无法从 pod 访问 Kubernetes coredns
Kubernetes coredns is not reachable from the pod
我在 rancher 集群中部署了一个名为 'sample_pod' 的 pod,它有一个名为 'sample_container' 的容器。示例 pod 有一个名为 'test' 的服务。在 sample_container 中,如果我尝试使用 'host' 或 'dig' 或 'nslookup' 命令解析集群域名,我总是会被拒绝连接;无法访问任何服务器。
我的集群中有 coredns pods 运行
user@abc$ kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-7fbff695b4-f7vxc 1/1 Running 0 21h
canal-928m6 2/2 Running 0 21h
canal-d7vjr 2/2 Running 0 20h
coredns-6f85d5fb88-9txmx 1/1 Running 0 21h
coredns-autoscaler-79599b9dc6-ndgfj 1/1 Running 0 21h
kube-multus-ds-769n6 1/1 Running 0 20h
metrics-server-8449844bf-jz66w 1/1 Running 0 21h
rke-coredns-addon-deploy-job-dlvlh 0/1 Completed 0 21h
rke-ingress-controller-deploy-job-jcj6w 0/1 Completed 0 21h
rke-metrics-addon-deploy-job-wnhbq 0/1 Completed 0 21h
rke-network-plugin-deploy-job-wzqfb 0/1 Completed 0 21h
whereabouts-p6vcc 1/1 Running 0 20h
我没有触及 coredns 的默认 Corefile
Corefile:
.:53 {
log
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . "/etc/resolv.conf"
cache 30
loop
reload
loadbalance
}
/etc/hosts 文件 sample_container:
[root@sample_container]# cat /etc/hosts
# Kubernetes-managed hosts file.
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
fe00::0 ip6-mcastprefix
fe00::1 ip6-allnodes
fe00::2 ip6-allrouters
10.42.1.18 sample_pod
# Entries added by HostAliases.
127.0.0.1 localhost
10.94.66.8 netboot.com
/etc/resolv.conf sample_container:
[root@sample_container]# cat /etc/resolv.conf
nameserver 10.43.0.10
search default.svc.cluster.local svc.cluster.local cluster.local openstacklocal
options ndots:5
我用来解析以下域的主机或挖掘命令出现错误:
[root@sample_container]# ping 10.43.0.10
PING 10.43.0.10 (10.43.0.10) 56(84) bytes of data.
^C
--- 10.43.0.10 ping statistics ---
99 packets transmitted, 0 received, 100% packet loss, time 98003ms
[root@sample_container]# host kube-dns.kube-system
;; connection timed out; no servers could be reached
[root@sample_container]# host localhost
;; connection timed out; no servers could be reached
I tried to resolve test service in the default namespace (where sample_container, sample_pod resides in same namespace)
[root@sample_container]# host test
;; connection timed out; no servers could be reached
dig or nslookup command also returns same
[root@sample_container]# nslookup localhost
;; connection timed out; no servers could be reached
[root@sample_container]# dig localhost
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 <<>> localhost
;; global options: +cmd
;; connection timed out; no servers could be reached
有关 pod ip 和服务 ip 的其他信息:
root@user$ kubectl get all -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/sample_pod 1/1 Running 0 177m 10.42.1.18 dsc-worker-node <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/test ClusterIP 10.43.19.85 <none> 80/TCP,443/TCP 177m role=test
注意:我部署这个 pod 的方式是让一些容器可以访问裸机来达到它的目的。我需要实现将某些域名转发到将回复该 dns 查询的裸机服务器。我也知道做这项工作的前向插件。但是在不接触 Corefile 的情况下,我无法访问集群域名本身的 coredns。
有人可以帮我解决这个问题吗?这对我真的很有帮助。提前致谢!!!
我改变路线后解决了这个问题。默认情况下,dns 查询通过私有接口发送到 kubernetes 名称服务器,而不是通过默认网关(public 接口)发送。更改路由使dns查询通过默认网关发送后,问题解决了。
我在 rancher 集群中部署了一个名为 'sample_pod' 的 pod,它有一个名为 'sample_container' 的容器。示例 pod 有一个名为 'test' 的服务。在 sample_container 中,如果我尝试使用 'host' 或 'dig' 或 'nslookup' 命令解析集群域名,我总是会被拒绝连接;无法访问任何服务器。
我的集群中有 coredns pods 运行
user@abc$ kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-7fbff695b4-f7vxc 1/1 Running 0 21h
canal-928m6 2/2 Running 0 21h
canal-d7vjr 2/2 Running 0 20h
coredns-6f85d5fb88-9txmx 1/1 Running 0 21h
coredns-autoscaler-79599b9dc6-ndgfj 1/1 Running 0 21h
kube-multus-ds-769n6 1/1 Running 0 20h
metrics-server-8449844bf-jz66w 1/1 Running 0 21h
rke-coredns-addon-deploy-job-dlvlh 0/1 Completed 0 21h
rke-ingress-controller-deploy-job-jcj6w 0/1 Completed 0 21h
rke-metrics-addon-deploy-job-wnhbq 0/1 Completed 0 21h
rke-network-plugin-deploy-job-wzqfb 0/1 Completed 0 21h
whereabouts-p6vcc 1/1 Running 0 20h
我没有触及 coredns 的默认 Corefile
Corefile:
.:53 {
log
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . "/etc/resolv.conf"
cache 30
loop
reload
loadbalance
}
/etc/hosts 文件 sample_container:
[root@sample_container]# cat /etc/hosts
# Kubernetes-managed hosts file.
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
fe00::0 ip6-mcastprefix
fe00::1 ip6-allnodes
fe00::2 ip6-allrouters
10.42.1.18 sample_pod
# Entries added by HostAliases.
127.0.0.1 localhost
10.94.66.8 netboot.com
/etc/resolv.conf sample_container:
[root@sample_container]# cat /etc/resolv.conf
nameserver 10.43.0.10
search default.svc.cluster.local svc.cluster.local cluster.local openstacklocal
options ndots:5
我用来解析以下域的主机或挖掘命令出现错误:
[root@sample_container]# ping 10.43.0.10
PING 10.43.0.10 (10.43.0.10) 56(84) bytes of data.
^C
--- 10.43.0.10 ping statistics ---
99 packets transmitted, 0 received, 100% packet loss, time 98003ms
[root@sample_container]# host kube-dns.kube-system
;; connection timed out; no servers could be reached
[root@sample_container]# host localhost
;; connection timed out; no servers could be reached
I tried to resolve test service in the default namespace (where sample_container, sample_pod resides in same namespace)
[root@sample_container]# host test
;; connection timed out; no servers could be reached
dig or nslookup command also returns same
[root@sample_container]# nslookup localhost
;; connection timed out; no servers could be reached
[root@sample_container]# dig localhost
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 <<>> localhost
;; global options: +cmd
;; connection timed out; no servers could be reached
有关 pod ip 和服务 ip 的其他信息:
root@user$ kubectl get all -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/sample_pod 1/1 Running 0 177m 10.42.1.18 dsc-worker-node <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/test ClusterIP 10.43.19.85 <none> 80/TCP,443/TCP 177m role=test
注意:我部署这个 pod 的方式是让一些容器可以访问裸机来达到它的目的。我需要实现将某些域名转发到将回复该 dns 查询的裸机服务器。我也知道做这项工作的前向插件。但是在不接触 Corefile 的情况下,我无法访问集群域名本身的 coredns。
有人可以帮我解决这个问题吗?这对我真的很有帮助。提前致谢!!!
我改变路线后解决了这个问题。默认情况下,dns 查询通过私有接口发送到 kubernetes 名称服务器,而不是通过默认网关(public 接口)发送。更改路由使dns查询通过默认网关发送后,问题解决了。