在安装了基本的 Kubernetes 包并使用了 minikube 之后,我只启动了基本的 kube-system pod。我正在尝试调查为什么 kube-dns 无法解析域名
这是我正在使用的版本
Client:
Version: 18.06.1-ce
API version: 1.38
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:24:56 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:23:21 2018
OS/Arch: linux/amd64
Experimental: false
minikube version: v0.28.2
库贝尔:
Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:17:28Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.0", GitCommit:"fc32d2f3698e36b93322a3465f63a14e9f0eaead", GitTreeState:"clean", BuildDate:"2018-03-26T16:44:10Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
库比德姆:
kubeadm version: &version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.0", GitCommit:"fc32d2f3698e36b93322a3465f63a14e9f0eaead", GitTreeState:"clean", BuildDate:"2018-03-26T16:44:10Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
虚拟盒子:
Version 5.2.18 r124319 (Qt5.6.2)
以下是我部署的系统 pod:
NAMESPACE NAME READY STATUS RESTARTS AGE
default busybox 1/1 Running 0 31m
kube-system etcd-minikube 1/1 Running 0 32m
kube-system kube-addon-manager-minikube 1/1 Running 0 33m
kube-system kube-apiserver-minikube 1/1 Running 0 33m
kube-system kube-controller-manager-minikube 1/1 Running 0 33m
kube-system kube-dns-86f4d74b45-xjfmv 3/3 Running 2 33m
kube-system kube-proxy-2kkzk 1/1 Running 0 33m
kube-system kube-scheduler-minikube 1/1 Running 0 33m
kube-system kubernetes-dashboard-5498ccf677-pz87g 1/1 Running 0 33m
kube-system storage-provisioner 1/1 Running 0 33m
我还部署了busybox来允许我在容器内执行命令
kubectl exec busybox -- cat /etc/resolv.conf
nameserver 10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local mapleworks.com
options ndots:5
和
kubectl exec busybox nslookup google.com
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
nslookup: can't resolve 'google.com'
command terminated with exit code 1
在 VM 本身上运行的相同命令会产生以下结果:
cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search mapleworks.com <<< OUR local DNS server
nslookup google.com
Server: 127.0.1.1
Address: 127.0.1.1#53
Non-authoritative answer:
Name: google.com
Address: 172.217.13.174
问题:
kube-dns 使用默认名称服务器 10.96.0.10,而我预计 VM 名称服务器会被导入 kubernetes。
虽然部署在 native Windows 或 Mac 平台上的同一名称服务器能够正确解析域名,但此 VM 存在问题。
这是我在其他帖子中提到的某种防火墙问题吗?
我检查了 kube-dns 容器日志,但最相关的是来自 sidecar 容器。
I0910 15:47:17.667100 1 main.go:51] Version v1.14.8
I0910 15:47:17.667195 1 server.go:45] Starting server (options {DnsMasqPort:53 DnsMasqAddr:127.0.0.1 DnsMasqPollIntervalMs:5000 Probes:[{Label:kubedns Server:127.0.0.1:10053 Name:kubernetes.default.svc.cluster.local. Interval:5s Type:33} {Label:dnsmasq Server:127.0.0.1:53 Name:kubernetes.default.svc.cluster.local. Interval:5s Type:33}] PrometheusAddr:0.0.0.0 PrometheusPort:10054 PrometheusPath:/metrics PrometheusNamespace:kubedns})
I0910 15:47:17.667240 1 dnsprobe.go:75] Starting dnsProbe {Label:kubedns Server:127.0.0.1:10053 Name:kubernetes.default.svc.cluster.local. Interval:5s Type:33}
I0910 15:47:17.668244 1 dnsprobe.go:75] Starting dnsProbe {Label:dnsmasq Server:127.0.0.1:53 Name:kubernetes.default.svc.cluster.local. Interval:5s Type:33}
W0910 15:50:04.780281 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:34535->127.0.0.1:53: i/o timeout
W0910 15:50:11.781236 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:50887->127.0.0.1:53: i/o timeout
W0910 15:50:24.844065 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:52865->127.0.0.1:53: i/o timeout
W0910 15:50:31.845587 1 server.go:64] Error getting metrics from dnsmasq: read udp 127.0.0.1:42053->127.0.0.1:53: i/o timeout
我认为 i/o 超时对应于我在 google.com 上执行的手动 DNS 查询
否则我在这里看到本地主机地址和端口 53
我只是不知道发生了什么...
最佳答案
每个kubelet在 k8s 集群中有 --cluster-dns选项。实际上,此选项提供了 Service kube-dns 的名称 Deployment .每个kube-dns Pod 反过来具有 dnsmasq容器,它使用来自 k8s 节点的名称服务器列表。您可以在 dnsmasq 中查看容器的日志:
I0720 03:49:51.081031 1 nanny.go:116] dnsmasq[13]: reading /etc/resolv.conf
I0720 03:49:51.081068 1 nanny.go:116] dnsmasq[13]: using nameserver 127.0.0.1#10053 for domain ip6.arpa
I0720 03:49:51.081099 1 nanny.go:116] dnsmasq[13]: using nameserver 127.0.0.1#10053 for domain in-addr.arpa
I0720 03:49:51.081130 1 nanny.go:116] dnsmasq[13]: using nameserver 127.0.0.1#10053 for domain cluster.local
I0720 03:49:51.081160 1 nanny.go:116] dnsmasq[13]: using nameserver <nameserver_1>#53
I0720 03:49:51.081190 1 nanny.go:116] dnsmasq[13]: using nameserver <nameserver_2>#53
I0720 03:49:51.081222 1 nanny.go:116] dnsmasq[13]: using nameserver <nameserver_N>#53
当任何
Pod已创建,默认情况下,它有 nameserver <CLUSTER_DNS_IP>进入 /etc/resolve.conf .这就是任何 Pod 可以(或不能)解析某些域名的方式 - 通过 kube-dns服务。例如,我的 cluster-dns 是 10.233.0.3:
$ kubectl -n test run -it --image=alpine:3.6 alpine -- sh
If you don't see a command prompt, try pressing enter.
/ # cat /etc/resolv.conf
nameserver 10.233.0.3
search test.svc.cluster.local svc.cluster.local cluster.local test.kz
/ # nslookup kubernetes-charts.storage.googleapis.com 10.233.0.3
Server: 10.233.0.3
Address 1: 10.233.0.3 kube-dns.kube-system.svc.cluster.local
Name: kubernetes-charts.storage.googleapis.com
Address 1: 74.125.131.128 lu-in-f128.1e100.net
Address 2: 2a00:1450:4010:c05::80 li-in-x80.1e100.net
所以,如果一个
Node (kube-dns 被安排到的地方)可以解析某些域名,然后任何 Pod 都可以这样做。
关于docker - kube-dns 无法解析域名,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52262425/