702a6e4f52
The full FQDN fc-llm-bridge.fc-llm-bridge.svc.cluster.local has 4 dots, which is less than the pod's ndots:5 threshold. The resolver then applies every entry in the search list BEFORE falling through to the bare FQDN, and the CoreDNS 'template iamworkin.lan' catch-all matches "...svc.cluster.local.iamworkin.lan" and returns Traefik VIP 10.0.56.200. The egress NetworkPolicy blocks that VIP (0.0.0.0/0 EXCEPT 10.0.0.0/8), so curl hangs for 30-134s and returns HTTP 000. Reference: feedback_coredns_ndots_template_collision memory. Fix: use "fc-llm-bridge.fc-llm-bridge.svc" (2 dots, still <5 so search expansion still fires, but the first suffix "...svc.cluster.local" hits the Kubernetes plugin in CoreDNS and returns the real ClusterIP 10.43.67.125 before the iamworkin.lan template is ever consulted). Verified: pod-exec curl fc:cheap → HTTP 200 with a real chat.completion envelope (Ollama/gemma3:4b via bridge). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
19 KiB
19 KiB