microk8s: coredns does not default to host resolver

microk8s v1.26.4 5222 1.26-strict/stable canonical✓ -

microk8s active 1 microk8s latest/edge 37 no

This is fixed in https://github.com/openstack-snaps/snap-openstack/commit/1bee4116ece86587ecda14065bb6a875081fdb84

I think this is actually an automatic behaviour in microk8s itself - the dns addon attempts to figure out the host resolver and if that fails it falls back to Google DNS.

$ sudo microk8s enable dns
Infer repository core for addon dns
Enabling DNS
No valid resolv.conf file could be found
Falling back to 8.8.8.8 8.8.4.4 as upstream nameservers
Applying manifest
serviceaccount/coredns created
configmap/coredns created
deployment.apps/coredns created
service/kube-dns created
clusterrole.rbac.authorization.k8s.io/coredns created
clusterrolebinding.rbac.authorization.k8s.io/coredns created
Restarting kubelet
DNS is enabled

digging a bit further - the dns addon enable script looks at the kubelet args for a resolver - if that's not found, it uses a python script to find a resolve.conf file in:

DEFAULT_RESOLV_CONFS = [
    "/etc/resolv.conf",
    "/run/systemd/resolve/resolv.conf",
]

however the snap is strictly confined and can't read these locations - so falls back to the google servers.

https://github.com/canonical/microk8s-core-addons/blob/main/addons/dns/enable

Potential resolutions - switch to classic confinement for microk8s, revert the commit that prompts for a DNS resolver as part of the bootstrap process.

It is problem only in LXD provider based VMs when IPv6 address is allocated.
I dont see issues when openstack snap is used with VMs launched on openstack ipv4 network

https://github.com/canonical/microk8s/blob/master/scripts/find-resolv-conf.py#L24 resulted in ValueError for IPv6 for python 3.6.9 (microk8s 1.26/stable-strict snap uses python 3.6.9)

find-resolv-conf.py works great with 3.10.x and IPv6.

Resolution is to disable ipv6 on lxd