15-DNS的解析策略
一、默认的解析策略ClusterFirst
1.作用
ClusterFirst,表示以集群的DNS解析优先,特指的是我们的CoreDNS服务,运行的容器内,DNS解析文件默认指向的是kube-dns即集群的,默认DNS服务
2.测试
[root@master231 deployments]# cat 05-deploy-dnsPolicy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-xiuxian-dnspolicy
labels:
apps: xiuxian
spec:
replicas: 5
selector:
matchLabels:
version: v1
template:
metadata:
labels:
version: v1
school: oldboyedu
class: linux96
spec:
# 指定DNS的解析策略,有效值为: 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'
# 默认值为: ClusterFirst,表示以集群的DNS解析优先,特指的是我们的CoreDNS服务。
# dnsPolicy:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
name: xiuxian
[root@master231 deployments]# kubectl apply -f 05-deploy-dnsPolicy.yaml
deployment.apps/deploy-xiuxian-dnspolicy created
#查看集群列表状态
[root@master231 deployments]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
deploy-xiuxian-dnspolicy-9ddcfd7db-6mpsc 1/1 Running 0 3s 10.100.140.79 worker233 <none> <none>
deploy-xiuxian-dnspolicy-9ddcfd7db-gfjbw 1/1 Running 0 3s 10.100.203.174 worker232 <none> <none>
deploy-xiuxian-dnspolicy-9ddcfd7db-pctmz 1/1 Running 0 3s 10.100.203.176 worker232 <none> <none>
deploy-xiuxian-dnspolicy-9ddcfd7db-rf8nw 1/1 Running 0 3s 10.100.140.78 worker233 <none> <none>
deploy-xiuxian-dnspolicy-9ddcfd7db-zf5sn 1/1 Running 0 3s 10.100.140.77 worker233 <none> <none>
#查看是否是默认的DNS策略
[root@master231 deployments]# kubectl get pods -o yaml | grep dnsPolicy
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirst
dnsPolicy: ClusterFirst
#进入容器,ping集群内任意一个svc资源
[root@master231 deployments]# kubectl exec -it deploy-xiuxian-dnspolicy-9ddcfd7db-6mpsc -- sh
/ # ping ep-db
PING ep-db (10.200.2.2): 56 data bytes
64 bytes from 10.200.2.2: seq=0 ttl=64 time=0.165 ms
^C
--- ep-db ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.165/0.165/0.165 ms
#查看容器内部的DNS解析文件
/ # cat /etc/resolv.conf
nameserver 10.200.0.10
search default.svc.oldboyedu.com svc.oldboyedu.com oldboyedu.com
options ndots:5
二、使用了hostNetwork则默认的策略将会失效
1.作用
hostNetwork使用了宿主机网络,容器内的DNS也会使用宿主机的DNS
2.测试
[root@master231 deployments]# cat 05-deploy-dnsPolicy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-xiuxian-dnspolicy
labels:
apps: xiuxian
spec:
replicas: 1
selector:
matchLabels:
version: v1
template:
metadata:
labels:
version: v1
school: oldboyedu
class: linux96
spec:
# 指定DNS的解析策略,有效值为: 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'
# 默认值为: ClusterFirst,表示以集群的DNS解析优先,特指的是我们的CoreDNS服务。
# dnsPolicy:
hostNetwork: true
containers:
- image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
name: xiuxian
[root@master231 deployments]# kubectl apply -f 05-deploy-dnsPolicy.yaml
deployment.apps/deploy-xiuxian-dnspolicy created
[root@master231 deployments]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
deploy-xiuxian-dnspolicy-8564d5dc99-8sccq 1/1 Running 0 3s 10.0.0.233 worker233 <none> <none>
[root@master231 deployments]# kubectl get pods -o yaml | grep dnsPolicy
dnsPolicy: ClusterFirst
[root@master231 deployments]#
[root@master231 deployments]# kubectl exec -it deploy-xiuxian-dnspolicy-8564d5dc99-8sccq -- sh
/ #
/ # cat /etc/resolv.conf
nameserver 223.5.5.5
nameserver 223.6.6.6
search
/ #
/ # ping ep-db
ping: bad address 'ep-db'
/ #
三、修改策略为ClusterFirstWithHostNet
1.作用
'ClusterFirstWithHostNet'一般情况下会和"hostNetwork: true"搭配使用,还是优先使用K8S集群的CoreDNS.
当 Pod 使用 hostNetwork: true 时,Pod 会共享宿主机的网络命名空间。默认情况下,这样的 Pod 会继承宿主机的 DNS 配置,从而无法直接使用 Kubernetes 集群内部的 DNS 服务。而 ClusterFirstWithHostNet 策略允许这些 Pod 优先使用 Kubernetes 集群内部的 DNS 服务来解析集群内部的域名,同时也能解析外部域名
2.测试
[root@master231 deployments]# cat 05-deploy-dnsPolicy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-xiuxian-dnspolicy
labels:
apps: xiuxian
spec:
replicas: 1
selector:
matchLabels:
version: v1
template:
metadata:
labels:
version: v1
school: oldboyedu
class: linux96
spec:
# 指定DNS的解析策略,有效值为: 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'
# 默认值为: ClusterFirst,表示以集群的DNS解析优先,特指的是我们的CoreDNS服务。
# 其中'ClusterFirstWithHostNet'一般情况下会和"hostNetwork: true"搭配使用,还是优先使用K8S集群的CoreDNS
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
containers:
- image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
name: xiuxian
[root@master231 deployments]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
deploy-xiuxian-dnspolicy-6d8fd88c4b-cz2jv 1/1 Running 0 5s 10.0.0.233 worker233 <none> <none>
[root@master231 deployments]#
[root@master231 deployments]# kubectl get pods -o yaml | grep dnsPolicy
dnsPolicy: ClusterFirstWithHostNet
[root@master231 deployments]#
[root@master231 deployments]# kubectl exec -it deploy-xiuxian-dnspolicy-6d8fd88c4b-cz2jv -- sh
/ # cat /etc/resolv.conf
nameserver 10.200.0.10
search default.svc.oldboyedu.com svc.oldboyedu.com oldboyedu.com
options ndots:5
/ #
/ # ping ep-db
PING ep-db (10.200.2.2): 56 data bytes
64 bytes from 10.200.2.2: seq=0 ttl=64 time=0.303 ms
64 bytes from 10.200.2.2: seq=1 ttl=64 time=0.109 ms
^C
--- ep-db ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.109/0.206/0.303 ms
/ #
本文来自博客园,作者:丁志岩,转载请注明原文链接:https://www.cnblogs.com/dezyan/p/18817408
浙公网安备 33010602011771号