So I'm not sure how to proceed with troubleshooting, but I've been at it all day and searched high and low.
I'm unable to get the KubeDNS pod to work. I'm deploying on Fedora 25 installed on bare metal. I currently only have a single box in the cluster, with kubelet running on the master. I am not running kubelet or the other Kubernetes services in containers.
When I try to run a DNS lookup inside the kubedns container on the kubernetes.default service (nslookup kubernetes.default.svc.cluster.local 127.0.0.1
and nslookup kubernetes.default.svc.cluster.local 127.0.0.1:10053
) it fails.
What I've eventually found in the kube-apiserver log are messages like the following, lined up time-wise when I've tried to do the lookups:
kube-apiserver[20876]: E0315 01:09:16.134237 20876 proxy.go:193] Error proxying data from client to backend: write tcp 192.168.1.203:33074->192.168.1.203:10250: write: broken pipe
The service and replicationcontroller configs I'm using are from https://coreos.com/kubernetes/docs/latest/deploy-addons.html#deploy-the-dns-add-on, with the clusterIP
setting obviously changed to match my environment.
I'm not really sure where else to look in terms of troubleshooting, so any help is appreciated. I'll post up whatever configs are useful, but figured it would be less than useless for me to guess about which configs those would be.
I ended up fixing this with some trial and error.
The problem, having followed the bare metal node setup guide for Fedora, was that I didn't have TLS configured for kube-apiserver.
These options were all required (having fixed it quite a long time ago, I don't remember which ones were missing):