k8gb-coredns Pod CrashLoopBack on OpenShift :: listen tcp :53: bind: permission denied

[ksingh7]

Hi

I have been trying to setup k8gb on an OpenShift environment v4.5

The error that i am receiving from k8gb-coredns pod is

[INFO] plugin/k8s_crd: Filter: [k8gb.absa.oss/dnstype=local]
[INFO] plugin/k8s_crd: negTTL: 300
[INFO] plugin/k8s_crd: Starting k8s_crd controller
Listen: listen tcp :53: bind: permission denied

So far i have tried adding multiple changes in the helm values.yaml but none of them worked

1. Tried default based on the examples from /docs/examples/route53/k8gb/k8gb-cluster-eu-west-1.yaml (ofcourse changing required values. This did not worked

2. So i tried adding , and this did not work either

openshift:
  enabled: true

3. Then i tried adding, no luck :(

coredns:
  serviceType: LoadBalancer
  service:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-type: nlb
  serviceAccount:
    create: true
    name: coredns

4. Currently my helm values.yaml look like this

k8gb:
  dnsZone: "k8gb.example.in" # dnsZone controlled by gslb
  edgeDNSZone: "example.in" # main zone which would contain gslb zone to delegate
  edgeDNSServer: "169.254.169.253" # use this DNS server as a main resolver to enable cross k8gb DNS based communication
  clusterGeoTag: "okd" # used for places where we need to distinguish between differnet Gslb instances
  extGslbClustersGeoTags: "okd2" # comma-separated list of external gslb geo tags to pair with

externaldns:
  image: k8s.gcr.io/external-dns/external-dns:v0.9.0
  interval: "20s"
  securityContext:
    fsGroup: 65534 # For ExternalDNS to be able to read Kubernetes and AWS token files
    runAsUser: 1000
    runAsNonRoot: true

route53:
  enabled: true
  hostedZoneID: Zxxxxxx
  irsaRole: arn:aws:iam::xxx:role/external-dns-k8gb-cluster-okd

coredns:
  serviceType: LoadBalancer
  service:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-type: nlb
  serviceAccount:
    create: true
    name: coredns

openshift:
  enabled: true

Here is the output of kubectl get all -n k8gb , if this helps

NAME                                READY   STATUS             RESTARTS   AGE
pod/k8gb-coredns-84885db94f-tmftv   0/1     CrashLoopBackOff   9          24m

NAME                   TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
service/k8gb-coredns   LoadBalancer   172.30.227.150   <pending>     53:30956/UDP   24m

NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/external-dns   0/1     0            0           24m
deployment.apps/k8gb           0/1     0            0           24m
deployment.apps/k8gb-coredns   0/1     1            0           24m

NAME                                      DESIRED   CURRENT   READY   AGE
replicaset.apps/external-dns-75f4d7f7b6   1         0         0       24m
replicaset.apps/k8gb-84875b46d4           1         0         0       24m
replicaset.apps/k8gb-coredns-84885db94f   1         1         0       24m

Does k8gb works with OpenShift ? Can you share your values.yam or changes that are needed to get it working on OpenShift

[ksingh7]

@ytsarev have you tried k8gb on OpenShift by any chance ? or do you know if anyone else ?

[k0da]

@ksingh7 I believe this is a duplicate of #423

[k0da]

should be fixed in master

[jkremser]

.. tried k8gb on OpenShift by any chance ? or do you know if anyone else ?

@ksingh7 I am running it on code ready containers locally. Besides the coredns port that must be higher than 1024, I had to also remove the runAsUser key-value pairs from coredns and operator's deployments. Or provide a UID from that range ( [1000620000, 1000629999]).

If you have the operator-sdk installed, you can try

oc create ns k8gbtest && operator-sdk run bundle -n k8gbtest docker.io/jkremser/k8gb-bundle:0.0.4

(or install it from the community index where it has landed couple of days ago - https://operatorhub.io/operator/k8gb)