Juniper Openstack

[K8s-R5.0]: Pod in Isolated namespace cannot resolve DNS request

Bug #1742075 reported by Pulkit Tandon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
Trunk
Fix Released
Critical
Aniket Gawade
Juniper Openstack r5.0.0

Bug Description

Kubernetes
R5.0 (Mainline)
Issue observed post CB build 85
Ocata
Ubuntu16.04

Setup:
HA setup with 3 Control nodes. 1 Kube master
2 compute nodes

Issue:
Created 1 Isolated namespaces:
root@testbed-1-vm1:~# kubectl describe namespace
Name: ctest-namespace-51821523
Labels: <none>
Annotations: opencontrail.org/isolation=true
Status: Active

Created 1 Pod in the isolated namespace
ctest-namespace-51821523 ctest-busybox-pod-14314702 1/1 Running 0 5m 10.47.255.251 testbed-1-vm2

Attempted to resolve DNS to kubernetes.default.svc.cluster.local
I was expecting it to resolve it correctly but it failed.
The issue has been introduced starting CB build 83.

On further debugging, found that the VN created on isolation of namespace does not have a route to DNS server 10.96.0.10.
There is no such route in VRF of the new VN corresponding to isolated namespace.

Sachchidanand Vaidya (vaidyasd)
Changed in juniperopenstack:
assignee: Sachchidanand Vaidya (vaidyasd) → Aniket Gawade (aniketgawade)
Revision history for this message
Pulkit Tandon (pulkitt) wrote :

Sanity test case that is failing due to this issue is :
TestServiceVNIsolated.test_kube_dns_lookup

Revision history for this message
Yuvaraja Mariappan (ymariappan) wrote :

https://review.opencontrail.org/#/c/38808/ will fix this as well.

Thanks,
Yuvaraja

Revision history for this message
Pulkit Tandon (pulkitt) wrote :

Verified on R5.0-ocata-103-ubuntu1604.
Issue is resolved. Hence closing the bug.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.