Have kops-controller create headless k8s services for dns=none clusters #16335
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest |
Like gossip clusters, dns=none clusters wont be able to resolve these DNS names which causes e2e test failures for OIDC tests. This ensures the e2e test pods can resolve these DNS names
a728a1d to
3c5cac3
Compare
|
/retest |
|
All of our "kops latest" grid jobs are failing because of this OIDC test |
|
@rifelpet I believe the fix for the issue is more on the line of changing this condition to include dns=none, instead of the headless service. What do you think? |
|
@rifelpet Is this still needed? |
To be honest, I'm not sure. This comment #12792 (comment) suggests that this was meant to replace the /etc/hosts mount, but we seem to have both in place. Ideally we can figure out if these headless services are used and remove them if not. If we do want to keep them around, I'm inclined to keep their behavior in sync with the /etc/hosts strategy which would mean merging this. Perhaps a good topic for office hours. |
|
in office hours we decided this isn't needed. we will remove the kops-controller headless services at the same time that we eventually remove gossip support |
Fixes #16332
Like gossip clusters, dns=none clusters wont be able to resolve these DNS names which causes e2e test failures for OIDC tests. This ensures the OIDC test pods can resolve the DNS names.
Example failure: https://testgrid.k8s.io/kops-grid#kops-grid-calico-amzn2-k26
I0204 15:43:18.460415 1 log.go:198] Get "https://api.internal.e2e-e2e-kops-grid-calico-amzn2-k26.test-cncf-aws.k8s.io/.well-known/openid-configuration": dial tcp: lookup api.internal.e2e-e2e-kops-grid-calico-amzn2-k26.test-cncf-aws.k8s.io on 100.64.0.10:53: no such host