So I need help with a split dns approach, or a direct fix, normally when running my tunnel on the simplest configuration I get this error:
Couldn't resolve SRV record &{region1.v2.argotunnel.com. 7844 1 1}: lookup region1.v2.argotunnel.com. on 10.43.0.10:53: read udp 172.16.91.156:54443->10.43.0.10:53: i/o timeout
When I tried to change the nameserver to cloudflare to make it accessible I get this error:
2025-04-07T10:06:38Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup traefik on 1.1.1.1:53: no such host" connIndex=3 event=1 ingressRule=3 originService=http://traefik/
2025-04-07T10:06:38Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup traefik on 1.1.1.1:53: no such host" connIndex=3 dest=https://nextcloud.spidershomelab.xyz/index.php/204 event=0 ip=198.41.200.233 type=http
apiVersion: apps/v1
kind: Deployment
metadata:
name: tunnel
labels:
app: tunnel
spec:
replicas: 1
selector:
matchLabels:
app: tunnel
template:
metadata:
labels:
app: tunnel
spec:
dnsPolicy: None
dnsConfig:
nameservers:
- 1.1.1.1
- 10.43.0.10
# searches:
# - default.svc.cluster.local
hostNetwork: true
containers:
- name: tunnel
image: cloudflare/cloudflared:latest
args:
- tunnel
- --no-autoupdate
- run
env:
- name: TUNNEL_TOKEN
valueFrom:
configMapKeyRef:
name: env
key: CLOUDFLARE_TUNNEL_TOKEN
restartPolicy: Always
Anyone know why cf tunnels is asking the wrong DNS server? I know i specified 1.1.1.1 but it should have also asked kubedns as I specified its ip I do have to specify its nameserver or else it does not work, it wont be able to connect to their argotunnel domain without going through 1.1.1.1
kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 12d
also its the correct ip I would like it, if you cant give direct advice, to try this deployment, and add a custom dns server that idk, configures it so that correct ip queries goes to 1.1.1.1 and the rest kubedns, i dried coredns, and other dns servers and I couldnt get anything to work I am trying the nameserver 1.1.1.1 because otherwise I get the error mentioned above. and no, I am not running a firewall nor anything that should block it outside of k8s, as it runs perfectly fine on the host.
Not trying to subvert your issue but why not use something that makes the tunnel an easy to make ingress the kubernetes way? I don’t use cf tunnels so I havent use this but it seems to be a proper solution.
https://github.com/STRRL/cloudflare-tunnel-ingress-controller
Edit: An operator linked in that github project could be useful too if you want to support udp and such https://github.com/adyanth/cloudflare-operator
It does not work, as long as it goes to a cloudflare domain, the is a io timeout because of some DNS issue, any other suggestions?
If you are still using the setup in the post with what I suggested that’d probably be why. You wouldn’t need a tunnel container anymore, host networking, nor DNS settings. Just a web service that you want to expose. Is the host able to resolve the same domains properly?
I solved the issue, the jellyfin pod for some reason was connecting to the wrong endpoint for the internal kube-dns service, I fixed that, and also made it use the internal pods FQDN and it works.