from SpiderUnderUrBed@lemmy.zip to homelab@lemmy.ml on 14 Apr 08:58
https://lemmy.zip/post/36326940
So I need help with a split dns approach, or a direct fix, normally when running my tunnel on the simplest configuration I get this error:
Couldn't resolve SRV record &{region1.v2.argotunnel.com. 7844 1 1}: lookup region1.v2.argotunnel.com. on 10.43.0.10:53: read udp 172.16.91.156:54443->10.43.0.10:53: i/o timeout
When I tried to change the nameserver to cloudflare to make it accessible I get this error:
2025-04-07T10:06:38Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup traefik on 1.1.1.1:53: no such host" connIndex=3 event=1 ingressRule=3 originService=http://traefik/ 2025-04-07T10:06:38Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup traefik on 1.1.1.1:53: no such host" connIndex=3 dest=https://nextcloud.spidershomelab.xyz/index.php/204 event=0 ip=198.41.200.233 type=http
apiVersion: apps/v1
kind: Deployment
metadata:
name: tunnel
labels:
app: tunnel
spec:
replicas: 1
selector:
matchLabels:
app: tunnel
template:
metadata:
labels:
app: tunnel
spec:
dnsPolicy: None
dnsConfig:
nameservers:
- 1.1.1.1
- 10.43.0.10
# searches:
# - default.svc.cluster.local
hostNetwork: true
containers:
- name: tunnel
image: cloudflare/cloudflared:latest
args:
- tunnel
- --no-autoupdate
- run
env:
- name: TUNNEL_TOKEN
valueFrom:
configMapKeyRef:
name: env
key: CLOUDFLARE_TUNNEL_TOKEN
restartPolicy: Always
Anyone know why cf tunnels is asking the wrong DNS server? I know i specified 1.1.1.1 but it should have also asked kubedns as I specified its ip I do have to specify its nameserver or else it does not work, it wont be able to connect to their argotunnel domain without going through 1.1.1.1
kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 12d
also its the correct ip I would like it, if you cant give direct advice, to try this deployment, and add a custom dns server that idk, configures it so that correct ip queries goes to 1.1.1.1 and the rest kubedns, i dried coredns, and other dns servers and I couldnt get anything to work I am trying the nameserver 1.1.1.1 because otherwise I get the error mentioned above. and no, I am not running a firewall nor anything that should block it outside of k8s, as it runs perfectly fine on the host.
threaded - newest
Not trying to subvert your issue but why not use something that makes the tunnel an easy to make ingress the kubernetes way? I don’t use cf tunnels so I havent use this but it seems to be a proper solution.
github.com/…/cloudflare-tunnel-ingress-controller
Edit: An operator linked in that github project could be useful too if you want to support udp and such github.com/adyanth/cloudflare-operator
It does not work, as long as it goes to a cloudflare domain, the is a io timeout because of some DNS issue, any other suggestions?
If you are still using the setup in the post with what I suggested that’d probably be why. You wouldn’t need a tunnel container anymore, host networking, nor DNS settings. Just a web service that you want to expose. Is the host able to resolve the same domains properly?
I solved the issue, the jellyfin pod for some reason was connecting to the wrong endpoint for the internal kube-dns service, I fixed that, and also made it use the internal pods FQDN and it works.