Isu munguva pfupi yapfuura takatanga Kubernetes 1.9 paAWS tichishandisa Kops. Nezuro, ndichiri kuburitsa traffic nyowani kune yakakura kwazvo yeKubernetes masumbu, ndakatanga kuona zvisina kujairika DNS zita rekugadzirisa zvikanganiso zvakaiswa nechikumbiro chedu.
Pane zvakawanda nezve izvi paGitHub kube-dns
ΠΈ dnsmasq
. Chinhu chinonyanya kufadza uye chitsva kwandiri chaive chikonzero chaicho chekuwedzera kwakakosha muDNS yekukumbira traffic. Zvangu zviri pamusoro peizvi uye zvekuita nezvazvo.
DNS resolution mukati memudziyo - senge mune chero Linux system - inotemerwa neiyo faira yekumisikidza /etc/resolv.conf
. Default Kubernetes dnsPolicy
izvozvo ClusterFirst
, zvinoreva kuti chero chikumbiro cheDNS chichaendeswa kune dnsmasq
, kumhanya mupodhi kube-dns
mukati mechikwata, icho chinozoendesa chikumbiro kune chikumbiro kube-dns
, kana zita racho richipera ne cluster suffix, kana, zvimwe, kusvika padanho repamusoro reDNS server.
faira /etc/resolv.conf
mukati memudziyo wega wega izvo zvisizvo zvinotaridzika seizvi:
nameserver 100.64.0.10
search namespace.svc.cluster.local svc.cluster.local cluster.local
eu-west-1.compute.internal
options ndots:5
Sezvauri kuona, pane mirairo mitatu:
- Zita sevha ndiyo IP yebasa racho
kube-dns
- 4 nzvimbo dzekutsvaga dzemunharaunda dzakatsanangurwa
search
- Pane imwe sarudzo
ndots:5
Chikamu chinonakidza chekugadzirisa uku ndechekuti mawaniro ekutsvaga emunharaunda uye marongero ndots:5
kufambidzana. Kuti unzwisise izvi, unofanirwa kunzwisisa kuti DNS resolution yemazita asina kukodzera inoshanda sei.
Zita rakazara chii?
Zita rinonyatsokodzera izita risina kutariswa kwenzvimbo kuchaitwa uye zita richaonekwa serinoperera panguva yekugadziriswa kwezita. Negungano, DNS software inoona zita serinonyatsokodzera kana richipera nedoti (.), uye risinganyatsokodzeri neimwe nzira. Ndizvozvo google.com.
yakatsanangurwa zvizere uye google.com
- kwete.
Zita risina kukodzera rinobatwa sei?
Kana application yakabatana kune iri kure host yakatsanangurwa muzita, DNS zita rekugadzirisa rinowanzoitwa uchishandisa system yekufona, semuenzaniso. getaddrinfo()
. Asi kana zita racho risingakodzeri (risingapedzi ne.), Ndinoshamisika kana iyo system yekufona ichaedza kugadzirisa zita sezita rakakwana kutanga, kana kuenda nepakati penzvimbo yekutsvaga yekutanga? Zvinoenderana nesarudzo ndots
.
Kubva mubhuku rekushandisa resolv.conf
:
ndots:n
ΡΡΡΠ°Π½Π°Π²Π»ΠΈΠ²Π°Π΅Ρ ΠΏΠΎΡΠΎΠ³ Π΄Π»Ρ ΠΊΠΎΠ»ΠΈΡΠ΅ΡΡΠ²Π° ΡΠΎΡΠ΅ΠΊ, ΠΊΠΎΡΠΎΡΡΠ΅ Π΄ΠΎΠ»ΠΆΠ½Ρ ΠΏΠΎΡΠ²ΠΈΡΡΡΡ Π² ΠΈΠΌΠ΅Π½ΠΈ, ΠΏΡΠ΅ΠΆΠ΄Π΅ ΡΠ΅ΠΌ Π±ΡΠ΄Π΅Ρ ΡΠ΄Π΅Π»Π°Π½ Π½Π°ΡΠ°Π»ΡΠ½ΡΠΉ Π°Π±ΡΠΎΠ»ΡΡΠ½ΡΠΉ Π·Π°ΠΏΡΠΎΡ. ΠΠ½Π°ΡΠ΅Π½ΠΈΠ΅ ΠΏΠΎ ΡΠΌΠΎΠ»ΡΠ°Π½ΠΈΡ Π΄Π»Ρ n ΡΠ°Π²Π½ΠΎ 1, ΡΡΠΎ ΠΎΠ·Π½Π°ΡΠ°Π΅Ρ, ΡΡΠΎ Π΅ΡΠ»ΠΈ Π² ΠΈΠΌΠ΅Π½ΠΈ Π΅ΡΡΡ ΠΊΠ°ΠΊΠΈΠ΅-Π»ΠΈΠ±ΠΎ ΡΠΎΡΠΊΠΈ, ΠΈΠΌΡ Π±ΡΠ΄Π΅Ρ ΡΠ½Π°ΡΠ°Π»Π° ΠΎΠΏΡΠΎΠ±ΠΎΠ²Π°Π½ΠΎ ΠΊΠ°ΠΊ Π°Π±ΡΠΎΠ»ΡΡΠ½ΠΎΠ΅ ΠΈΠΌΡ, ΠΏΡΠ΅ΠΆΠ΄Π΅ ΡΠ΅ΠΌ ΠΊ Π½Π΅ΠΌΡ Π±ΡΠ΄ΡΡ Π΄ΠΎΠ±Π°Π²Π»Π΅Π½Ρ ΠΊΠ°ΠΊΠΈΠ΅-Π»ΠΈΠ±ΠΎ ΡΠ»Π΅ΠΌΠ΅Π½ΡΡ ΡΠΏΠΈΡΠΊΠ° ΠΏΠΎΠΈΡΠΊΠ°.
Izvi zvinoreva kuti kana nokuda ndots
yakapihwa kukosha kwe5 uye zita rine isingasviki 5 dots, iyo system yekufona ichaedza kuigadzirisa sequentially, kutanga ichipfuura ese enzvimbo yekutsvaga domain, uye, kana ikasabudirira, pakupedzisira kuigadzirisa sezita rakakwana.
Nei zvakadaro ndots:5
inogona kukanganisa kushanda kweapp?
Sezvaunogona kufungidzira, kana chikumbiro chako chikashandisa yakawanda yekunze traffic, kune yega TCP yekubatanidza yakasimbiswa (kana zvakanyanya, kune yega yega zita rakagadziriswa), ichaburitsa 5 DNS mibvunzo zita risati ragadziriswa nemazvo, nekuti rinotanga rapfuura. 4 yemunharaunda yekutsvaga domain, uye kumagumo ichapa yakazara zita rekugadzirisa chikumbiro.
Iyi inotevera chati inoratidza huwandu hwese traffic pane edu 3 kube-dns modules tisati tachinja uye mushure mekuchinja mashoma mazita evatambi akagadzirirwa mukushandisa kwedu kune avo vanokwanisa zvizere.
Iyo inotevera dhizaini inoratidza application latency tisati tachinja uye mushure mekunge tachinja akati wandei mazita akagadziridzwa mukushandisa kwedu kune azere mazita (yakatwasuka yebhuruu mutsara ndiko kutumira):
Solution #1 - Shandisa mazita anonyatsokodzera
Kana iwe uine mashoma static mazita ekunze (kureva anotsanangurwa mukugadziriswa kwechishandiso) kwaunogadzira nhamba huru yekubatanidza, pamwe mhinduro iri nyore ndeyekuvashandura kune avo vakanyatsokodzera nekungoabatanidza. pamagumo.
Iyi haisi mhinduro yekupedzisira, asi inobatsira kukurumidza, zvisinei kwete zvakachena, kugadzirisa mamiriro acho ezvinhu. Isu takashandisa chigamba ichi kugadzirisa dambudziko redu, mhedzisiro yacho yakaratidzwa mune skrini iri pamusoro.
Solution #2 - kugadzirisa ndots
Π² dnsConfig
MuKubernetes 1.9, kushanda kwakaonekwa mune alpha modhi (beta vhezheni v1.10), iyo inokutendera iwe kudzora zvirinani DNS paramita kuburikidza nepod pfuma mu. dnsConfig
. Pakati pezvimwe zvinhu, zvinokubvumira kugadzirisa kukosha ndots
nokuda kwepodhi chaiyo, i.e.
apiVersion: v1
kind: Pod
metadata:
namespace: default
name: dns-example
spec:
containers:
- name: test
image: nginx
dnsConfig:
options:
- name: ndots
value: "1"
Sources
Verengawo zvimwe zvinyorwa pane yedu blog:
Kunzwisisa iyo Context package muGolang Matatu Manomano Akareruka ekudzikisa Docker Mifananidzo Stateful backups muKubernetes Backup yenhamba huru yemapurojekiti ewebhu Teregiramu bot yeRedmine. Nzira yekurerutsa hupenyu iwe pachako uye nevamwe
Source: www.habr.com