Extra DNS Labels not applying

[brandan-schmitz]

Describe the problem
I have an self-hosted netbird installation, and when I use the k8s operator and add the annotations to a deployment to add the extra DNS labels, they are not being applied. I am doing this here instead of the Operator repo as the Operator is properly adding the --extra-dns-labels flag to the pods startup arguments, however it seems netbird itself is simply not recogonizing the flag and adding them as the values of the config file shows null for that section.

To Reproduce

Steps to reproduce the behavior:

1. Deploy the latest Netbird operator in k8s.
2. Create a setup key and add it to k8s. Make sure to enable the option to allow adding external DNS labels was selected.
3. Build a deployment using the annotations, a sample that I am using for testing is below:

kind: Deployment
apiVersion: apps/v1
metadata:
  name: ubuntu-shell
  labels:
    app: ubuntu-shell
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ubuntu-shell
  template:
    metadata:
      labels:
        app: ubuntu-shell
      annotations:
        netbird.io/setup-key: netbird-setup-key
        netbird.io/extra-dns-labels: ubuntu-shell
    spec:
      containers:
        - name: ubuntu-shell
          image: 'brandanschmitz/utility-container:ubuntu-22.04'
          command:
            - bash
          imagePullPolicy: IfNotPresent
          securityContext: {}
          stdin: true
          stdinOnce: true
          tty: true
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
  strategy:
    type: Recreate
  revisionHistoryLimit: 10
  progressDeadlineSeconds: 600

4. The peer should connect, and no extra DNS labels will appear. If you inspect /var/lib/netbird/default.json in the container, you will see that the section for DNS labels is simply null.

ubuntu-shell-5dc68f9447-49rtd:/# cat /var/lib/netbird/default.json
{
    "PrivateKey": "REDACTED",
    "PreSharedKey": "",
    "ManagementURL": {
        "Scheme": "https",
        "Opaque": "",
        "User": null,
        "Host": "REDACTED:33073",
        "Path": "",
        "RawPath": "",
        "OmitHost": false,
        "ForceQuery": false,
        "RawQuery": "",
        "Fragment": "",
        "RawFragment": ""
    },
    "AdminURL": {
        "Scheme": "https",
        "Opaque": "",
        "User": null,
        "Host": "app.netbird.io:443",
        "Path": "",
        "RawPath": "",
        "OmitHost": false,
        "ForceQuery": false,
        "RawQuery": "",
        "Fragment": "",
        "RawFragment": ""
    },
    "WgIface": "wt0",
    "WgPort": 0,
    "NetworkMonitor": null,
    "IFaceBlackList": [
        "wt0",
        "wt",
        "utun",
        "tun0",
        "zt",
        "ZeroTier",
        "wg",
        "ts",
        "Tailscale",
        "tailscale",
        "docker",
        "veth",
        "br-",
        "lo"
    ],
    "DisableIPv6Discovery": false,
    "RosenpassEnabled": false,
    "RosenpassPermissive": false,
    "ServerSSHAllowed": false,
    "DisableClientRoutes": false,
    "DisableServerRoutes": false,
    "DisableDNS": false,
    "DisableFirewall": false,
    "BlockLANAccess": false,
    "BlockInbound": false,
    "DisableNotifications": true,
    "DNSLabels": null,
    "SSHKey": "REDACTED",
    "NATExternalIPs": null,
    "CustomDNSAddress": "",
    "DisableAutoConnect": false,
    "DNSRouteInterval": 60000000000,
    "ClientCertPath": "",
    "ClientCertKeyPath": "",
    "LazyConnectionEnabled": false
}

Expected behavior
I would expect the extra DNS labels that is being passed into the containers startup arguments would be applied to the peer when it joins.

The given startup arguments can be seen in the container definition generated by the operator and injected to the pod.

- name: netbird
  image: netbirdio/netbird:latest
  args:
    - '--setup-key-file'
    - /etc/nbkey
    - '-m'
    - https://REDACTED:33073
    - '--extra-dns-labels'
    - ubuntu-shell
  env:
    - name: NB_SETUP_KEY
      valueFrom:
        secretKeyRef:
          name: netbird-setup-key
          key: setupkey
    - name: NB_MANAGEMENT_URL
      value: https://REDACTED:33073
  resources: {}
  volumeMounts:
    - name: kube-api-access-7jjjk
      readOnly: true
      mountPath: /var/run/secrets/kubernetes.io/serviceaccount
  terminationMessagePath: /dev/termination-log
  terminationMessagePolicy: File
  imagePullPolicy: Always
  securityContext:
    capabilities:
      add:
        - NET_ADMIN

Are you using NetBird Cloud?
Self Hosted

NetBird version
0.5.2

Is any other VPN software installed?
No

Debug output

To help us resolve the problem, please attach the following anonymized status output

Peers detail:
 brandans-macbook-pro-8.anon-y3LDk.domain:
  NetBird IP: 100.122.178.26/32
  Public key: IXGhfiKbGnyarboqGe/9PeBdKlFkpNKw0QGAJKDk+nE=
  Status: Idle
  -- detail --
  Connection type: P2P
  ICE candidate (Local/Remote): -/-
  ICE candidate endpoints (Local/Remote): -/-
  Relay server address: 
  Last connection update: 7 seconds ago
  Last WireGuard handshake: -
  Transfer status (received/sent) 0 B/0 B
  Quantum resistance: false
  Networks: -
  Latency: 0s

 odin.anon-y3LDk.domain:
  NetBird IP: 100.122.92.169
  Public key: 5hYbnYWUnYzyv8yAtNMJloZyG1xCz0o0LZaut/auOz0=
  Status: Connected
  -- detail --
  Connection type: Relayed
  ICE candidate (Local/Remote): -/-
  ICE candidate endpoints (Local/Remote): -/-
  Relay server address: rel://netbird.anon-lbZDW.domain:33080
  Last connection update: 7 seconds ago
  Last WireGuard handshake: 2 seconds ago
  Transfer status (received/sent) 272 B/420 B
  Quantum resistance: false
  Networks: -
  Latency: 0s

 truenas-01.anon-y3LDk.domain:
  NetBird IP: 100.122.219.157
  Public key: mbrGX0GVKwMbtPuGODNCHa99wJcuLA66elSGNyYoGXk=
  Status: Connected
  -- detail --
  Connection type: P2P
  ICE candidate (Local/Remote): srflx/host
  ICE candidate endpoints (Local/Remote): 10.0.10.19:11444/10.0.1.12:37919
  Relay server address: rel://netbird.anon-lbZDW.domain:33080
  Last connection update: 6 seconds ago
  Last WireGuard handshake: 2 seconds ago
  Transfer status (received/sent) 328 B/364 B
  Quantum resistance: false
  Networks: -
  Latency: 428.172µs

Events:
  [INFO] SYSTEM (92133d3a-1bea-4a02-bf12-0d583de7b010)
    Message: Network map updated
    Time: 7 seconds ago
OS: linux/amd64
Daemon version: 0.52.2
CLI version: 0.52.2
Profile: default
Management: Connected to https://netbird.anon-lbZDW.domain:33073
Signal: Connected to http://netbird.anon-lbZDW.domain:10000
Relays: 
  [stun:netbird.anon-lbZDW.domain:3478] is Available
  [turn:netbird.anon-lbZDW.domain:3478?transport=udp] is Available
  [rel://netbird.anon-lbZDW.domain:33080] is Available
Nameservers: 
  [1.1.1.1:53, 1.0.0.1:53] for [.] is Available
FQDN: ubuntu-shell-5dc68f9447-gv7pj-13-2.anon-y3LDk.domain
NetBird IP: 100.122.13.2/16
Interface type: Kernel
Quantum resistance: false
Lazy connection: false
Networks: -
Forwarding rules: 0
Peers count: 2/3 Connected

Create and upload a debug bundle, and share the returned file key:

b42c58ffeee639e2f1dfdd1d9fd2fb5d2a75a16289b26dbc6c0636c7221c8443/931b7025-b25d-480f-b9ec-3e901e09144f

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.

Have you tried these troubleshooting steps?

• Reviewed client troubleshooting (if applicable)
• Checked for newer NetBird versions
• Searched for similar issues on GitHub (including closed ones)
• Restarted the NetBird client
• Disabled other VPN software
• Checked firewall settings