You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm experiencing an issue with internal cluster DNS resolution when creating a new Windows nodegroup to replace a current Windows nodegroup (for updating the AMI/k8 versions of the nodes). When creating the new nodegroup, I attach the required iam roles to the newly created node instance role and create the SSM association between the autoscaling group and domain join SSM doc. The new nodes are joined to the domain properly and can run pods as the GMSAs just fine. However, I am experiencing DNS timeouts to core-dns from these new nodes.
I was able to work around this issue by scaling the new nodegroup down to 0, then back up to my required number of nodes. After I do this, the containers running on the new nodes are able to query core-dns just fine. Any ideas as to what the possible cause of this is? I looked around for the proper way to upgrade a Windows nodegroup using GMSAs and came up empty. Does anyone know of any scripts that can do this for us in an automated fashion? I have written a PowerShell script to do this, however this DNS resolution issue has forced some manual steps I'd like to avoid.
The text was updated successfully, but these errors were encountered:
I'm experiencing an issue with internal cluster DNS resolution when creating a new Windows nodegroup to replace a current Windows nodegroup (for updating the AMI/k8 versions of the nodes). When creating the new nodegroup, I attach the required iam roles to the newly created node instance role and create the SSM association between the autoscaling group and domain join SSM doc. The new nodes are joined to the domain properly and can run pods as the GMSAs just fine. However, I am experiencing DNS timeouts to core-dns from these new nodes.
I was able to work around this issue by scaling the new nodegroup down to 0, then back up to my required number of nodes. After I do this, the containers running on the new nodes are able to query core-dns just fine. Any ideas as to what the possible cause of this is? I looked around for the proper way to upgrade a Windows nodegroup using GMSAs and came up empty. Does anyone know of any scripts that can do this for us in an automated fashion? I have written a PowerShell script to do this, however this DNS resolution issue has forced some manual steps I'd like to avoid.
The text was updated successfully, but these errors were encountered: