overview for SpiderUnderUrBed

Cloudflare Tunnels is using the wrong DNS server on my k8s cluster in c/selfhosted@lemmy.world

[–] SpiderUnderUrBed@lemmy.zip 1 points 1 week ago

Nevermind, fixed, this is what I tried applying, or maybe i should have waited for a bit and it might of worked, regardless, just incase its useful to anyone:

apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        errors
        health
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
            pods insecure
            fallthrough in-addr.arpa ip6.arpa
        }
        hosts /etc/coredns/NodeHosts {
            ttl 60
            reload 15s
            fallthrough
        }
        prometheus :9153
        forward . 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4
        cache 30
        loop
        reload
        loadbalance
    }

The issue is solved now, thanks

Cloudflare Tunnels is using the wrong DNS server on my k8s cluster in c/selfhosted@lemmy.world

[–] SpiderUnderUrBed@lemmy.zip 2 points 1 week ago (2 children)

Ok so, I think it was running on the wrong node and using thats resolv.conf which I did not update, but I am getting a new issue:

2025-05-02T21:42:30Z INF Starting tunnel tunnelID=72c14e86-612a-46a7-a80f-14cfac1f0764
2025-05-02T21:42:30Z INF Version 2025.4.2 (Checksum b1ac33cda3705e8bac2c627dfd95070cb6811024e7263d4a554060d3d8561b33)
2025-05-02T21:42:30Z INF GOOS: linux, GOVersion: go1.22.5-devel-cf, GoArch: arm64
2025-05-02T21:42:30Z INF Settings: map[no-autoupdate:true]
2025-05-02T21:42:30Z INF Environmental variables map[TUNNEL_TOKEN:*****]
2025-05-02T21:42:30Z INF Generated Connector ID: 7679bafd-f44f-41de-ab1e-96f90aa9cc34
2025-05-02T21:42:40Z ERR Failed to fetch features, default to disable error="lookup cfd-features.argotunnel.com on 10.90.0.10:53: dial udp 10.90.0.10:53: i/o timeout"
2025-05-02T21:43:30Z WRN Unable to lookup protocol percentage.
2025-05-02T21:43:30Z INF Initial protocol quic
2025-05-02T21:43:30Z INF ICMP proxy will use 10.60.0.194 as source for IPv4
2025-05-02T21:43:30Z INF ICMP proxy will use fe80::eca8:3eff:fef1:c964 in zone eth0 as source for IPv6

2025-05-02T21:42:40Z ERR Failed to fetch features, default to disable error="lookup cfd-features.argotunnel.com on 10.90.0.10:53: dial udp 10.90.0.10:53: i/o timeout"

kube-dns usually isnt supposed to give a i/o timeout when going to external domains, im pretty sure its supposed to forward it to another dns server, or do i have to configure that?

11

Cloudflare Tunnels is using the wrong DNS server on my k8s cluster (lemmy.zip)

submitted 1 week ago* (last edited 1 week ago) by SpiderUnderUrBed@lemmy.zip to c/selfhosted@lemmy.world

4 comments fedilink

https://pastebin.com/gqPLwSFq

^ output of my resolv.conf and cloudflare logs

kube-system kube-dns ClusterIP 10.90.0.10 <none> 53/UDP,53/TCP,9153/TCP 2d15h

^ my service ip for kubedns

https://pastebin.com/BCBhh8aj

^ my cloudflare config

How come, despite there being no mention of 8.8.8.8 on my system, in any other dns file for kubedns, not in my resolv.conf, tunnels, is now, incorrectly, trying to use that, to resolve internal ips, it does not make any sense

I think internal DNS resolution is overall working fine, here is a example of me accessing traefik from one of my pods:

spiderunderurbed@raspberrypi:~/k8s $ kubectl exec -it wordpress-7767b5d9c4-qh59n -- curl traefik.default.svc.cluster.local 
404 page not found
spiderunderurbed@raspberrypi:~/k8s $

^ means traefik was accessed, it is accessed as its my ingress, and there is nothing about 8.8.8.8 in there, might be baked in my CF.

12

Is it possible to set what DNS server cloudflare tunnels uses when resolving local ips? (lemmy.zip)

submitted 1 week ago by SpiderUnderUrBed@lemmy.zip to c/selfhosted@lemmy.world

3 comments fedilink

Title. I am in a k8s cluster, and I constantly get DNS issues in it, for some reason, it is using my resolv.conf, and since I have tailscale it tends to overwrite my resolv.conf, i don't think there is a way to fix it, also, I have multiple clusters and I don't know how to exactly use the proper names, I set up stuff like PowerDNS, but I want it so that, some of cloudflare tunnels queries goes through this nameserver, while some of it goes through other nameservers, the way k8s handles dns internally leads to some weird stuff where, if a DNS server says NXDOMAIN, it wont try the next one, and just general buggy behavior.

(to better explain, I dont have direct ips in my tunnel configuration, as I would have to change them often, I use DNS names, and intend to continue using DNS)

I swapped the entire school computers to linux mint in c/linux@lemmy.ml

[–] SpiderUnderUrBed@lemmy.zip 10 points 1 week ago

??? He said he talked to the principal multiple times

Cloudflare Tunnels is not working (DNS is broken) in c/homelab@lemmy.ml

[–] SpiderUnderUrBed@lemmy.zip 2 points 3 weeks ago

I solved the issue, the jellyfin pod for some reason was connecting to the wrong endpoint for the internal kube-dns service, I fixed that, and also made it use the internal pods FQDN and it works.

Cloudflare Tunnels is not working (DNS is broken) in c/homelab@lemmy.ml

[–] SpiderUnderUrBed@lemmy.zip 1 points 3 weeks ago (2 children)

It does not work, as long as it goes to a cloudflare domain, the is a io timeout because of some DNS issue, any other suggestions?

3

Cloudflare Tunnels is not working (DNS is broken) (lemmy.zip)

submitted 1 month ago* (last edited 1 month ago) by SpiderUnderUrBed@lemmy.zip to c/homelab@lemmy.ml

4 comments fedilink

So I need help with a split dns approach, or a direct fix, normally when running my tunnel on the simplest configuration I get this error:


Couldn't resolve SRV record &{region1.v2.argotunnel.com. 7844 1 1}: lookup region1.v2.argotunnel.com. on 10.43.0.10:53: read udp 172.16.91.156:54443->10.43.0.10:53: i/o timeout

When I tried to change the nameserver to cloudflare to make it accessible I get this error:

2025-04-07T10:06:38Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup traefik on 1.1.1.1:53: no such host" connIndex=3 event=1 ingressRule=3 originService=http://traefik/
2025-04-07T10:06:38Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup traefik on 1.1.1.1:53: no such host" connIndex=3 dest=https://nextcloud.spidershomelab.xyz/index.php/204 event=0 ip=198.41.200.233 type=http

apiVersion: apps/v1
kind: Deployment
metadata:
  name: tunnel
  labels:
    app: tunnel
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tunnel
  template:
    metadata:
      labels:
        app: tunnel
    spec:
      dnsPolicy: None
      dnsConfig:
        nameservers:
          - 1.1.1.1
          - 10.43.0.10
#        searches:
#          - default.svc.cluster.local
      hostNetwork: true
      containers:
        - name: tunnel
          image: cloudflare/cloudflared:latest
          args:
            - tunnel
            - --no-autoupdate
            - run
          env:
            - name: TUNNEL_TOKEN
              valueFrom:
                configMapKeyRef:
                  name: env
                  key: CLOUDFLARE_TUNNEL_TOKEN
      restartPolicy: Always

Anyone know why cf tunnels is asking the wrong DNS server? I know i specified 1.1.1.1 but it should have also asked kubedns as I specified its ip I do have to specify its nameserver or else it does not work, it wont be able to connect to their argotunnel domain without going through 1.1.1.1


kube-dns   ClusterIP   10.43.0.10   <none>        53/UDP,53/TCP,9153/TCP   12d

also its the correct ip I would like it, if you cant give direct advice, to try this deployment, and add a custom dns server that idk, configures it so that correct ip queries goes to 1.1.1.1 and the rest kubedns, i dried coredns, and other dns servers and I couldnt get anything to work I am trying the nameserver 1.1.1.1 because otherwise I get the error mentioned above. and no, I am not running a firewall nor anything that should block it outside of k8s, as it runs perfectly fine on the host.

3

Traefik: services can no longer access assets when stripping first prefix (how to set base url) (lemmy.zip)

submitted 1 month ago by SpiderUnderUrBed@lemmy.zip to c/homelab@lemmy.ml

1 comments fedilink

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: strip-first-prefix
  namespace: default
spec:
#  replacePathRegex:
#    regex: "^/[^/]+(.*)"
#    replacement: "$1"
  stripPrefix:
    prefixes:
      #- "/dashboard"
      #- "/api"
      - "/gitea"
      - "/wordpress"
      - "/vaultwarden"
      - "/pdns"
      - "/glance"
      - "/immich"

So I have a issue. whenever I accessed all of my services via 192.168.1.22/wordpress for example. it forwarded that /wordpress to the actual wordpress domain, leading to page not found, however when i strip the initial proefix, i can access the base page, however, when lets say wordpress wants any css or assets, it will look at 192.168.1.22/assets which wont work, so basically, I need a way for sort of, emulate the url paths, so it wont take actual queries to places that dont exist and tries to access resources the incorrect way, i know siteURL exists for WP, but i want a catchall solution which helps my other services.