在我的 pod 中,我无法访问外部主机。在我的情况下,这将是 https://login.microsoftonline.com .
我一直在关注 https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/ 上的调试 DNS 问题部分。 ,但缺乏关于 Kubernetes 的知识阻碍了我应用给出的说明。
进行本地查找工作正常:
microk8s kubectl exec -i -t dnsutils -- nslookup kubernetes.default
Server: 10.152.183.10
Address: 10.152.183.10#53
Name: kubernetes.default.svc.cluster.local
Address: 10.152.183.1
microk8s kubectl exec -i -t dnsutils -- nslookup stackoverflow.com
Server: 10.152.183.10
Address: 10.152.183.10#53
** server can't find stackoverflow.com.internal-domain.com: SERVFAIL
command terminated with exit code 1
Some Linux distributions (e.g. Ubuntu) use a local DNS resolver by default (systemd-resolved). Systemd-resolved moves and replaces /etc/resolv.conf with a stub file that can cause a fatal forwarding loop when resolving names in upstream servers. This can be fixed manually by using kubelet's --resolv-conf flag to point to the correct resolv.conf (With systemd-resolved, this is /run/systemd/resolve/resolv.conf). kubeadm automatically detects systemd-resolved, and adjusts the kubelet flags accordingly.
鉴于 microk8s 实例在 Ubuntu 上运行,这可能值得研究,但我不知道在哪里以及如何应用
--resolv-conf旗帜。我很感激有关如何追踪此问题的任何提示,因为包括 nslookup、traceroute 等在内的 DNS 在主机系统上运行良好。
更新/etc/resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
search internal-domain.com
search default.svc.cluster.local svc.cluster.local cluster.local internal-domain.com
nameserver 10.152.183.10
options ndots:5
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
log . {
class error
}
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . 8.8.8.8 8.8.4.4
cache 30
loop
reload
loadbalance
}
最佳答案
最后我无法弄清楚这种行为的原因是什么,所以我对节点进行了完全重置:
microk8s reset
sudo snap remove microk8s
sudo snap install microk8s --classic --channel=1.19
关于ubuntu - Kubernetes 集群内部没有解析外部 DNS 请求,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65565272/