Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Release-1.26] - DNS over TLS not working #5560

Closed
manuelbuil opened this issue Mar 6, 2024 · 1 comment
Closed

[Release-1.26] - DNS over TLS not working #5560

manuelbuil opened this issue Mar 6, 2024 · 1 comment
Assignees
@manuelbuil @mdrahman-suse
Labels
kind/backport
Milestone
v1.26.15+rke2r1

Comments

@manuelbuil
Copy link
Contributor

Backport fix for DNS over TLS not working
@manuelbuil manuelbuil self-assigned this Mar 6, 2024
@manuelbuil manuelbuil mentioned this issue Mar 6, 2024
Merged
@manuelbuil manuelbuil added this to the v1.26.15+rke2r1 milestone Mar 7, 2024
@mdrahman-suse
Copy link
Contributor

Validated on release-1.26 branch with commit b358fc4

Environment/Config

Ubuntu 22.04

$ cat /etc/rancher/rke2/config.yaml
write-kubeconfig-mode: 644
token: summerheat
node-name: server1
debug: true

Testing steps

Thanks to Manuel for the detailed steps
Followed the steps mentioned here: #5550 (comment)

Replication:

$ rke2 -v
rke2 version v1.26.14+rke2r1 (93518400c62043756be7e321480bcd5f19f42bbf)
go version go1.21.7 X:boringcrypto
  • Before editing coredns configmap
kube-system   pod/rke2-coredns-rke2-coredns-665dd98786-8kn5h              1/1     Running

$ k logs -n kube-system   pod/rke2-coredns-rke2-coredns-665dd98786-8kn5h
.:53
[INFO] plugin/reload: Running configuration SHA512 = c18591e7950724fe7f26bd172b7e98b6d72581b4a8fc4e5fc4cfd08229eea58f4ad043c9fd3dbd1110a11499c4aa3164cdd63ca0dd5ee59651d61756c4f671b7
CoreDNS-1.11.1
linux/amd64, go1.20.7 X:boringcrypto, ae2bbc29
  • After editing coredns configmap and restarting coredns pod
kube-system   pod/rke2-coredns-rke2-coredns-f86b5f9bf-8xnz7               1/1     Running

$ k logs -n kube-system pod/rke2-coredns-rke2-coredns-f86b5f9bf-8xnz7
.:53
[INFO] plugin/reload: Running configuration SHA512 = 6ac0e5f74fb935b974b697f3549b0d8c483c18fbf722f98f4c788c5b6059e96c4f9b7ed2f647a941bad8c7906563fefda900099aa7fcaa8756ea1fbcb6a8af5c
CoreDNS-1.11.1
linux/amd64, go1.20.7 X:boringcrypto, ae2bbc29
[ERROR] plugin/errors: 2 3979595934772269786.1323244131279964027. HINFO: tls: failed to verify certificate: x509: certificate signed by unknown authority

Validation:

$ rke2 -v
rke2 version v1.26.14+dev.b358fc49 (b358fc49a0aa2d7c16ac17764ef1703363b176c4)
go version go1.21.7 X:boringcrypto
  • Before editing coredns configmap
kube-system   pod/rke2-coredns-rke2-coredns-58fbc98699-6jm82              1/1     Running

$ k logs -n kube-system pod/rke2-coredns-rke2-coredns-58fbc98699-6jm82
.:53
[INFO] plugin/reload: Running configuration SHA512 = c18591e7950724fe7f26bd172b7e98b6d72581b4a8fc4e5fc4cfd08229eea58f4ad043c9fd3dbd1110a11499c4aa3164cdd63ca0dd5ee59651d61756c4f671b7
CoreDNS-1.11.1
linux/amd64, go1.20.14 X:boringcrypto, ae2bbc29
  • After editing coredns configmap and restarting coredns pod
kube-system   pod/rke2-coredns-rke2-coredns-745d6694d6-n5hs7              1/1     Running

$ k logs -n kube-system pod/rke2-coredns-rke2-coredns-745d6694d6-n5hs7
.:53
[INFO] plugin/reload: Running configuration SHA512 = 6ac0e5f74fb935b974b697f3549b0d8c483c18fbf722f98f4c788c5b6059e96c4f9b7ed2f647a941bad8c7906563fefda900099aa7fcaa8756ea1fbcb6a8af5c
CoreDNS-1.11.1
linux/amd64, go1.20.14 X:boringcrypto, ae2bbc29

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@manuelbuil manuelbuil

@mdrahman-suse mdrahman-suse

Labels
kind/backport
Projects
None yet
Milestone
v1.26.15+rke2r1
Development

No branches or pull requests
2 participants
@manuelbuil @mdrahman-suse