Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS lookup error while using Azure Managed Identity with v0.10.0 #2383

Closed
zerodayyy opened this issue Oct 17, 2021 · 8 comments
Closed

DNS lookup error while using Azure Managed Identity with v0.10.0 #2383

zerodayyy opened this issue Oct 17, 2021 · 8 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.

Comments

@zerodayyy
Copy link

zerodayyy commented Oct 17, 2021
edited
Loading

What happened:

While using external-dns with Azure Managed Identity, the following error is seen:

time="2021-10-17T18:02:57Z" level=error msg="azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/********-****-****-****-************/resourceGroups/redacted/providers/Microsoft.Network/privateDnsZones?api-version=2018-09-01: StatusCode=0 -- Original Error: adal: Failed to execute the refresh request. Error = 'Post \"http://dummy\": dial tcp: lookup dummy on 10.0.0.10:53: no such host'"

Which coincides with this commit: ab0cdd0 where this fragment in provider/azure/config.go L107:

os.Setenv("MSI_ENDPOINT", "http://dummy")

hard-codes some test value, preventing external-dns from using the actual MSI endpoint, and leading to DNS lookup error.

What you expected to happen:

external-dns makes a request to MSI endpoint successfully

How to reproduce it (as minimally and precisely as possible):

Run external-dns with azure provider and set "useManagedIdentityExtension": true in config.

Anything else we need to know?:

Environment: Kubernetes v1.21.2

  • External-DNS version (use external-dns --version): v0.10.0
  • DNS provider: azure
@zerodayyy zerodayyy added the kind/bug Categorizes issue or PR as related to a bug. label Oct 17, 2021
zerodayyy referenced this issue Oct 18, 2021
@Raffo
reenable azure testing
ab0cdd0 
Signed-off-by: Raffaele Di Fazio <[email protected]>
@lareeth lareeth mentioned this issue Oct 18, 2021
Merged
@phillebaba phillebaba mentioned this issue Oct 26, 2021
Merged
@mrsimonemms
Copy link

I've had this same issue as well with the Bitnami Helm chart. Reverting to version 5.4.8 (and thence the external-dns 0.9.0) solved the issue as well.

For clarity (and future people), my config is:

{
  "tenantId": "xxx",
  "subscriptionId": "xxx",
  "resourceGroup": "xxx",
  "useManagedIdentityExtension": true,
  "userAssignedIdentityID": "xxx"
}

The userAssignedIdentityID comes from az aks show -n xxx -g xxx --query "identityProfile.kubeletidentity.clientId" -o tsv

@ubergesundheit ubergesundheit mentioned this issue Nov 17, 2021
Merged
7 tasks
@beastob
Copy link
Contributor

beastob commented Nov 29, 2021

I've had this same issue as well with the Bitnami Helm chart. Reverting to version 5.4.8 (and thence the external-dns 0.9.0) solved the issue as well.

For clarity (and future people), my config is:

{
  "tenantId": "xxx",
  "subscriptionId": "xxx",
  "resourceGroup": "xxx",
  "useManagedIdentityExtension": true,
  "userAssignedIdentityID": "xxx"
}

The userAssignedIdentityID comes from az aks show -n xxx -g xxx --query "identityProfile.kubeletidentity.clientId" -o tsv

This suggested downgrade worked for me (external-dns chart v1.2.0). However I also tried to upgrade to chart v1.6.0 (app v0.10.1) first but with no luck at all.

@bigfleet
Copy link

bigfleet commented Dec 1, 2021

Downgrade restored service for me as well, using managed service identity on Azure. Verified pod with same labels applied could edit records successfully via az.

@sossickd
Copy link

sossickd commented Dec 17, 2021
edited
Loading

Can this issue be closed looks like the faulty test has been removed in chart version 1.7.0 (image v0.10.2)? Tested chart version 1.7.0 and no longer receiving the error.

external-dns-helm-chart-1.6.0...external-dns-helm-chart-1.7.0

@beastob
Copy link
Contributor

beastob commented Dec 17, 2021
edited
Loading

Can this issue be closed looks like the faulty test has been removed in chart version 1.7.0 (image v0.10.2)? Tested chart version 1.7.0 and no longer receiving the error.

external-dns-helm-chart-1.6.0...external-dns-helm-chart-1.7.0

@sossickd Thanks for the info, I believe that MSI_ENDPOINT mis-configuration was the problem. I'll come back with the result after my testing as well.

@mrsimonemms
Copy link

@sossickd I've got this working with the latest Helm version (v6.0.2) using the exact same config as was used with v5.4.8 as referenced above

As far as I'm concerned, this issue has been fixed and can be closed

@beastob
Copy link
Contributor

beastob commented Dec 22, 2021

tested with the same result as @sossickd, problem is now fixed in Chart version 1.7.0 (external-dns v0.10.2). by issue #2384

This Issue can be closed.

@AndreasLudviksen AndreasLudviksen mentioned this issue Mar 1, 2022
Closed
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 22, 2022
@bigfleet bigfleet mentioned this issue Aug 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@bigfleet @mrsimonemms @sossickd @k8s-ci-robot @zerodayyy @k8s-triage-robot @beastob