Add troubleshooting section to kube-dns readme #1449
Conversation
| ``` | ||
|
|
||
| #### DNS known issues | ||
| If you are using `Alpine`(lower than 3.2) as base image, dns may not work properly because `Alpine` broke dns search paths but fixed it in some later release. Please take a look at [here](https://github.com/kubernetes/kubernetes/issues/30215) for more detail. |
There was a problem hiding this comment.
Alpine 3.4 was when it got fixed
There was a problem hiding this comment.
3.14.1 base image still not working for non-fqdn resolution
|
Assigning to Bowei for review |
| @@ -182,6 +182,111 @@ Address 1: 10.0.0.1 | |||
|
|
|||
| If you see that, DNS is working correctly. | |||
|
|
|||
| ### Troubleshooting tips. | |||
There was a problem hiding this comment.
No periods in headers. Please change to "Troubleshooting Tips"
| @@ -165,7 +165,7 @@ NAME READY STATUS RESTARTS AGE | |||
| busybox 1/1 Running 0 <some-time> | |||
| ``` | |||
|
|
|||
| ### Validate DNS works | |||
| ### Validate DNS works. | |||
There was a problem hiding this comment.
Remove period from header. Change to "Validate that DNS is working"
| @@ -182,6 +182,111 @@ Address 1: 10.0.0.1 | |||
|
|
|||
| If you see that, DNS is working correctly. | |||
|
|
|||
| ### Troubleshooting tips. | |||
| If above `nslookup` command does not work, here are some hints: | |||
There was a problem hiding this comment.
"If the nslookup command fails, check the following:"
| If above `nslookup` command does not work, here are some hints: | ||
|
|
||
| #### Check the local DNS configuration first | ||
| Take a look inside the resolv.conf file. (See "Inheriting DNS from the node" and "Known issues" sections for more information) |
There was a problem hiding this comment.
Please provide actual links to these sections.
There was a problem hiding this comment.
These two sections are currently in kubernetes/build/kube-dns/README.md, but are being removed in kubernetes/kubernetes#32931.
Don't know why they are not included in previous PR. So I moved them here as well.
| Otherwise, let's go ahead. | ||
|
|
||
| #### Are dns endpoints exposed? | ||
| Varify through `kubectl get endpoints` command. |
There was a problem hiding this comment.
Varify -> "Verify"
Change to "You can verify that dns endpoints are exposed by using the kubectl get endpoints command."
| See if you could find any suspicious log. If not, please continue. | ||
|
|
||
| #### Is dns service up? | ||
| Varify through `kubectl get service` command. |
There was a problem hiding this comment.
Varify -> Verify
"Verify that the DNS service is up by using the kubectl get service command.
| ... | ||
| ``` | ||
|
|
||
| If you have created the service or in the case it should be created by default but it does not appear, goto this [debugging services page](http://kubernetes.io/docs/user-guide/debugging-services/) for more information. |
|
|
||
| If you have created the service or in the case it should be created by default but it does not appear, goto this [debugging services page](http://kubernetes.io/docs/user-guide/debugging-services/) for more information. | ||
|
|
||
| Otherwise, let's go ahead. |
| kube-dns 10.180.3.17:53,10.180.3.17:53 1h | ||
| ``` | ||
|
|
||
| If not, again, goto this [debugging services page](http://kubernetes.io/docs/user-guide/debugging-services/) and look for the endpoints section. |
There was a problem hiding this comment.
"If you do not see the endpoints, see endpoints section in the debugging services documentation."
|
|
||
| At last, if you reach here, the final suggestion is still goto this [debugging services page](http://kubernetes.io/docs/user-guide/debugging-services/) and look for the "Is the kube-proxy working?" section. | ||
|
|
||
| Hopefully you would have got some meaningful clues now. For more Kubernetes DNS example go [here](https://github.com/kubernetes/kubernetes/tree/master/examples/cluster-dns). |
There was a problem hiding this comment.
Remove first sentence.
Change second sentence to "For additional Kubernetes DNS examples, see the cluster-dns examples in the Kubernetes GitHub repository."
MrHohn
force-pushed
the
dns-troubleshooting
branch
2 times, most recently
from
0cf60a0
to
6390856
Compare
|
Many thanks for the detailed comments! I changed and pushed the README according to the instructions. PS: Don't know why they are not included in previous PR. So I moved them here as well. |
|
@bowei, can you do a tech review on this, please? |
|
LGTM |
| Errors such as the following indicate a problem with the kube-dns add-on or associated Services: | ||
|
|
||
| ``` | ||
| / # nslookup kubernetes |
There was a problem hiding this comment.
put kubectl exec in front of the command? may not be obvious for novices where this is run from
| or | ||
|
|
||
| ``` | ||
| / # nslookup kubernetes |
| ... | ||
| ``` | ||
|
|
||
| If you see that no pod is running or that the pod has failed/completed, the dns add-on may not be deployed by default in your current environment and you have not deployed it manually. |
There was a problem hiding this comment.
...current environment and you will have to deploy it manually.
|
|
||
| #### Check for Errors in the DNS pod | ||
|
|
||
| Use `kubectl logs` command for detective work. |
There was a problem hiding this comment.
for detective work -> to see logs for the DNS daemons
| kubectl logs --namespace=kube-system $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name) -c healthz | ||
| ``` | ||
|
|
||
| See if you could find any suspicious log like below: |
There was a problem hiding this comment.
We should probably not give the example below, it is confusing -- instead you should probably say something about the log format (W, E, F letter at the beginning represent Warning, Error and Failure) and searching for entries that have these as the logging level.
| F1017 17:39:44.063280 90225 server.go:56] Failed to create a kubernetes client: invalid configuration: no configuration has been provided | ||
| ``` | ||
|
|
||
| Please use [kubernetes issues](https://github.com/kubernetes/kubernetes/issues) to trace/report unintended errors. |
There was a problem hiding this comment.
trace/report...errors. -> report unexpected errors.
| kubectl get svc --namespace=kube-system | ||
| ``` | ||
|
|
||
| You should see something like: |
MrHohn
force-pushed
the
dns-troubleshooting
branch
from
6390856
to
b72518e
Compare
|
Thanks for the comments! Adjusted and pushed a new commit. |
|
LGTM |
k8s-ci-robot
added
the
cncf-cla: yes
…bernetes#1449) * update 2.12 docs to use `linkerd install --crds` before `install` The Linkerd CRDs must be installed before installing the control plane. Most of the "Tasks" docs that require Linkerd to be installed just reference the "Install" task, which demonstrates the use of `install --crds`. However, some of the docs demonstrate alternative configurations or installation methods, and actually show running the `install` command. Many of those docs don't indicate that `linkerd install --crds` must be run first. This branch updates the 2.12 "Tasks" docs to show the use of `linkerd install --crds` prior to running a `linkerd install` command. I think I got all of them? I didn't add `install --crds` in a couple of places where the install command is not piped directly into `kubectl apply`. For example, in the private docker registry documentation, we show piping `linkerd install` into `grep` to get the docker image versions, and in that case, we are not actually installing Linkerd into a cluster in that command example, so the installation won't actually fail. * update helm install instructions too
Updating tags
Fix kubernetes/kubernetes#23981.
This PR added some generic troubleshooting information for kube-dns addon. The addition is pasted below.
@thockin @bowei @philips
Troubleshooting tips.
If above
nslookupcommand does not work, here are some hints:Check the local DNS configuration first
Take a look inside the resolv.conf file. (See "Inheriting DNS from the node" and "Known issues" sections for more information)
You should see the search path and nameserver are set up like below: (search path may vary for different cloud providers)
DNS known issues
If you are using
Alpine(lower than 3.2) as base image, dns may not work properly becauseAlpinebroke dns search paths but fixed it in some later release. Please take a look at here for more detail.Quick diagnosis
If below appears, usually means something is wrong with kube-dns addon or Services
or
Let's continue to debug it.
Is dns pod running?
kubectl get podscommand could tell. (namespace may be "default" or others if you manually deploy it)You should see something like:
If no pod is running or failed/completed, then maybe because this dns addon would not be deployed by default in your current environment and you have not deployed it manually.
Otherwise, please try next hint.
Is dns pod working properly?
Use
kubectl logscommand for detective work.See if you could find any suspicious log. If not, please continue.
Is dns service up?
Varify through
kubectl get servicecommand.You should see something like:
If you have created the service or in the case it should be created by default but it does not appear, goto this debugging services page for more information.
Otherwise, let's go ahead.
Are dns endpoints exposed?
Varify through
kubectl get endpointscommand.You should see something like:
If not, again, goto this debugging services page and look for the endpoints section.
At last, if you reach here, the final suggestion is still goto this debugging services page and look for the "Is the kube-proxy working?" section.
Hopefully you would have got some meaningful clues now. For more Kubernetes DNS example go here.
This change is