Kufufuza kwa DNS ku Kubernetes

Zindikirani. transl.: Vuto la DNS mu Kubernetes, kapena ndendende, zoikamo za parameter ndots, ndi yotchuka modabwitsa, ndipo kale Osati choyamba chaka. M'mawu ena pamutuwu, wolemba wake, injiniya wa DevOps wochokera kukampani yayikulu yobwereketsa ku India, amalankhula m'njira yosavuta komanso yachidule za zomwe zili zothandiza kuti anzawo ogwira nawo ntchito Kubernetes adziwe.

Chimodzi mwazabwino kwambiri pakuyika mapulogalamu pa Kubernetes ndikupezedwa kopanda ntchito. Kulumikizana kwapakati pamagulu kumakhala kosavuta chifukwa cha lingaliro lautumiki (Service), yomwe ndi IP yeniyeni yomwe imathandizira ma adilesi angapo a IP. Mwachitsanzo, ngati utumiki vanilla akufuna kulumikizana ndi service chocolate, imatha kulowa mwachindunji IP yeniyeni ya chocolate. Funso likubuka: ndani pankhaniyi adzathetsa pempho la DNS chocolate Ndipo Motani?

Kusintha kwa dzina la DNS kumakonzedwa pagulu la Kubernetes pogwiritsa ntchito Mtengo wa CoreDNS. Kubelet amalembetsa pod ndi CoreDNS ngati nameserver mumafayilo /etc/resolv.conf matumba onse. Ngati muyang'ana zomwe zili /etc/resolv.conf mtundu uliwonse, umawoneka motere:

search hello.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.152.183.10
options ndots:5

Kukonzekera uku kumagwiritsidwa ntchito ndi makasitomala a DNS kutumiza zopempha ku seva ya DNS. Mu fayilo resolv.conf lili ndi izi:

• nameserver: seva yomwe zopempha za DNS zidzatumizidwa. Kwa ife, iyi ndi adilesi ya ntchito ya CoreDNS;
• kusaka: Imatanthawuza njira yosaka ya dera linalake. Ndizosangalatsa kuti google.com kapena mrkaran.dev si FQDN (oyenerera bwino ankalamulira mayina). Malinga ndi dongosolo lomwe ambiri otsimikiza a DNS amatsatira, okhawo omwe amatha ndi dontho ".", kuyimira madera a mizu, amatengedwa kuti ndi madera oyenerera (FDQN). Ena otsimikiza amatha kuwonjezera mfundo okha. Choncho, mrkaran.dev. ndi dzina lachidziwitso loyenerera bwino (FQDN), ndi mrkaran.dev - Ayi;
• ndodo: Parameter yosangalatsa kwambiri (nkhani iyi ikunena za izo). ndots imatchula chiwerengero cha madontho mu dzina la pempho lisanatchulidwe kuti ndi dzina lachidziwitso "loyenerera". Tidzakambirana zambiri za izi pambuyo pake tikasanthula mawonekedwe a DNS.

Tiyeni tione zimene zimachitika tikafunsa mrkaran.dev mu pod:

$ nslookup mrkaran.dev
Server: 10.152.183.10
Address: 10.152.183.10#53

Non-authoritative answer:
Name: mrkaran.dev
Address: 157.230.35.153
Name: mrkaran.dev
Address: 2400:6180:0:d1::519:6001

Pakuyesa uku, ndidayika mulingo wodula mitengo wa CoreDNS all (zomwe zimapangitsa kukhala verbose kwambiri). Tiyeni tiwone zipika za pod coredns:

[INFO] 10.1.28.1:35998 - 11131 "A IN mrkaran.dev.hello.svc.cluster.local. udp 53 false 512" NXDOMAIN qr,aa,rd 146 0.000263728s
[INFO] 10.1.28.1:34040 - 36853 "A IN mrkaran.dev.svc.cluster.local. udp 47 false 512" NXDOMAIN qr,aa,rd 140 0.000214201s
[INFO] 10.1.28.1:33468 - 29482 "A IN mrkaran.dev.cluster.local. udp 43 false 512" NXDOMAIN qr,aa,rd 136 0.000156107s
[INFO] 10.1.28.1:58471 - 45814 "A IN mrkaran.dev. udp 29 false 512" NOERROR qr,rd,ra 56 0.110263459s
[INFO] 10.1.28.1:54800 - 2463 "AAAA IN mrkaran.dev. udp 29 false 512" NOERROR qr,rd,ra 68 0.145091744s

Phew. Zinthu ziwiri zomwe zimakusangalatsani apa:

• Pempholo limadutsa magawo onse akusaka mpaka yankho lili ndi code NOERROR (makasitomala a DNS amazimvetsetsa ndikuzisunga motsatira). NXDOMAIN zikutanthauza kuti palibe mbiri yomwe idapezeka ya dzina lomwe adapatsidwa. Chifukwa ndi mrkaran.dev si dzina la FQDN (malinga ndi ndots=5), wothetsa amayang'ana njira yofufuzira ndikusankha dongosolo la zopempha;
• Zotumiza А и АААА kufika limodzi. Chowonadi ndi chakuti zopempha kamodzi mu /etc/resolv.conf Mwachisawawa, amakonzedwa m'njira yoti kusaka kofananira kumachitidwa pogwiritsa ntchito ma protocol a IPv4 ndi IPv6. Mutha kuletsa izi powonjezera njira single-request в resolv.conf.

Taonani: glibc ikhoza kukhazikitsidwa kuti itumize zopempha izi motsatizana, ndi musl - ayi, kotero ogwiritsa ntchito Alpine ayenera kuzindikira.

Kuyesera ndi ndots

Tiyeni tiyese pang'ono ndots ndipo tiwone momwe parameter iyi ikuchitira. Lingaliro ndi losavuta: ndots imatsimikizira ngati kasitomala wa DNS adzawona malowa ngati mtheradi kapena wachibale. Mwachitsanzo, pankhani ya kasitomala wosavuta wa google DNS, angadziwe bwanji ngati derali lili mtheradi? Ngati mwakhazikitsa ndots wofanana ndi 1, kasitomala adzati: "O, mkati google palibe mfundo imodzi; Ndikuganiza kuti ndidutsa mndandanda wonse wazosaka. ” Komabe, ngati mufunsa google.com, mndandanda wa ma suffixes udzanyalanyazidwa kwathunthu chifukwa dzina lofunsidwa likukwaniritsa malire ndots (pali mfundo imodzi yokha).

Titsimikizire izi:

$ cat /etc/resolv.conf
options ndots:1
$ nslookup mrkaran
Server: 10.152.183.10
Address: 10.152.183.10#53

** server can't find mrkaran: NXDOMAIN

Zolemba za CoreDNS:

[INFO] 10.1.28.1:52495 - 2606 "A IN mrkaran.hello.svc.cluster.local. udp 49 false 512" NXDOMAIN qr,aa,rd 142 0.000524939s
[INFO] 10.1.28.1:59287 - 57522 "A IN mrkaran.svc.cluster.local. udp 43 false 512" NXDOMAIN qr,aa,rd 136 0.000368277s
[INFO] 10.1.28.1:53086 - 4863 "A IN mrkaran.cluster.local. udp 39 false 512" NXDOMAIN qr,aa,rd 132 0.000355344s
[INFO] 10.1.28.1:56863 - 41678 "A IN mrkaran. udp 25 false 512" NXDOMAIN qr,rd,ra 100 0.034629206s

Kuyambira mu mrkaran palibe nsonga imodzi, kufufuza kunachitika pamndandanda wonse wazokwanira.

Zindikirani: pochita mtengo wapamwamba ndots mpaka 15; mwachikhazikitso ku Kubernetes ndi 5.

Kugwiritsa ntchito popanga

Ngati pulogalamu imapanga mafoni ambiri akunja akunja, DNS imatha kukhala cholepheretsa anthu ambiri, chifukwa kuwongolera mayina kumapangitsa mafunso ambiri osafunikira (dongosolo lisanafike kumanja). Mapulogalamu nthawi zambiri samawonjezera madera ku mayina a mayina, koma izi zimamveka ngati kuthyolako. Ndiko kuti, m’malo mofunsa api.twitter.com, mutha 'hardcode' api.twitter.com. (ndi dontho) mu pulogalamuyi, zomwe zidzapangitse makasitomala a DNS kuti ayang'ane movomerezeka mwachindunji pa domain.

Kuphatikiza apo, kuyambira ndi Kubernetes mtundu 1.14, zowonjezera dnsConfig и dnsPolicy adalandira udindo wokhazikika. Chifukwa chake, potumiza pod, mutha kuchepetsa mtengo ndots, nenani, mpaka 3 (komanso mpaka 1!). Pachifukwa ichi, uthenga uliwonse mkati mwa node uyenera kuphatikizapo domain lonse. Ichi ndi chimodzi mwazogulitsa zachikale pamene muyenera kusankha pakati pa magwiridwe antchito ndi kusuntha. Zikuwoneka kwa ine kuti muyenera kuda nkhawa ndi izi ngati ultra-low latency ndiyofunikira pakugwiritsa ntchito kwanu, popeza zotsatira za DNS zimasungidwanso mkati.

powatsimikizira

Ndinaphunzira za gawoli poyamba K8s-kukumana, unachitika pa January 25. Panali kukambirana za vutoli, mwa zina.

Nawa maulalo kuti mufufuzenso zina:

• Kufotokozera, chifukwa chiyani ndots=5 mu Kubernetes;
• Zinthu zazikulu momwe kusintha ndots kumakhudzira ntchito yofunsira;
• Zosagwirizana pakati pa musl ndi glibc resolutioners.

Zindikirani: Ndinasankha kusagwiritsa ntchito dig pankhaniyi. dig amangowonjezera kadontho (chizindikiritso cha chigawo cha mizu), kupangitsa dera kukhala "lokwanira" (FQDN), osati poyiyendetsa koyamba pamndandanda wosakira. Adalemba za izi mu chimodzi mwa zofalitsa zam'mbuyomu. Komabe, ndizodabwitsa kuti, nthawi zambiri, mbendera yosiyana iyenera kufotokozedwa pamakhalidwe oyenera.

Wodala DNSing! Tiwonana nthawi yina!

PS kuchokera kwa womasulira

Werenganinso pa blog yathu:

• «Calico pamaneti ku Kubernetes: mawu oyamba ndi chidziwitso chaching'ono";
• «CoreDNS - seva ya DNS ya dziko lachilengedwe lamtambo ndi Service Discovery ya Kubernetes";
• "An Illustrated Guide to Networking in Kubernetes": Gawo 1 ndi 2 (chitsanzo cha netiweki, maukonde ophatikizika), Gawo 3 (ntchito ndi kukonza magalimoto).

Source: www.habr.com