Pages domain verification fails - Allow DnsConfig for webservice pods
Summary
DNS verification of a pages domain keeps failing because it appears dns on the webservice pod tries to append several of the default search domains for our k8s cluster (ie default.svc.cluster.local, svc.cluster.local cluster.local, us-west-1.compute.internal). By default the resolv.conf option ndots is set to 5:
root@gitlab-webservice-default-5d596dc949-9hwm2:/etc# cat resolv.conf
nameserver 172.20.0.10
search default.svc.cluster.local svc.cluster.local cluster.local us-west-1.compute.internal
options ndots:5
By setting ndots to 1 I was able to work around the problem, and get verification to succeed.
I was able to test this by manually changing /etc/resolv.conf on the pod, but obviously that is a poor solution. This option can be set in the pod specification like:
## from: https://pracucci.com/kubernetes-dns-resolution-ndots-options-and-why-it-may-affect-application-performances.html
apiVersion: v1
kind: Pod
metadata:
namespace: default
name: dns-example
spec:
containers:
- name: test
image: nginx
dnsConfig:
options:
- name: ndots
value: "1"
It would be great if the helm chart supported adding a custom dnsConfig at least to the webservice pod, but perhaps to all other pods too.
Note this seems to only effect txt records, as I wasn't able to reproduce with regular A records. I suspect this might also be a bug in coredns too.
Versions
- Chart: gitlab-5.2.1 14.2.1
- Platform:
- Cloud: EKS 1.21
- CoreDNS: 1.84
- Kubernetes: (
kubectl version
)- Client: 1.22
- Server: 1.21
- Helm: (
helm version
)- Client: v3.7.1