this post was submitted on 14 Apr 2025
3 points (66.7% liked)

homelab

7535 readers
1 users here now

founded 4 years ago
MODERATORS
[email protected]
3
Cloudflare Tunnels is not working (DNS is broken) (lemmy.zip)
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
4 comments fedilink hide all child comments
 

So I need help with a split dns approach, or a direct fix, normally when running my tunnel on the simplest configuration I get this error:


Couldn't resolve SRV record &{region1.v2.argotunnel.com. 7844 1 1}: lookup region1.v2.argotunnel.com. on 10.43.0.10:53: read udp 172.16.91.156:54443->10.43.0.10:53: i/o timeout

When I tried to change the nameserver to cloudflare to make it accessible I get this error:

2025-04-07T10:06:38Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup traefik on 1.1.1.1:53: no such host" connIndex=3 event=1 ingressRule=3 originService=http://traefik/
2025-04-07T10:06:38Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup traefik on 1.1.1.1:53: no such host" connIndex=3 dest=https://nextcloud.spidershomelab.xyz/index.php/204 event=0 ip=198.41.200.233 type=http

apiVersion: apps/v1
kind: Deployment
metadata:
  name: tunnel
  labels:
    app: tunnel
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tunnel
  template:
    metadata:
      labels:
        app: tunnel
    spec:
      dnsPolicy: None
      dnsConfig:
        nameservers:
          - 1.1.1.1
          - 10.43.0.10
#        searches:
#          - default.svc.cluster.local
      hostNetwork: true
      containers:
        - name: tunnel
          image: cloudflare/cloudflared:latest
          args:
            - tunnel
            - --no-autoupdate
            - run
          env:
            - name: TUNNEL_TOKEN
              valueFrom:
                configMapKeyRef:
                  name: env
                  key: CLOUDFLARE_TUNNEL_TOKEN
      restartPolicy: Always

Anyone know why cf tunnels is asking the wrong DNS server? I know i specified 1.1.1.1 but it should have also asked kubedns as I specified its ip I do have to specify its nameserver or else it does not work, it wont be able to connect to their argotunnel domain without going through 1.1.1.1


kube-dns   ClusterIP   10.43.0.10   <none>        53/UDP,53/TCP,9153/TCP   12d

also its the correct ip I would like it, if you cant give direct advice, to try this deployment, and add a custom dns server that idk, configures it so that correct ip queries goes to 1.1.1.1 and the rest kubedns, i dried coredns, and other dns servers and I couldnt get anything to work I am trying the nameserver 1.1.1.1 because otherwise I get the error mentioned above. and no, I am not running a firewall nor anything that should block it outside of k8s, as it runs perfectly fine on the host.

top 4 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 1 week ago* (last edited 1 week ago) (1 children)

Not trying to subvert your issue but why not use something that makes the tunnel an easy to make ingress the kubernetes way? I don't use cf tunnels so I havent use this but it seems to be a proper solution.

https://github.com/STRRL/cloudflare-tunnel-ingress-controller

Edit: An operator linked in that github project could be useful too if you want to support udp and such https://github.com/adyanth/cloudflare-operator

[–] [email protected] 1 points 4 days ago (1 children)

It does not work, as long as it goes to a cloudflare domain, the is a io timeout because of some DNS issue, any other suggestions?

[–] [email protected] 1 points 4 days ago (1 children)

If you are still using the setup in the post with what I suggested that'd probably be why. You wouldn't need a tunnel container anymore, host networking, nor DNS settings. Just a web service that you want to expose. Is the host able to resolve the same domains properly?

[–] [email protected] 2 points 3 days ago

I solved the issue, the jellyfin pod for some reason was connecting to the wrong endpoint for the internal kube-dns service, I fixed that, and also made it use the internal pods FQDN and it works.