Question: debugging private net in containers

[vsoch]

Hi @AkihiroSuda - we have a setup on Azure where the private network addresses stopped working from inside the container. For basic FYI, I can ping or curl the 6443 server from the outside, but then when I make shell the same requests hang. I've been doing my best to troubleshoot / debug but no success so far. I can't have any of the workers connect to the control plane, of course.

As a fallback, I'm going to try changing the HOST_IP to be the public address (which does work) but that is not ideal. Thanks for your wisdom here!

[AkihiroSuda]

Is this specific to Azure?

[vsoch]

Possibly, but I can't say for sure. I'm working on Azure now, and I haven't tested on AWS since the end of last year. But I'm not sure it is exactly Azure, because we had a setup (that used the same build base, but an older usernetes) that was working OK. I'm going to keep trying, but I haven't found the resolution yet, and for now I'm exporting the HOST_IP to be the external address (and usernetes is working so far). If you have ideas for how to test or what to look at, it would be hugely appreciated!

[vsoch]

@AkihiroSuda I'm not sure this helps, but when using the public address, the internal DNS still does not appear to be working. This is ubuntu 24.04 on Azure, and something I noticed is that there is a systemd service for resolv.conf. E.g., here is what is running:

But then in /etc/resolv.conf it's a different thing:

I tried adding the different path to the kubeadm-config.yaml, but it never boots up. I'm wondering if this could be related to the private address issue and the DNS not working (for a headless service) inside the pods?