我的 microk8s 叢集在 centos8 虛擬機器上運行,我的 Pod 的 DNS 解析存在一些問題。名稱伺服器位於,x.x.x.101
而且x.x.x.100
都可以從 Pod 內 ping 通,我也可以 ping 通8.8.8.8
pod 內的 nslookup 看起來像這樣:
root@debug-7857894f66-mnklp:/# nslookup kubernetes.default
Server: 10.152.183.10
Address: 10.152.183.10#53
Name: kubernetes.default.svc.cluster.local
Address: 10.152.183.1
coredns 配置如下所示:
apiVersion: v1
data:
Corefile: ".:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n
\ log . {\n class error\n }\n kubernetes cluster.local in-addr.arpa
ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n
\ prometheus :9153\n forward . x.x.x.101 x.x.x.100 \n cache 30\n
\ loop\n reload\n loadbalance\n}\n"
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"Corefile":".:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n log . {\n class error\n }\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n forward . x.x.x.101 x.x.x.100 \n cache 30\n loop\n reload\n loadbalance\n}\n"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"addonmanager.kubernetes.io/mode":"EnsureExists","k8s-app":"kube-dns"},"name":"coredns","namespace":"kube-system"}}
creationTimestamp: "2021-08-31T08:57:27Z"
labels:
addonmanager.kubernetes.io/mode: EnsureExists
k8s-app: kube-dns
name: coredns
namespace: kube-system
resourceVersion: "2420090"
selfLink: /api/v1/namespaces/kube-system/configmaps/coredns
uid: 471b258a-253d-4b51-aaf7-7e934ab300d1
我的豆莢中的/etc/resolv.conf
看起來像這樣:
search default.svc.cluster.local svc.cluster.local cluster.local xxx.xxxxx
nameserver 10.152.183.10
options ndots:5
當我查看 kube-dns 的日誌時,$ microk8s kubectl logs --namespace=kube-system -l k8s-app=kube-dns
我得到以下回應:
[INFO] 10.1.107.105:47549 - 5288 "AAAA IN www.google.com. udp 36 false 512" NOERROR - 0 0.000256103s
[ERROR] plugin/errors: 2 www.google.com. AAAA: read udp 10.1.107.127:51486->x.x.x.101:53: read: no route to host
DNS服務已啟動:
$ microk8s kubectl get svc --namespace=kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
[...]
kube-dns ClusterIP 10.152.183.10 <none> 53/UDP,53/TCP,9153/TCP 21d
DNS 端點暴露:
$ microk8s kubectl get endpoints kube-dns --namespace=kube-system
NAME ENDPOINTS AGE
kube-dns 10.1.107.127:53,10.1.107.127:53,10.1.107.127:9153 21d
運行叢集的虛擬機器使用相同的名稱伺服器,沒有任何問題。這是我需要打擾我們的管理員的事情,還是我遺漏了一些配置錯誤的東西?
編輯:
好吧,我嘗試了更多,我認為有一些奇怪的行為與我錯誤地創建coredns
配置文件有關。我完全重置叢集並重試,當我使用 8.8.8.8 或 8.8.4.4 作為 DNS 伺服器時,仍然出現相同的錯誤。但是,當我運行以下命令時:$ microk8s enable dns:x.x.x.101,x.x.x.100
終於它起作用了。然後我嘗試對此進行配置$ microk8s kubectl -n kube-system edit configmap/coredns
,並將兩個 DNS 添加到它停止工作的配置中,我再次收到錯誤:[ERROR] plugin/errors: 2 www.google.com. AAAA: read udp 10.1.107.127:51486->x.x.x.101:53: read: no route to host
那麼我的配置自動正確設定有什麼問題$ microk8s enable dns:x.x.x.101,x.x.x.100
?
第二次編輯
我嘗試在這裡使用 dig,即使我指定了 DNS 伺服器,它也不起作用。有什麼原因可以ping通但DNS被系統阻止嗎?它只發生在microk8s cluster
主機系統運行 fin docker 運作良好...以下是列印輸出:這是來自 pod 內的:
root@debug-865cb7fb4-wfhw4:/# dig www.google.com
; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> www.google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
root@debug-865cb7fb4-wfhw4:/# dig @x.x.x.101 www.google.com
; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> @x.x.x.101 www.google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
root@debug-865cb7fb4-wfhw4:/# dig @8.8.8.8 www.google.com
; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> @8.8.8.8 www.google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
root@debug-865cb7fb4-wfhw4:/# dig @x.x.x.100 www.google.com
; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> @x.x.x.100 www.google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
這是來自主機系統的:
$ dig www.google.com
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25735
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 113 IN A 142.250.185.228
;; Query time: 0 msec
;; SERVER: x.x.x.101#53(x.x.x.101)
;; WHEN: Fri Oct 08 15:10:21 CEST 2021
;; MSG SIZE rcvd: 59
$ dig @8.8.8.8 www.google.com
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> @8.8.8.8 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3924
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 300 IN A 142.250.185.228
;; Query time: 34 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Oct 08 15:10:49 CEST 2021
;; MSG SIZE rcvd: 59
$ dig @x.x.x.101 www.google.com
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> @x.x.x.101 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60305
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 70 IN A 142.250.185.228
;; Query time: 0 msec
;; SERVER: x.x.x.101#53(x.x.x.101)
;; WHEN: Fri Oct 08 15:11:04 CEST 2021
;; MSG SIZE rcvd: 59
我不知道似乎發生了什麼事......