Issue about setting Automation Suite: DNS Validation Failed from container

Long_Nguyen_Hong_CMCTSSG · September 14, 2022, 2:13am

Hello,
There is an error in the Automation Suite installation step, please help me to fix it
“DNS Validation Failed from container”

Roberto_Kopp · September 15, 2022, 1:46pm

hello Long_Nguyen_Hong_CMCTSSG,

wanted to share that we are going through the same situation. We actually have one instance that’s up and running in AWS (2021.10.4), but when setting up 2022.4 in an Azure environment we encountered the same DNS issue after istio configuration. Comparing the logs, only difference is that it’s failing the validation. We have not yet found the root cause, as we have reached to the support teams to understand the cause. Looking at the kube logs we found references to containers trying to reach the nameservers with a timeout

Port 53 fails to connect when using netcat, while we get a response from the AWS server (the instance that’s running) but the Azure management team stated that all ports are open. Running nslookup to the fqdn returns success . We have tried disabling the firewallD that was running locally, but without success either.
when running lsof on port 53 we noticed system-resolved active on the port, so we disabled it just in case but still no progress in the setup/netcat connectivity.

In what environment are you setting the instance?

Long_Nguyen_Hong_CMCTSSG · September 15, 2022, 3:48pm

I have installed DNS from Azure server

Long_Nguyen_Hong_CMCTSSG · September 20, 2022, 7:54am

Hi @Roberto_Kopp. Do you have any way to solve this problem?

Roberto_Kopp · October 12, 2022, 2:48pm

hi @TonyStark,
in our case the root cause was the firewalld. We actually managed to sort by disabling it and rebooting.
But ideally you would want to have the ports open. I have found this reference which I couldn’t fully test due to lack of environment to do so. but actually implemented aftewards as I had issues after installation with firewalld (masquerade seems to be what makes it really work)

firewall-cmd --permanent --add-port=6443/tcp # Kubernetes API server

firewall-cmd --permanent --add-port=2379-2380/tcp # etcd server client API

firewall-cmd --permanent --add-port=10250/tcp # Kubelet API

firewall-cmd --permanent --add-port=10251/tcp # kube-scheduler

firewall-cmd --permanent --add-port=10252/tcp # kube-controller-manager

firewall-cmd --permanent --add-port=8285/udp # Flannel

firewall-cmd --permanent --add-port=8472/udp # Flannel

firewall-cmd --add-masquerade --permanent

Most Active Users - Yesterday
Anil_G
Yoichi
Shiva_Nikhil
Sara_Piana
Palaniyappan
Morten_Rasmussen
pere
lrtetala
Anirudh_Tugawe
jlpath
More details...