Tanzu Platform Self-Managed 10.1

PDF
self.managed.10.1 10.0 saas

Troubleshoot networking

Last Updated March 03, 2025

This topic explains how to troubleshoot issues related to networking for Kubernetes Spaces in Tanzu Platform.

DNS resolution not working with Avi provider

To debug this issue:

  1. Find out if the DomainBinding resource in a good state by running:

    tanzu domain-binding get DOMAIN-BINDING-NAME

    Where DOMAIN-BINDING-NAME is the name of the DomainBinding you want to troubleshoot.

    In the output, inspect the conditions:

    • Inspect the conditions: if the conditions are not all in a good state, review the message to determine the error.

    • Inspect the addresses: if the list is empty, the Space that the DomainBinding was installed to does not have working gateways. Check the configuration of your Space and cluster.

    If your issue is not resolved, proceed to the next step.

  2. Find out if the Avi DNS Virtual Service is reachable by using the dig command:

    dig @DNS-VS-IP DOMAIN
dig DOMAIN
    • DOMAIN is the domain name to check.
    • DNS-VS-IP is the IP address for the DNS Virtual Service.

    The first command checks whether it can resolve directly from the DNS Virtual Service. If there is an entry, the DNS entries have been properly programmed and reachable from your machine.

    The second command checks if you configured the DNS Virtual Service as the default resolver. If there is entry, the DNS is configured as the resolver for your domain for the current machine.

  3. Create or move the DNS Virtual Service to another Service Engine Group.

    Only complete this step if:

    • Health checks are enabled on the DNSProvider.
    • Avi is used to manage your data plane, that is, it is used to control the flow of traffic to your cluster.

      This check requires an operator who manages and has access to the Avi instance.

    • The DNS Virtual Service uses the same Service Engine Group as the rest of your services.

    When the clusters are located on the same data plane as the DNS Virtual Service, Avi does not do health checks for addresses within the Virtual Service’s subnet. To minimize disruptions, create or move the DNS Virtual Service to another Service Engine Group:

    1. Create a new Service Engine Group. The exact configuration values depend on what your availability is and whether you can provision more.
    2. Wait until the Service Engine Group is ready.
    3. Set the Service Engine Group for your DNS Virtual Service to the newly created group.