Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hairpin proxy controller does not update coredns config map #18

Open
bpereto opened this issue Apr 8, 2022 · 1 comment
Open

hairpin proxy controller does not update coredns config map #18

bpereto opened this issue Apr 8, 2022 · 1 comment

Comments

@bpereto
Copy link

bpereto commented Apr 8, 2022 

I, [2022-04-08T15:35:38.303359 #1]  INFO -- : Corefile has changed! New contents:
.:53 {
    rewrite name foo.foo.ch hairpin-proxy.hairpin-proxy.svc.cluster.local # Added by hairpin-proxy
          errors
          health
          kubernetes cluster.local in-addr.arpa ip6.arpa {
             pods insecure
             fallthrough in-addr.arpa ip6.arpa
          }
          prometheus :9153
          forward . /etc/resolv.conf
          cache 30
          loop
          reload
          loadbalance
      }
Sending updated ConfigMap to Kubernetes API server...

but the resulting config map then does not contain the updated config with rewrites:

kubectl get configmap -n kube-system coredns -o=jsonpath='{.data.Corefile}'

      .:53 {
          errors
          health
          kubernetes cluster.local in-addr.arpa ip6.arpa {
             pods insecure
             fallthrough in-addr.arpa ip6.arpa
          }
          prometheus :9153
          forward . /etc/resolv.conf
          cache 30
          loop
          reload
          loadbalance
      }

What do i miss? I use the standard ingress-nginx (no Target override necessary.)
@leoslf
Copy link

leoslf commented Feb 22, 2023

Hi @bpereto,

What do i miss? I use the standard ingress-nginx (no Target override necessary.)

I guess you have to apply some ingress that uses the domains you want it to rewrite in spec.tls.hosts, since hairpin-proxy in fact just scans for the ingresses for their spec.tls.hosts and have them updated to the coredns configmap in kube-system.

e.g.

      apiVersion: networking.k8s.io/v1
      kind: Ingress
      metadata:
        name: foo
        namespace: foo
      spec:
        tls:
          - hosts:
              - a.foo.com
              - b.foo.com
            secretName: foo-staging
        rules:
          - host: "*.foo.com"
            http:
              paths:
                - path: /
                  pathType: Prefix
                  backend:
                    service:
                      name: hello-world
                      port:
                        number: 5678

Besides, just in case, using bitnami helm chart for ingress-nginx-controller requires setting fullnameOverride: ingress-nginx-controller in the values.

Thanks,
Leo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bpereto @leoslf