Set CNI_MTU=1400 on kindnet daemonset to fix TCP DNS issues

Kasturi Narra · Kasturi Narra · commit f7dbad03a58b · 2026-01-10T00:23:49.000+05:30
diff --git a/.github/workflows/cncf-conformance.yaml b/.github/workflows/cncf-conformance.yaml
@@ -95,6 +95,71 @@ jobs:
             sudo podman exec "${node}" systemctl disable firewalld || true
           done
 
+      - name: Configure networking for CI environment
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          # Fix TCP DNS issues in GitHub Actions.
+          # The issue manifests as TCP DNS failing while UDP works.
+          # Apply multiple fixes to ensure TCP connectivity works properly.
+
+          echo "=== Step 1: Configure MTU on CNI config ==="
+          for node in microshift-okd-1 microshift-okd-2; do
+            echo "  - Configuring MTU on ${node}"
+            sudo podman exec "${node}" bash -c '
+              CNI_CONFIG="/etc/cni/net.d/10-kindnet.conflist"
+              if [ -f "$CNI_CONFIG" ]; then
+                if grep -q "\"mtu\"" "$CNI_CONFIG"; then
+                  sed -i "s/\"mtu\": *[0-9]*/\"mtu\": 1400/g" "$CNI_CONFIG"
+                else
+                  sed -i "s/\"type\": *\"ptp\"/\"type\": \"ptp\", \"mtu\": 1400/g" "$CNI_CONFIG"
+                fi
+                grep -o "\"mtu\": *[0-9]*" "$CNI_CONFIG" || echo "    (mtu not in config)"
+              fi
+            '
+          done
+
+          echo "=== Step 2: Set MTU on all network interfaces ==="
+          for node in microshift-okd-1 microshift-okd-2; do
+            sudo podman exec "${node}" bash -c '
+              # Set MTU on all relevant interfaces
+              for iface in $(ip -o link show | awk -F": " "{print \$2}" | cut -d@ -f1 | grep -v "^lo$"); do
+                current_mtu=$(cat /sys/class/net/$iface/mtu 2>/dev/null || echo "0")
+                if [ "$current_mtu" -gt 1400 ]; then
+                  ip link set dev "$iface" mtu 1400 2>/dev/null && echo "    $iface: $current_mtu -> 1400" || true
+                fi
+              done
+            ' || true
+          done
+
+          echo "=== Step 3: Restart kube-proxy to refresh iptables rules ==="
+          make env CMD='kubectl rollout restart daemonset/kube-proxy -n kube-proxy'
+          make env CMD='kubectl rollout status daemonset/kube-proxy -n kube-proxy --timeout=120s'
+
+          echo "=== Step 4: Restart CoreDNS to ensure clean TCP listeners ==="
+          make env CMD='kubectl rollout restart daemonset/dns-default -n openshift-dns'
+          make env CMD='kubectl rollout status daemonset/dns-default -n openshift-dns --timeout=120s'
+
+          echo "=== Step 5: Wait for network stabilization ==="
+          sleep 30
+
+          echo "=== Step 6: Verify TCP DNS works ==="
+          for node in microshift-okd-1 microshift-okd-2; do
+            echo "  Testing TCP DNS from ${node}..."
+            sudo podman exec "${node}" bash -c '
+              for i in 1 2 3; do
+                result=$(dig +tcp +short kubernetes.default.svc.cluster.local @10.43.0.10 2>&1)
+                if [ -n "$result" ] && [ "$result" != "" ]; then
+                  echo "    Attempt $i: OK ($result)"
+                else
+                  echo "    Attempt $i: FAILED"
+                fi
+                sleep 1
+              done
+            '
+          done
+
       - name: Configure hostname resolution for cluster nodes
         shell: bash
         run: |
