6

Im overriding the the dns policy of a pod since I'm facing a issue with default /etc/resolv.conf of the pod. Another issue is that the pod is not able to connect to smtp server server due to default /etc/resolv.conf of the pod

Hence the dnspolicy that is desired to be applied to the deployment/pod is:

      dnsConfig:
        nameservers:
          - <ip-of-the-node>
        options:
          - name: ndots
            value: '5'
        searches:
          - monitoring.svc.cluster.local
          - svc.cluster.local
          - cluster.local
      dnsPolicy: None

In the above configuration the nameservers needs to be IP of the node where pod gets deployed. Since I have three worker nodes, I cannot hard-code the value to specific worker node's IP. I would not prefer configuring the pod to get deployed to particular node since if the resources are not sufficient for the pod to get deployed in a particular node, the pod might remain in pending state.

How can I make the nameservers to get value of the IP address of the node where pod gets deployed?

Or is it possible to update the nameservers with some kind a of a generic argument so that the pod will be able to connect to smtp server.

Rakesh Kotian
  • 175
  • 3
  • 20

1 Answers1

4

dnsConfig support up to 3 IP addresses specified so theoretically you could hard code it in the nameservers field. However as a workaround you can pass node ip address as a env variable and then pass it to the pod. Example:

spec:
  containers:
  - name: envar-demo-container
    command: ["/bin/sh"]
    args: ["-c", "printenv NODE_IP >> /etc/resolv.conf"]
    image: nginx
    env:
    - name: NODE_IP
      valueFrom:
        fieldRef: 
          fieldPath: status.hostIP

fieldPath: status.hostIP takes IP address of the node that pod is deployed on and saves it as a environment variable. Then it is written to /etc/resolv.conf.

kool
  • 3,214
  • 1
  • 10
  • 26
  • Wow, thanks for the solution, Once i update with above changes im getting a error: `/bin/sh: can't create /etc/resolv.conf: Permission denied` . Im using image `grafana:7.1.5` which is having securityContext `fsGroup` and `runAsUser` as `472`. – Rakesh Kotian Oct 13 '20 at 22:26
  • To run the pod as root, I have tried updating securityContext `runAsUser: 0` but unfortunately grafana pod goes into crashloopbackoff with this change – Rakesh Kotian Oct 13 '20 at 22:29
  • You can create a pod security policy and run `privileged` pod https://kubernetes.io/docs/concepts/policy/pod-security-policy/#privileged – kool Oct 14 '20 at 08:42