DNS None clusters fails OIDC e2e test
rifelpet opened this issue · 1 comments
rifelpet commented
/kind bug
Since the migration to dns=none by default, the prow e2e grid is failing the OIDC tests:
I0204 15:43:18.456158 1 log.go:198] Full, not-validated claims:
openidmetadata.claims{Claims:jwt.Claims{Issuer:"https://api.internal.e2e-e2e-kops-grid-calico-amzn2-k26.test-cncf-aws.k8s.io/", Subject:"system:serviceaccount:svcaccounts-9692:default", Audience:jwt.Audience{"oidc-discovery-test"}, Expiry:1707061997, NotBefore:1707061397, IssuedAt:1707061397, ID:""}, Kubernetes:openidmetadata.kubeClaims{Namespace:"svcaccounts-9692", ServiceAccount:openidmetadata.kubeName{Name:"default", UID:"15bf3196-cfd3-40cb-9ee0-8f05454c7e85"}}}
I0204 15:43:18.460415 1 log.go:198] Get "https://api.internal.e2e-e2e-kops-grid-calico-amzn2-k26.test-cncf-aws.k8s.io/.well-known/openid-configuration": dial tcp: lookup api.internal.e2e-e2e-kops-grid-calico-amzn2-k26.test-cncf-aws.k8s.io on 100.64.0.10:53: no such host
the test pod created in the cluster is not able to resolve the api.internal domain name.
In #12792 we populate coredns pods' /etc/hosts for gossip clusters. We probably need to expand that to cover dns=none clusters too.