| *** fuentess has quit IRC | 01:47 | |
| *** fgiudici has joined #kata-general | 06:40 | |
| *** jodh has joined #kata-general | 07:10 | |
| *** fuentess has joined #kata-general | 12:44 | |
| *** devimc has joined #kata-general | 13:28 | |
| kata-irc-bot | <david_hay> Going to ask an extremely silly question about DNS in the context of the guest VM ( sandbox ? ) that's spun up when using the Kata 2.0 runtime TL;DR; trying to find out from where the guest VM should get it's `/etc/resolv.conf` More details in thread ..... :thread: | 14:58 |
|---|---|---|
| kata-irc-bot | <david_hay> using `kata-runtime` `2.1.0-rc0` on an Ubuntu `20.04` box, with `containerd1.3.3-0ubuntu2.3` and Kubernetes `v1.21.0` | 14:59 |
| kata-irc-bot | <david_hay> It's my understanding (!) that the guest VM ( Fedora, in my case ) "inherits" `/etc/resolv.conf` from the container I'm basing this on a look at rootfs.sh lines 608-615 | 15:02 |
| kata-irc-bot | <david_hay> This is the pod that I'm spinning up ```apiVersion: v1 kind: Pod metadata: name: nginx-kata spec: runtimeClassName: kata containers: - name: nginx image: nginx``` | 15:02 |
| kata-irc-bot | <david_hay> If I inspect the `/etc/resolv.conf` inside the container via `kubectl exec -i -t nginx-kata -- cat /etc/resolv.conf` I can see ```nameserver 10.96.0.10 options ndots:5``` | 15:03 |
| kata-irc-bot | <david_hay> However, if I look inside the guest VM via `kata-runtime exec b85c38774682783d7e925f6bd3a03023624780e784c8715ee4ea6cc180b9183b` I see that `resolv.conf` is empty `ls -al /etc/resolv.conf` ```-rw-r--r-- 1 root root 0 Jun 1 15:39 /etc/resolv.conf``` | 15:04 |
| kata-irc-bot | <david_hay> So, here's the question - from where does the guest VM get it's `resolv.conf` ? | 15:04 |
| devimc | @david_hay the VM gets it from the network manager (if any), it's empty because there is no network manager running in the guest OS | 15:08 |
| devimc | @david_hay the container gets it from k8s, that file is shared from the host to guest through 9p or virtiofs | 15:08 |
| kata-irc-bot | <fidencio> And here's the part that shares it with the container: https://github.com/kata-containers/kata-containers/blob/1255b834272274fa768cb25da4f7004262ec9bdc/src/runtime/virtcontainers/kata_agent.go#L767-L789 | 15:09 |
| kata-irc-bot | <david_hay> OK, and I've seen the various `kataShared` mounts *inside* the guest `mount|grep kata` ```kataShared on /run/kata-containers/shared/containers type virtiofs (rw,relatime) shm on /run/kata-containers/sandbox/shm type tmpfs (rw,relatime) kataShared on /run/kata-containers/b85c38774682783d7e925f6bd3a03023624780e784c8715ee4ea6cc180b9183b/rootfs type virtiofs (rw,relatime) kataShared on | 15:16 |
| kata-irc-bot | /run/kata-containers/4a9201932cb403219439e3e62bc2cafdf1aa20296c0fea8081775891f5762bbb/rootfs type virtiofs (rw,relatime)``` | 15:16 |
| kata-irc-bot | <david_hay> `find /run/kata-containers/ -name resolv.conf` ```/run/kata-containers/4a9201932cb403219439e3e62bc2cafdf1aa20296c0fea8081775891f5762bbb/rootfs/etc/resolv.conf /run/kata-containers/shared/containers/4a9201932cb403219439e3e62bc2cafdf1aa20296c0fea8081775891f5762bbb/rootfs/etc/resolv.conf``` | 15:17 |
| kata-irc-bot | <david_hay> Interestingly, each has a different `resolv.conf` ``` # https://1.1.1.1 (privacy-focused, highly-available DNS service) nameserver 1.1.1.1 nameserver 1.0.0.1``` | 15:17 |
| kata-irc-bot | <david_hay> Different to the container or even the VM that hosts the K8s Compute Node / guest VM | 15:17 |
| kata-irc-bot | <david_hay> @julio.montes I'm obviously being dense here - can't quite work out what I'm missing ... ? | 16:01 |
| devimc | @david_hay did you configure your cni plugin correctly? if you want to have the same resolv.conf in both host and container then you should configure it, see /etc/cni/net.d | 16:20 |
| kata-irc-bot | <david_hay> Good question, let me check ..... :clock1: :clock1: :clock1: :clock1: :thanks_: | 16:52 |
| *** fgiudici has quit IRC | 16:53 | |
| *** jodh has quit IRC | 17:04 | |
| *** fuentess has quit IRC | 17:15 | |
| *** fuentess has joined #kata-general | 17:21 | |
| *** fuentess has quit IRC | 17:42 | |
| *** fuentess has joined #kata-general | 17:47 | |
| kata-irc-bot | <david_hay> So, given that I'm using Calico, I've got `10-calico.conflist` in `/etc/cni/net.d` so assume I need to start tinkering with `nameservers` as per https://github.com/containernetworking/cni/blob/master/SPEC.md#network-configuration Will play more .... | 18:06 |
| devimc | @david_hay take a look to the dns section | 18:28 |
| devimc | nameservers and search subsections | 18:29 |
| kata-irc-bot | <david_hay> Yep, that's what I'm looking at @julio.montes :thanks_: As mentioned, I'm using Calico so looking at `calico.conflist` in `/etc/cni/net.d` | 19:22 |
| *** fuentess has quit IRC | 20:57 | |
| *** fuentess has joined #kata-general | 21:09 | |
| *** devimc has quit IRC | 21:49 | |
| *** fuentess has quit IRC | 22:21 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!