Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pkg/util: Change check-dns init container image #1919

Merged
merged 1 commit into from Feb 8, 2018

Conversation

Projects
None yet
3 participants
@lander2k2
Copy link
Contributor

commented Feb 7, 2018

The image currently used is busybox:1.28.0 which uses uclibc. This is
causing nslookup to fail name resolution when it shouldn't in some
environments. The version of busybox that uses glibc does not suffer the
same problem.

Related:
docker-library/busybox#9
docker-library/busybox#27

pkg/util: Change check-dns init container image
The image currently used is busybox:1.28.0 which uses uclibc.  This is
causing nslookup to fail name resolution when it shouldn't in some
environments.  The version of busybox that uses glibc does not suffer the
same problem.

Related:
docker-library/busybox#9
docker-library/busybox#27
@etcd-bot

This comment has been minimized.

Copy link
Collaborator

commented Feb 7, 2018

Can one of the admins verify this patch?

2 similar comments
@etcd-bot

This comment has been minimized.

Copy link
Collaborator

commented Feb 7, 2018

Can one of the admins verify this patch?

@etcd-bot

This comment has been minimized.

Copy link
Collaborator

commented Feb 7, 2018

Can one of the admins verify this patch?

@hongchaodeng

This comment has been minimized.

Copy link
Member

commented Feb 7, 2018

@etcd-bot ok to test

@hongchaodeng

This comment has been minimized.

Copy link
Member

commented Feb 7, 2018

@lander2k2
Can you provide a failure scenario and let me see if I can reproduce it.

@lander2k2

This comment has been minimized.

Copy link
Contributor Author

commented Feb 7, 2018

@hongchaodeng
I've been unable to reproduce the error in AWS but here's the test I employed in the VMware environment where this is happening.

# bbox-po.yaml
apiVersion: v1
kind: Pod
metadata:
  name: bbox
spec:
  containers:
  - image: busybox
    name: bbox
    command: ["sleep", "86400"]
# bbox-glibc-po.yaml
apiVersion: v1
kind: Pod
metadata:
  name: bbox-glibc
spec:
  containers:
  - image: busybox:glibc
    name: bbox-glibc
    command: ["sleep", "86400"]
$ kubectl create -f bbox-po.yaml
$ kubectl create -f bbox-glibc-po.yaml
$ kubectl exec bbox-glibc /bin/nslookup tectonic-lb.tectonic-system.svc
Server:    10.3.0.10
Address 1: 10.3.0.10 kube-dns.kube-system.svc.cluster.local

Name:      tectonic-lb.tectonic-system.svc
Address 1: 10.3.155.251 tectonic-lb.tectonic-system.svc.cluster.local

$ kubectl exec bbox /bin/nslookup tectonic-lb.tectonic-system.svc
Server:    10.3.0.10
Address 1: 10.3.0.10 kube-dns.kube-system.svc.cluster.local

nslookup: can't resolve 'tectonic-lb.tectonic-system.svc'

Sorry I can't give a more universally reproducible example. I did think this was related to a bug in uclibc related to nameserver search path length [1] but I've been unable to induce the error outside the VMware environment by manipulating the search path. :/

[1] https://mailman.uclibc-ng.org/pipermail/devel/2016-February/000775.html

@hongchaodeng
Copy link
Member

left a comment

LGTM after nit

@@ -346,7 +346,7 @@ func newEtcdPod(m *etcdutil.Member, initialCluster []string, clusterName, state,
},
Spec: v1.PodSpec{
InitContainers: []v1.Container{{
Image: "busybox:1.28.0",
Image: "busybox:1.28.0-glibc",

This comment has been minimized.

Copy link
@hongchaodeng

hongchaodeng Feb 8, 2018

Member

Can you add a comment about the search path issue on VMWare environment and why use glibc instead?

@hongchaodeng

This comment has been minimized.

Copy link
Member

commented Feb 8, 2018

Going to do a release later today. So I will merge this and add the comment myself.

@hongchaodeng hongchaodeng merged commit 101e85f into coreos:master Feb 8, 2018

3 checks passed

jenkins-ci Build finished.
Details
jenkins-e2eslow Build finished.
Details
jenkins-unit Build finished.
Details

@lander2k2 lander2k2 deleted the lander2k2:check-dns_image branch Feb 8, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.