Inter pods 与 dns 名称的通信在 kubernetes 中不起作用
Inter pods communication with dns name not working in kubernetes
我已经使用 kubeadm 在一台带有法兰绒 (v0.11.0-amd64) 的服务器(不是虚拟机)上安装了 Kubernetes(1.17.3)。然后我安装了 grafana 和 prometheus 并且可以在 NodePort http://<serverip>:31000
上访问它们
现在当我尝试从 grafana 访问 prometheus 服务时出现错误 Could not resolve host: prometheus-server;
我开始进行故障排除并执行以下步骤
已验证 podsCIDR 已配置
kubectl get nodes -o jsonpath='{.items[*].spec.podCIDR}'
10.244.0.0/24
IP 和 DNS 服务名称卷曲
# curl 10.244.0.33:9090
<a href="/prometheus/graph">Found</a>
# curl 10.109.215.27:9090
<a href="/prometheus/graph">Found</a>
# curl http://prometheus-server:9090
curl: (6) Could not resolve host: prometheus-server; Unknown error
我的 /etc/resolv.conf 是空的,我添加了下面的条目但仍然没有成功
search cluster.local
nameserver <IP of Server>
CoreDNS日志输出如下
kubectl logs -f coredns-6955765f44-cnhtz -n kube-system
.:53
[INFO] plugin/reload: Running configuration MD5 = 4e235fcc3696966e76816bcd9034ebc7
CoreDNS-1.6.5
linux/amd64, go1.13.4, c2fd1b2
[ERROR] plugin/errors: 2 2339874627451903403.2757028323724952357. HINFO: read udp 10.244.0.13:38879->8.8.4.4:53: read: no route to host
[ERROR] plugin/errors: 2 2339874627451903403.2757028323724952357. HINFO: read udp 10.244.0.13:53266->8.8.4.4:53: i/o timeout
[ERROR] plugin/errors: 2 2339874627451903403.2757028323724952357. HINFO: read udp 10.244.0.13:37289->8.8.8.8:53: i/o timeout
[ERROR] plugin/errors: 2 2339874627451903403.2757028323724952357. HINFO: read udp 10.244.0.13:44281->8.8.4.4:53: read: no route to host
更新 1:
回应@KoopaKiller
我运行卷曲http://prometheus-server:9090?来自主机和来自 grafana pod(来自 grafana pods 实际上它不响应 IP)。
我用清单安装了 prometheus 和 grafana,它们都在同一个命名空间中。
kubectl get pods -A
NAMESPACE NAME READY STATUS
kube-system coredns-6955765f44-cnhtz 1/1 Running
kube-system coredns-6955765f44-d9wrj 1/1 Running
kube-system kube-flannel-ds-amd64-rbsbv 1/1 Running
kube-system kube-proxy-nblnq 1/1 Running
monitoring-logging grafana-b57ccddf9-p7w2q 1/1 Running
monitoring-logging prometheus-server-65d7dc7999-frd8k 2/2 Running
我在 coredns 事件中观察到的另一件事是关于丢失文件“/run/flannel/subnet.env”,但文件可用,看起来它在每次重新启动时都会重新创建,而 CoreDNS 发现它很晚。
Events:
Type Reason Message
---- ------ -------
Warning FailedCreatePodSandBox Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "d69af6411310ae3c4865a3ddce0667a40092b0dcf55eb5f8ddb642e503dcc0c5" network for pod "coredns-6955765f44-d9wrj": networkPlugin cni failed to set up pod "coredns-6955765f44-d9wrj_kube-system" network: open /run/flannel/subnet.env: no such file or directory
Warning FailedCreatePodSandBox Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "b6199b3ce4a769c0ccfef6f247763beb1ca0231de52f6309d2b2f122844746ee" network for pod "coredns-6955765f44-d9wrj": networkPlugin cni failed to set up pod "coredns-6955765f44-d9wrj_kube-system" network: open /run/flannel/subnet.env: no such file or directory
Normal SandboxChanged Pod sandbox changed, it will be killed and re-created.
Warning FailedCreatePodSandBox Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "097dbf97858d8ea3510e8337eb9b0bc8baf966ab51a2a56971e8ae54c5b516a6" network for pod "coredns-6955765f44-d9wrj": networkPlugin cni failed to set up pod "coredns-6955765f44-d9wrj_kube-system" network: open /run/flannel/subnet.env: no such file or directory
Normal Pulled Container image "k8s.gcr.io/coredns:1.6.5" already present on machine
Normal Created Created container coredns
Normal Started Started container coredns
更新2:
我按照 link 调试 DNS,它显示了
的结果
kubectl exec -ti dnsutils -- nslookup kubernetes.default
kubectl exec dnsutils cat /etc/resolv.conf
然后我将日志插件添加到 CoreDNS 配置中,发现 CoreDNS 没有接收到 DNS 查询,我禁用了我的 firewalld,一切开始按预期工作,但为什么它不能与 firewalld 一起工作,我的开放端口正在跟踪,它也有法兰绒端口
firewall-cmd --list-ports
6443/tcp 2379-2380/tcp 10250/tcp 10251/tcp 10252/tcp 30000-32767/tcp 8080/tcp 8443/tcp 8285/udp 8472/udp 502/tcp
为了在不禁用 firewalld 的情况下工作,我必须添加以下规则,一切都开始使用 dnsnames
firewall-cmd --add-masquerade --permanent
firewall-cmd --reload
systemctl restart firewalld
我从下面 link 得到提示,但会研究更多细节,为什么我们需要它?
我已经使用 kubeadm 在一台带有法兰绒 (v0.11.0-amd64) 的服务器(不是虚拟机)上安装了 Kubernetes(1.17.3)。然后我安装了 grafana 和 prometheus 并且可以在 NodePort http://<serverip>:31000
现在当我尝试从 grafana 访问 prometheus 服务时出现错误 Could not resolve host: prometheus-server;
我开始进行故障排除并执行以下步骤
已验证 podsCIDR 已配置
kubectl get nodes -o jsonpath='{.items[*].spec.podCIDR}' 10.244.0.0/24IP 和 DNS 服务名称卷曲
# curl 10.244.0.33:9090 <a href="/prometheus/graph">Found</a># curl 10.109.215.27:9090 <a href="/prometheus/graph">Found</a># curl http://prometheus-server:9090 curl: (6) Could not resolve host: prometheus-server; Unknown error我的 /etc/resolv.conf 是空的,我添加了下面的条目但仍然没有成功
search cluster.local nameserver <IP of Server>CoreDNS日志输出如下
kubectl logs -f coredns-6955765f44-cnhtz -n kube-system .:53 [INFO] plugin/reload: Running configuration MD5 = 4e235fcc3696966e76816bcd9034ebc7 CoreDNS-1.6.5 linux/amd64, go1.13.4, c2fd1b2 [ERROR] plugin/errors: 2 2339874627451903403.2757028323724952357. HINFO: read udp 10.244.0.13:38879->8.8.4.4:53: read: no route to host [ERROR] plugin/errors: 2 2339874627451903403.2757028323724952357. HINFO: read udp 10.244.0.13:53266->8.8.4.4:53: i/o timeout [ERROR] plugin/errors: 2 2339874627451903403.2757028323724952357. HINFO: read udp 10.244.0.13:37289->8.8.8.8:53: i/o timeout [ERROR] plugin/errors: 2 2339874627451903403.2757028323724952357. HINFO: read udp 10.244.0.13:44281->8.8.4.4:53: read: no route to host
更新 1:
回应@KoopaKiller 我运行卷曲http://prometheus-server:9090?来自主机和来自 grafana pod(来自 grafana pods 实际上它不响应 IP)。 我用清单安装了 prometheus 和 grafana,它们都在同一个命名空间中。
kubectl get pods -A
NAMESPACE NAME READY STATUS
kube-system coredns-6955765f44-cnhtz 1/1 Running
kube-system coredns-6955765f44-d9wrj 1/1 Running
kube-system kube-flannel-ds-amd64-rbsbv 1/1 Running
kube-system kube-proxy-nblnq 1/1 Running
monitoring-logging grafana-b57ccddf9-p7w2q 1/1 Running
monitoring-logging prometheus-server-65d7dc7999-frd8k 2/2 Running
我在 coredns 事件中观察到的另一件事是关于丢失文件“/run/flannel/subnet.env”,但文件可用,看起来它在每次重新启动时都会重新创建,而 CoreDNS 发现它很晚。
Events:
Type Reason Message
---- ------ -------
Warning FailedCreatePodSandBox Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "d69af6411310ae3c4865a3ddce0667a40092b0dcf55eb5f8ddb642e503dcc0c5" network for pod "coredns-6955765f44-d9wrj": networkPlugin cni failed to set up pod "coredns-6955765f44-d9wrj_kube-system" network: open /run/flannel/subnet.env: no such file or directory
Warning FailedCreatePodSandBox Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "b6199b3ce4a769c0ccfef6f247763beb1ca0231de52f6309d2b2f122844746ee" network for pod "coredns-6955765f44-d9wrj": networkPlugin cni failed to set up pod "coredns-6955765f44-d9wrj_kube-system" network: open /run/flannel/subnet.env: no such file or directory
Normal SandboxChanged Pod sandbox changed, it will be killed and re-created.
Warning FailedCreatePodSandBox Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "097dbf97858d8ea3510e8337eb9b0bc8baf966ab51a2a56971e8ae54c5b516a6" network for pod "coredns-6955765f44-d9wrj": networkPlugin cni failed to set up pod "coredns-6955765f44-d9wrj_kube-system" network: open /run/flannel/subnet.env: no such file or directory
Normal Pulled Container image "k8s.gcr.io/coredns:1.6.5" already present on machine
Normal Created Created container coredns
Normal Started Started container coredns
更新2: 我按照 link 调试 DNS,它显示了
的结果kubectl exec -ti dnsutils -- nslookup kubernetes.default
kubectl exec dnsutils cat /etc/resolv.conf
然后我将日志插件添加到 CoreDNS 配置中,发现 CoreDNS 没有接收到 DNS 查询,我禁用了我的 firewalld,一切开始按预期工作,但为什么它不能与 firewalld 一起工作,我的开放端口正在跟踪,它也有法兰绒端口
firewall-cmd --list-ports
6443/tcp 2379-2380/tcp 10250/tcp 10251/tcp 10252/tcp 30000-32767/tcp 8080/tcp 8443/tcp 8285/udp 8472/udp 502/tcp
为了在不禁用 firewalld 的情况下工作,我必须添加以下规则,一切都开始使用 dnsnames
firewall-cmd --add-masquerade --permanent
firewall-cmd --reload
systemctl restart firewalld
我从下面 link 得到提示,但会研究更多细节,为什么我们需要它?