to have a dns record, like
bzvestey.com
- The same domain needs to show up in the
search
line of the resolv.conf file on the host machine.Example resolv.conf file:
search bzvestey.com nameserver 1.1.1.1
@bzvestey that sounds reasonable ! I would accept a PR that would improve this !
@medyagh I have starting looking into this issue more and have hit a bit of a road block. From my digging into the code the entrypoint file linked below is the one responsible for setting up the resolve.conf file, but I don't know where to see the information that this file echo's out. Please correct me if I am wrong, but it seems that I have to build the minikube iso to test this?
The below line returns my external IP Address: https://github.com/kubernetes/minikube/blob/9bccfd0b2116550e1b74e987034896aaa68c3e46/deploy/kicbase/entrypoint#L313
If you have any input for what I can do to test this, that would be awesome.
Note: For those just looking for a work around to this issue, you can File Sync to add a custom resolv.conf.
Hi @bzvestey, if you're modifying the entrypoint
file you'd be building the kicbase image, to test the change locally you can run make local-kicbase
then make
after to recompile the minikube binary. Then just start the recompiled minikube binary and can test it from there.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
When the computer is on a network that has its internal domain name set to a domain that will resolve to an external IP, then minikube will try to use that external IP address for DNS resolution. Note that the network this was tested on does not have any special rules to make that domain name resolve differently internally. The busybox image running in minikubes kubernetes seems fine, and running other containers in the computers local docker run fine. For reference I am using a Unifi USG-Pro gateway for my router.
Steps to reproduce the issue:
minikube start
kubectl run busybox --image=busybox --rm -ti --restart=Never --command -- ping -c 3 google.com
kubectl run busybox --image=ubuntu --rm -ti --restart=Never --command -- bash -c "apt-get update && apt-get install -y iputils-ping && ping -c 3 google.com"
minikube ssh
cat /etc/resolv.conf
Full output of
minikube logs
command:Note: Output of commands other that
minikube start
placed below the command.