external-secrets/kubernetes-external-secrets

getaddrinfo ENOTFOUND with newest versions

kkendzia opened this issue · 4 comments

Hi,
at the moment I update all versions for our local deployments (with kind). We use a local dnsmasq container which resolves fine. The problem is, that all containers can resolve the local vault address, but not external-secrets. I've read about that node has a problem with this itself, but I don't have any idea how to fix this. Maybe you know. I've updated from 1.19.7 and ext-sec 6.4.0 (there everything worked out just fine).

kind-image: kindest/node:v1.22.2
external-secrets helm: 8.3.2
ldd: ldd --version
musl libc (x86_64)
Version 1.2.2

nslookup works fine in the ext-sec container or in every other, but not inside node.

{"level":50,"message_time":"2021-10-26T08:02:36.762Z","pid":23,"hostname":"extsec-kubernetes-external-secrets-6bd4b4d7b9-cj8h2","payload":{"name":"RequestError","message":"Error: getaddrinfo ENOTFOUND vault.dev.local.mydomain.tld","cause":{"errno":-3008,"code":"ENOTFOUND","syscall":"getaddrinfo","hostname":"vault.dev.local.mydomain.tld"},"error":{"errno":-3008,"code":"ENOTFOUND","syscall":"getaddrinfo","hostname":"vault.dev.local.mydomain.tld"},"options":{"json":{"role":"kube-auth","jwt":"eyJhbGciOiJSUzI1NiIsImtpZCI6Ii1sVmJpTld3X2x2WWJSSmNpWGducktkNW92RkhfUHRaakcyNDlLZGNWX2cifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjY2NzcwNjU2LCJpYXQiOjE2MzUyMzQ2NTYsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJleHRzZWMtc3lzdGVtIiwicG9kIjp7Im5hbWUiOiJleHRzZWMta3ViZXJuZXRlcy1leHRlcm5hbC1zZWNyZXRzLTZiZDRiNGQ3YjktY2o4aDIiLCJ1aWQiOiI0OWEwN2I5YS04MTQyLTRkMDUtYWRkNy1hYjkyNDJmMTYzNTkifSwic2VydmljZWFjY291bnQiOnsibmFtZSI6ImV4dHNlYy1rdWJlcm5ldGVzLWV4dGVybmFsLXNlY3JldHMiLCJ1aWQiOiJiMjM2NzQ5Mi1hZGYyLTQwOTctODIxNy02MDY3YzNkMjMyNzQifSwid2FybmFmdGVyIjoxNjM1MjM4MjYzfSwibmJmIjoxNjM1MjM0NjU2LCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZXh0c2VjLXN5c3RlbTpleHRzZWMta3ViZXJuZXRlcy1leHRlcm5hbC1zZWNyZXRzIn0.dzTB_U8Cjj_AcsUEXzY6lFslJysL-5uv3bm9MhowOqmqMTl4a8B667KQGHejtlE7kMapwu-gaox_nTO8--rrU202C6n_W444G-55xM9fHxeoBWSWccDwAocaryzUZWG-rd7NnDDrKvNQh7mWxLBxPnylDA-0HQIo0G2mRBw9x09dZBUD_fPIReTLEnEP0y2IzfnmcM0qEwsPxwB91cbQYWGheK3uR7CVabR_fI_RtDs-jfnPAFBenxoIPkUjR2i60ayb3R1zYsSGK0BukKTeP9pQJcAIEjhkltJbqk2Z_aPP6WuzIikQ-nETBKMHgAoTaIrmFFuEjOH03dQL8zITtQ"},"resolveWithFullResponse":true,"simple":false,"strictSSL":true,"followAllRedirects":true,"method":"POST","path":"/auth/k8s-local/login","headers":{},"uri":"https://vault.dev.local.mydomain.tld/v1/auth/k8s-local/login","transform2xxOnly":false}},"msg":"failure while polling the secret kind-demo/kind-demo-external-secret-file"}

Same issue, non-determenistic occurences.
Reproduced on k3s v1.22.3+k3s1.
Not reproduced on 1.21 version.

For those who struggled with this issue on K3s - it doesn't have anything with kubernetes-external-secrets. It was DNS/networking issue in K3s.

Solved using installation below:
curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_VERSION="v1.22.3+k3s1" INSTALL_K3S_EXEC="server --flannel-backend=host-gw --disable traefik --disable servicelb --disable-network-policy" sh -

Pay attention at flannel backend

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.

This issue was closed because it has been stalled for 30 days with no activity.