Nānā DNS ma Kubernetes

Nānā. unuhi.: Pilikia DNS ma Kubernetes, a i ʻole ka pololei, nā hoʻonohonoho hoʻonohonoho ndots, kaulana kaulana, a ua hala ʻAʻole mua i ka makahiki. Ma kahi moʻolelo ʻē aʻe e pili ana i kēia kumuhana, ʻo kāna mea kākau, he ʻenekini DevOps mai kahi hui brokerage nui ma India, kamaʻilio ma ke ʻano maʻalahi a maʻalahi e pili ana i ka mea e pono ai nā hoahana e hana ana iā Kubernetes e ʻike.

ʻO kekahi o nā pōmaikaʻi nui o ka hoʻohana ʻana i nā noi ma Kubernetes ʻo ia ka ʻike ʻana i ka palapala noi. Hoʻomaʻamaʻa nui ʻia ka pilina intra-cluster mahalo i ka manaʻo lawelawe (Service), ʻo ia ka IP virtual e kākoʻo ana i kahi hoʻonohonoho o nā IP address pod. No ka laʻana, inā ka lawelawe vanilla makemake e hoʻokaʻaʻike i ka lawelawe chocolate, hiki iā ia ke komo pololei i ka IP virtual no chocolate. Aia ka nīnau: ʻo wai ma kēia hihia e hoʻoholo i ka noi DNS i chocolate A pehea?

Hoʻonohonoho ʻia ka hoʻonā inoa DNS ma kahi pūʻulu Kubernetes me ka hoʻohana ʻana CoreDNS. Hoʻopaʻa inoa ʻo Kubelet i kahi pod me CoreDNS ma ke ʻano he inoa inoa ma nā faila /etc/resolv.conf nā ʻōpala a pau. Inā ʻoe e nānā i ka ʻike /etc/resolv.conf kekahi pod, e like me kēia:

search hello.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.152.183.10
options ndots:5

Hoʻohana ʻia kēia hoʻonohonoho e nā mea kūʻai aku DNS e hoʻouna i nā noi i ke kikowaena DNS. Ma ka waihona resolv.conf Aia nā ʻike ma lalo nei:

• inoa inoa: kikowaena kahi e hoʻouna ʻia ai nā noi DNS. I kā mākou hihia, ʻo ia ka helu o ka lawelawe CoreDNS;
• huli: Wehewehe i ke ala huli no kahi kikowaena kiko'ī. He mea hoihoi ia google.com ai ole ia, mrkaran.dev ʻaʻole FQDN (nā inoa kikowaena kūpono). Wahi a ka ʻaha kūkā maʻamau i hahai ʻia e ka hapa nui o nā mea hoʻonā DNS, ʻo nā mea wale nō e hoʻopau me kahi kiko ".", e hōʻike ana i ka ʻāpana kumu, ua manaʻo ʻia nā kāʻei kapu piha (FDQN). Hiki i kekahi mau mea hoʻoholo ke hoʻohui i kahi kikoʻī iā lākou iho. Pela, mrkaran.dev. ʻo ia ka inoa kikowaena kūpono piha (FQDN), a mrkaran.dev - ʻAʻole;
• nā kikoʻī: ʻO ka ʻāpana hoihoi loa (e pili ana kēia ʻatikala). ndots hōʻike i ka helu paepae o nā kiko ma kahi inoa noi ma mua o ka manaʻo ʻia he inoa "kūpono piha". E kamaʻilio hou mākou e pili ana i kēia ma hope ke nānā mākou i ke kaʻina hulina DNS.

E ʻike kākou i ka hopena ke nīnau kākou mrkaran.dev ma ka pod:

$ nslookup mrkaran.dev
Server: 10.152.183.10
Address: 10.152.183.10#53

Non-authoritative answer:
Name: mrkaran.dev
Address: 157.230.35.153
Name: mrkaran.dev
Address: 2400:6180:0:d1::519:6001

No kēia hoʻokolohua, hoʻonoho wau i ka pae logging CoreDNS i all (ʻo ia ka mea i ʻōlelo ʻole ʻia). E nānā kākou i nā lāʻau o ka pod coredns:

[INFO] 10.1.28.1:35998 - 11131 "A IN mrkaran.dev.hello.svc.cluster.local. udp 53 false 512" NXDOMAIN qr,aa,rd 146 0.000263728s
[INFO] 10.1.28.1:34040 - 36853 "A IN mrkaran.dev.svc.cluster.local. udp 47 false 512" NXDOMAIN qr,aa,rd 140 0.000214201s
[INFO] 10.1.28.1:33468 - 29482 "A IN mrkaran.dev.cluster.local. udp 43 false 512" NXDOMAIN qr,aa,rd 136 0.000156107s
[INFO] 10.1.28.1:58471 - 45814 "A IN mrkaran.dev. udp 29 false 512" NOERROR qr,rd,ra 56 0.110263459s
[INFO] 10.1.28.1:54800 - 2463 "AAAA IN mrkaran.dev. udp 29 false 512" NOERROR qr,rd,ra 68 0.145091744s

Phew. ʻElua mau mea e hopu i kou manaʻo ma ʻaneʻi:

• Hele ka noi i nā pae a pau o ka huli ʻana a hiki i ka pane ʻana i ke code NOERROR (Hoʻomaopopo nā mea kūʻai mai DNS a mālama iā ia ma muli o ka hopena). NXDOMAIN 'o ia ho'i, 'a'ole i loa'a ka mo'olelo no ka inoa kikowaena. No ka mea mrkaran.dev ʻaʻole ia he inoa FQDN (e like me ndots=5), nānā ka mea hoʻonā i ke ala huli a hoʻoholo i ke ʻano o nā noi;
• Kāho А и АААА hoea like. ʻO ka ʻoiaʻiʻo ʻo ka noi hoʻokahi manawa i loko /etc/resolv.conf Ma ka maʻamau, ua hoʻonohonoho ʻia lākou ma ke ʻano e hana ʻia ai nā hulina like me ka hoʻohana ʻana i nā protocol IPv4 a me IPv6. Hiki iā ʻoe ke kāpae i kēia ʻano ma ka hoʻohui ʻana i ke koho single-request в resolv.conf.

'Ōlelo Aʻo: glibc hiki ke hoʻonohonoho ʻia e hoʻouna i kēia mau noi ma ke ʻano, a musl - ʻAʻole, no laila e nānā nā mea hoʻohana Alpine.

Ke hoʻāʻo ʻana me nā dot

E ho'āʻo hou aku kākou ndots a e ʻike kākou i ke ʻano o kēia ʻāpana. He maʻalahi ka manaʻo: ndots e hoʻoholo inā e mālama ka mea kūʻai DNS i ka domain ma ke ʻano he pili pono a pili paha. No ka laʻana, i ka hihia o kahi Google DNS mea kūʻai maʻalahi, pehea e ʻike ai inā paʻa loa kēia kikowaena? Inā hoʻonoho ʻoe ndots e like me 1, e ʻōlelo ka mea kūʻai: "Oh, in google ʻaʻohe kiko hoʻokahi; Manaʻo wau e hele au i ka papa inoa hulina holoʻokoʻa. " Eia naʻe, inā nīnau ʻoe google.com, e nānā ʻole ʻia ka papa inoa o nā suffixes no ka mea ua kūpono ka inoa i noi ʻia i ka paepae ndots (aia ma ka liʻiliʻi hoʻokahi wahi).

E hōʻoia i kēia:

$ cat /etc/resolv.conf
options ndots:1
$ nslookup mrkaran
Server: 10.152.183.10
Address: 10.152.183.10#53

** server can't find mrkaran: NXDOMAIN

Nā moʻolelo CoreDNS:

[INFO] 10.1.28.1:52495 - 2606 "A IN mrkaran.hello.svc.cluster.local. udp 49 false 512" NXDOMAIN qr,aa,rd 142 0.000524939s
[INFO] 10.1.28.1:59287 - 57522 "A IN mrkaran.svc.cluster.local. udp 43 false 512" NXDOMAIN qr,aa,rd 136 0.000368277s
[INFO] 10.1.28.1:53086 - 4863 "A IN mrkaran.cluster.local. udp 39 false 512" NXDOMAIN qr,aa,rd 132 0.000355344s
[INFO] 10.1.28.1:56863 - 41678 "A IN mrkaran. udp 25 false 512" NXDOMAIN qr,rd,ra 100 0.034629206s

Mai loko mai mrkaran ʻaʻohe wahi hoʻokahi, ua hana ʻia ka ʻimi ʻana ma ka papa inoa o nā suffixes.

Nānā: ma ka hoʻomaʻamaʻa ʻana i ka waiwai nui ndots kaupalena i ka 15; ma ka paʻamau ma Kubernetes he 5.

Hoʻohana i ka hana

Inā nui nā kelepona pūnaewele waho, hiki i ka DNS ke lilo i bottleneck i ka hihia o ka holo ʻana, no ka mea, hana ka hoʻonā inoa i nā nīnau pono ʻole (ma mua o ka hiki ʻana o ka ʻōnaehana i ka mea kūpono). ʻAʻole hoʻohui pinepine nā noi i kahi aʻa i nā inoa inoa, akā like kēia me kahi hack. ʻO ia hoʻi, ma kahi o ka nīnau api.twitter.com, hiki iā ʻoe ke 'hardcode' ia api.twitter.com. (me kahi kiko) i loko o ka palapala noi, ka mea e koi aku i nā mea kūʻai aku DNS e hana pololei i nā ʻimi mana ma ka ʻaoʻao paʻa.

Eia hou, e hoʻomaka me Kubernetes version 1.14, nā hoʻonui dnsConfig и dnsPolicy loaʻa ke kūlana paʻa. No laila, ke kau ʻana i kahi pod, hiki iā ʻoe ke hōʻemi i ka waiwai ndots, e ʻōlelo, a hiki i 3 (a hiki i ka 1!). Ma muli o kēia, pono e hoʻokomo i kēlā me kēia memo i loko o kahi node i ke kikowaena piha. ʻO kēia kekahi o nā kālepa maʻamau inā pono ʻoe e koho ma waena o ka hana a me ka portability. Me he mea lā iaʻu e hopohopo wale no kēia inā he mea nui ka ultra-low latency i kāu noi, no ka mea, ua hūnā ʻia nā hopena DNS i loko.

kūmole

Ua aʻo mua wau e pili ana i kēia hiʻohiʻona ma K8s-hui, i mālama ʻia ma Ianuali 25. He kūkākūkā e pili ana i kēia pilikia, ma waena o nā mea ʻē aʻe.

Eia kekahi mau loulou no ka ʻimi hou aku:

• ʻO ka wehewehe, no ke aha ndots=5 ma Kubernetes;
• Mea nui pehea ka hoʻololi ʻana o nā dot i ka hana noi;
• Hoʻohālikelike ma waena o nā musl a me nā mea hoʻonā glibc.

Nānā: Ua koho wau ʻaʻole e hoʻohana dig i kēiaʻatikala. dig hoʻohui ʻokoʻa i kahi kiko (ʻike i ka ʻāpana kumu), e hana ana i ka domain "kūpono piha" (FQDN), ole ma ka holo mua ana ma ka papa inoa huli. Ua kākau e pili ana i kēia ma kekahi o na hoolaha mua. Eia nō naʻe, he mea kahaha loa, ma ka laulā, pono e kuhikuhi ʻia kahi hae ʻokoʻa no ke ʻano maʻamau.

Hauʻoli DNSing! A hui hou nō!

PS mai ka unuhi

E heluhelu pū ma kā mākou blog:

• «ʻO Calico no ka pūnaewele ma Kubernetes: hoʻolauna a me kahi ʻike liʻiliʻi";
• «CoreDNS - DNS server no ke ao maoli a me ka Service Discovery no Kubernetes";
• "He alakaʻi i hōʻike ʻia no ka hui ʻana ma Kubernetes": ʻāpana 1 a me 2 (ke kumu hoʻohālike, nā ʻupena overlay), ʻāpana 3 (nā lawelawe a me ka hana kaʻa).

Source: www.habr.com