Nco tseg. txhais.: DNS teeb meem nyob rau hauv Kubernetes, los yog ntau precisely, parameter nqis ndots, yog nrov nrov, thiab twb . Hauv lwm daim ntawv ntawm lub ncauj lus no, nws tus kws sau ntawv, tus kws ua haujlwm DevOps los ntawm lub tuam txhab brokerage loj hauv Is Nrias teb, tham hauv qhov yooj yim thiab qhia meej txog qhov tseem ceeb rau cov npoj yaig ua haujlwm Kubernetes paub.
Ib qho ntawm cov txiaj ntsig tseem ceeb ntawm kev xa cov ntawv thov ntawm Kubernetes yog kev nrhiav pom daim ntawv thov tsis sib haum. Intra-cluster kev sib cuam tshuam tau yooj yim heev ua tsaug rau lub tswv yim kev pabcuam (), uas yog tus IP virtual uas txhawb nqa ib txheej ntawm pod IP chaw nyob. Piv txwv li, yog qhov kev pabcuam vanilla xav tiv tauj qhov kev pabcuam chocolate, nws tuaj yeem nkag mus ncaj qha rau tus IP virtual rau chocolate. Cov lus nug tshwm sim: leej twg hauv qhov no yuav daws qhov kev thov DNS rau chocolate Thiab ua li cas?
DNS lub npe daws teeb meem tau teeb tsa ntawm Kubernetes pawg siv . Kubelet sau npe lub pod nrog CoreDNS ua lub npe server hauv cov ntaub ntawv /etc/resolv.conf tag nrho cov pods. Yog koj saib cov ntsiab lus /etc/resolv.conf ib qho pod, nws yuav zoo li no:
search hello.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.152.183.10
options ndots:5
Qhov kev teeb tsa no yog siv los ntawm cov neeg siv DNS los xa cov lus thov mus rau DNS server. Hauv cov ntaub ntawv resolv.conf muaj cov ntaub ntawv hauv qab no:
- npeserver: server uas DNS thov yuav raug xa. Hauv peb qhov xwm txheej, qhov no yog qhov chaw nyob ntawm qhov kev pabcuam CoreDNS;
- nrhiav: Txhais txoj kev tshawb nrhiav rau ib qho chaw tshwj xeeb. Nws yog qhov nthuav tias
google.comlos yogmrkaran.devtsis yog FQDN (). Raws li cov qauv kev sib cog lus uas feem ntau cov neeg daws teeb meem DNS ua raws, tsuas yog cov uas xaus nrog lub ntsiab lus ".", sawv cev rau hauv paus cheeb tsam, raug suav hais tias tsim nyog (FDQN) domains. Qee tus neeg daws teeb meem tuaj yeem ntxiv cov ntsiab lus lawv tus kheej. Yog li,mrkaran.dev.yog tus tsim nyog sau npe (FQDN), thiabmrkaran.dev- Tsis yog; - ndots: Qhov kev nthuav dav tshaj plaws (cov kab lus no yog hais txog nws).
ndotsqhia txog tus naj npawb ntawm cov dots nyob rau hauv ib daim ntawv thov lub npe ua ntej nws yog suav hais tias yog ib tug "tsim nyog" sau npe. Peb mam li tham ntxiv txog qhov no tom qab thaum peb txheeb xyuas qhov DNS lookup sequence.
Cia peb saib seb yuav ua li cas thaum peb nug mrkaran.dev hauv pod:
$ nslookup mrkaran.dev
Server: 10.152.183.10
Address: 10.152.183.10#53
Non-authoritative answer:
Name: mrkaran.dev
Address: 157.230.35.153
Name: mrkaran.dev
Address: 2400:6180:0:d1::519:6001
Rau qhov kev sim no, kuv teeb tsa CoreDNS logging qib rau all (uas ua rau nws hais lus zoo heev). Cia peb saib ntawm lub plhaub taum coredns:
[INFO] 10.1.28.1:35998 - 11131 "A IN mrkaran.dev.hello.svc.cluster.local. udp 53 false 512" NXDOMAIN qr,aa,rd 146 0.000263728s
[INFO] 10.1.28.1:34040 - 36853 "A IN mrkaran.dev.svc.cluster.local. udp 47 false 512" NXDOMAIN qr,aa,rd 140 0.000214201s
[INFO] 10.1.28.1:33468 - 29482 "A IN mrkaran.dev.cluster.local. udp 43 false 512" NXDOMAIN qr,aa,rd 136 0.000156107s
[INFO] 10.1.28.1:58471 - 45814 "A IN mrkaran.dev. udp 29 false 512" NOERROR qr,rd,ra 56 0.110263459s
[INFO] 10.1.28.1:54800 - 2463 "AAAA IN mrkaran.dev. udp 29 false 512" NOERROR qr,rd,ra 68 0.145091744sPhew. Ob yam ua rau koj mloog ntawm no:
- Qhov kev thov mus dhau txhua theem ntawm kev tshawb nrhiav kom txog thaum cov lus teb muaj cov cai
NOERROR(DNS cov neeg siv nkag siab nws thiab khaws nws raws li qhov tshwm sim).NXDOMAINtxhais tau hais tias tsis muaj ntaub ntawv raug pom rau lub npe sau npe. Vim lubmrkaran.devtsis yog lub npe FQDN (raws lindots=5), tus neeg daws teeb meem saib txoj hauv kev tshawb nrhiav thiab txiav txim siab qhov kev thov; - Tshawb
ΠΠΈΠΠΠΠtuaj txog nyob rau hauv parallel. Qhov tseeb yog qhov kev thov ib zaug hauv/etc/resolv.confLos ntawm lub neej ntawd, lawv tau teeb tsa hauv txoj hauv kev uas kev tshawb nrhiav sib npaug tau ua tiav siv IPv4 thiab IPv6 raws tu qauv. Koj tuaj yeem tso tseg tus cwj pwm no los ntawm kev ntxiv qhov kev xaivsingle-requestΠ²resolv.conf.
Nco ntsoov: glibc tuaj yeem raug teeb tsa kom xa cov lus thov no ua ntu zus, thiab musl - Tsis yog, yog li cov neeg siv Alpine yuav tsum nco ntsoov.
Kev sim nrog ndots
Cia peb sim me ntsis ntxiv nrog ndots thiab cia saib seb qhov parameter no coj li cas. Lub tswv yim yog yooj yim: ndots txiav txim siab seb tus neeg siv DNS puas yuav kho tus sau raws li qhov tseeb lossis tus txheeb ze. Piv txwv li, nyob rau hauv cov ntaub ntawv ntawm ib tug yooj yim google DNS neeg siv, yuav ua li cas paub yog hais tias qhov no yog kiag li lawm? Yog koj teem ndots sib npaug li 1, tus neeg siv yuav hais tias: "Auj, hauv google tsis muaj ib qho taw tes; Kuv xav tias kuv yuav mus dhau ntawm daim ntawv tshawb fawb tag nrho. " Txawm li cas los xij, yog tias koj nug google.com, cov npe ntawm cov lus xaus yuav raug tsis quav ntsej tag nrho vim hais tias lub npe thov raws li qhov pib ndots (muaj tsawg kawg yog ib qho taw qhia).
Cia peb nco ntsoov qhov no:
$ cat /etc/resolv.conf
options ndots:1
$ nslookup mrkaran
Server: 10.152.183.10
Address: 10.152.183.10#53
** server can't find mrkaran: NXDOMAINCoreDNS cov ntaub ntawv:
[INFO] 10.1.28.1:52495 - 2606 "A IN mrkaran.hello.svc.cluster.local. udp 49 false 512" NXDOMAIN qr,aa,rd 142 0.000524939s
[INFO] 10.1.28.1:59287 - 57522 "A IN mrkaran.svc.cluster.local. udp 43 false 512" NXDOMAIN qr,aa,rd 136 0.000368277s
[INFO] 10.1.28.1:53086 - 4863 "A IN mrkaran.cluster.local. udp 39 false 512" NXDOMAIN qr,aa,rd 132 0.000355344s
[INFO] 10.1.28.1:56863 - 41678 "A IN mrkaran. udp 25 false 512" NXDOMAIN qr,rd,ra 100 0.034629206s
Txij thaum hauv mrkaran tsis muaj ib qho taw tes, kev tshawb fawb tau ua thoob plaws tag nrho cov npe ntawm cov lus xaus.
Nco tseg: hauv kev xyaum tus nqi siab tshaj plaws ndots txwv rau 15; los ntawm lub neej ntawd hauv Kubernetes nws yog 5.
Kev siv hauv kev tsim khoom
Yog tias ib daim ntawv thov ua rau ntau qhov kev hu xov tooj sab nraud, DNS tuaj yeem dhau los ua qhov tsis muaj zog nyob rau hauv cov ntaub ntawv ntawm cov tsheb khiav, vim lub npe daws teeb meem ua rau ntau cov lus nug tsis tsim nyog (ua ntej lub kaw lus mus rau qhov yog). Cov ntawv thov feem ntau tsis ntxiv thaj chaw hauv paus rau cov npe sau npe, tab sis qhov no zoo li hack. Qhov ntawd yog, es tsis txhob nug api.twitter.com, koj tuaj yeem 'hardcode' nws api.twitter.com. (nrog ib qho chaw) hauv daim ntawv thov, uas yuav ua rau DNS cov neeg siv khoom los ua cov ntawv tso cai saib ncaj qha rau ntawm qhov tseeb.
Tsis tas li ntawd, pib nrog Kubernetes version 1.14, txuas ntxiv dnsConfig ΠΈ dnsPolicy tau txais kev ruaj ntseg. Yog li, thaum deploy ib pod, koj tuaj yeem txo tus nqi ndots, hais, mus txog 3 (thiab txawm mus txog 1!). Vim li no, txhua cov lus hauv ib lub node yuav tsum suav nrog tag nrho cov npe. Qhov no yog ib qho ntawm cov khoom lag luam classic thaum koj yuav tsum xaiv ntawm kev ua tau zoo thiab kev txav mus los. Nws zoo nkaus li kuv tias koj tsuas yog yuav tsum txhawj xeeb txog qhov no yog tias ultra-low latency yog qhov tseem ceeb rau koj daim ntawv thov, vim tias cov txiaj ntsig DNS kuj tseem cached sab hauv.
ua tim khawv
Kuv thawj zaug kawm txog qhov feature ntawm no , tuav rau Lub Ib Hlis 25. Muaj kev sib tham txog qhov teeb meem no, thiab lwm yam.
Nov yog qee qhov txuas rau kev tshawb nrhiav ntxiv:
- , vim li cas ndots = 5 hauv Kubernetes;
- Yuav ua li cas hloov ndots cuam tshuam rau daim ntawv thov kev ua tau zoo;
- nruab nrab ntawm musl thiab glibc daws.
Nco tseg: Kuv xaiv tsis siv dig hauv tsab xov xwm no. dig cia li ntxiv ib qho chaw (hauv paus cheeb tsam tus cim), ua tus sau "tsim nyog" (FQDN), tsis los ntawm thawj zaug khiav nws los ntawm kev tshawb nrhiav. Sau txog qhov no hauv . Txawm li cas los xij, nws yog qhov xav tsis thoob tias, feem ntau, tus chij cais yuav tsum tau teev tseg rau tus qauv coj cwj pwm.
Zoo siab DNSing! Pom koj tom qab!
PS los ntawm tus txhais lus
Nyeem kuj ntawm peb blog:
- «»;
- «»;
- "Ib Daim Ntawv Qhia Txog Kev Sib Txuas Hauv Kubernetes": , .
Tau qhov twg los: www.hab.com