1

I had an Ubuntu 20.04 server which was used for CI/CD and it was using Docker on it to build and publish images.

The resources were not that much requested so I decided to install Kubernetes on that server to add a second master node to my k8s cluster.

Therefore I ran kubespray on it as a Master node and the installation completed successfully. Since the install of k8s I get a strange issue.

Using the command line kubectl exec -it podname -- sh I can do a nslookup google.com and it works fine.

Server:     192.168.1.1
Address:    192.168.1.1:53

Non-authoritative answer:
Name:   google.com
Address: 2607:f8b0:4020:805::200e

Non-authoritative answer:
Name:   google.com
Address: 172.217.13.142

Once I used the docker exec -it ubuntu bash command line I cannot resolve any dns entry once in a pure docker container not using kubernetes layer.

The docker daemon uses the kubernetes dns to resolve. In the file /etc/systemd/system/docker.service.d/docker-dns.conf it is setup as

Environment="DOCKER_DNS_OPTIONS=\
    --dns 10.233.0.3 --dns 127.0.0.53  \
    --dns-search default.svc.cluster.local --dns-search svc.cluster.local --dns-search lan  \
    --dns-opt ndots:2 --dns-opt timeout:2 --dns-opt attempts:2"

Is it possible to run pure docker container on a k8s node?

Update

After a while passed at debugging I figured out it is not the a DNS issue but rather the entire traffic not able to get outside the docker network.

I figured this out when I tried to use apt update and I could see it was able to resolve the repository address but in no way it was able to reach the mirror.

Until I have more time I will just host another cicd server and not mixed k8s node with anything else.

drivard
  • 407
  • 1
  • 6
  • 17
  • Be careful about trying to configure docker to use what appears to be a CNI address without teaching it about the full CNI setup; AFAIK docker does its own network management, so 10.233.0.3 might not mean anything outside of kubernetes (Service and Pod addresses are figments of your Node's imagination). The rest of the question is: if you have kubernetes on the Node, why do you want to run "bare" docker anyway? Seems self defeating – mdaniel Sep 21 '20 at 03:30
  • They are images built and published to a registry to be later on used on the k8s cluster. – drivard Sep 21 '20 at 03:34
  • So you reference k8s hostnames in your `Dockerfile`s? If so, are you sure you wouldn't be happier with DIND or kaniko inside your cluster? – mdaniel Sep 21 '20 at 03:39
  • I do not reference any kubernetes hostname. As I wrote before installing kubernetes on the node I was using it as our CI/CD server were we built our code inside Docker images and published them to a registry. Once I installed kubernetes on top of it. Then docker builds started to fail. While debugging even more I think dns is fine, but it can't reach the outside. – drivard Sep 21 '20 at 03:53
  • Trying to update the container using apt it find the ip address of the mirror but can't reach it. ```docker run -it --rm ubuntu bash root@6bd674f81144:/# apt update Err:1 http://archive.ubuntu.com/ubuntu focal InRelease Could not connect to archive.ubuntu.com:80 (91.189.88.142), connection timed out Unable to connect to archive.ubuntu.com:http:``` – drivard Sep 21 '20 at 03:54
  • Can you paste above information into post ? – Malgorzata Sep 21 '20 at 08:37
  • That doesn't appear to be a DNS problem, that appears to be a proxy problem (if I were guessing) – mdaniel Sep 21 '20 at 17:09
  • Possible, yes, Advisable, absolutely not. If you're running K8s on a host don't try and do anything manually within Docker. If you do want to run stuff manually just assume it's not within your cluster. – Timothy c Sep 23 '20 at 20:24
  • @Timothyc I didn't wanted it to be considered within the k8s. I only wanted the docker daemon to run outside the k8s context but didn't wanted to waste resources for nothing. Since I didn't figured out how to get it to work I am building a new node. – drivard Sep 24 '20 at 00:50

0 Answers0