DNS None clusters fails OIDC e2e test

Question

DNS None clusters fails OIDC e2e test

rifelpet opened this issue 4 months ago · 1 comments

/kind bug
Since the migration to dns=none by default, the prow e2e grid is failing the OIDC tests:

https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/e2e-kops-grid-calico-amzn2-k26/1754164241511747584

I0204 15:43:18.456158       1 log.go:198] Full, not-validated claims: 
    openidmetadata.claims{Claims:jwt.Claims{Issuer:"https://api.internal.e2e-e2e-kops-grid-calico-amzn2-k26.test-cncf-aws.k8s.io/", Subject:"system:serviceaccount:svcaccounts-9692:default", Audience:jwt.Audience{"oidc-discovery-test"}, Expiry:1707061997, NotBefore:1707061397, IssuedAt:1707061397, ID:""}, Kubernetes:openidmetadata.kubeClaims{Namespace:"svcaccounts-9692", ServiceAccount:openidmetadata.kubeName{Name:"default", UID:"15bf3196-cfd3-40cb-9ee0-8f05454c7e85"}}}
    I0204 15:43:18.460415       1 log.go:198] Get "https://api.internal.e2e-e2e-kops-grid-calico-amzn2-k26.test-cncf-aws.k8s.io/.well-known/openid-configuration": dial tcp: lookup api.internal.e2e-e2e-kops-grid-calico-amzn2-k26.test-cncf-aws.k8s.io on 100.64.0.10:53: no such host

the test pod created in the cluster is not able to resolve the api.internal domain name.

In #12792 we populate coredns pods' /etc/hosts for gossip clusters. We probably need to expand that to cover dns=none clusters too.