* Lennart Poettering:
On Mi, 15.04.20 10:09, Michael Catanzaro (mcatanzaro@gnome.org) wrote:
You're right that continuing to use nss-dns would avoid any such problems while maintaining the other benefits of systemd-resolved. That could be a fallback plan if needed.
So, it is my understanding that containers as deployed with kubernetes generally don't boot up with systemd as PID 1 inside them, no?
If that's the case things should just work: if a container manager copies in their /etc/resolv.conf, and resolved is not running in the container, then nss-dns with traditional configuration is in effect as before.
As far as I know, the Kubernetes DNS hacks are used on the infrastructure layer, not just within containers.
I guess we can prepare a Fedora compose with all this implemented, and ask someone with the expertise to use it to deploy a Kubernetes cluster, and see what happens?
Thanks, Florian