ProHoster > Blog > Tsamaiso > Batla DNS ho Kubernetes

Batla DNS ho Kubernetes

Hlokomela. fetolela.: Bothata ba DNS ho Kubernetes, kapa ka nepo, litlhophiso tsa paramethara ndots, e tumme ka tsela e makatsang, mme e se e ntse e le teng Eseng pele selemo. Tlalehong e 'ngoe e mabapi le sehlooho sena, mongoli oa eona, moenjiniere oa DevOps ea tsoang k'hamphaning e kholo ea khoebo ea India, o bua ka mokhoa o bonolo le o khuts'oane ka se molemo ho basebetsi-'moho le bona ba sebetsang Kubernetes ho se tseba.

Batla DNS ho Kubernetes

O mong oa melemo ea mantlha ea ho kenya lits'ebetso ho Kubernetes ke ho sibolla ts'ebeliso e se nang moeli. Khokahano ea li-Intra-cluster e nolofalitsoe haholo ka lebaka la mohopolo oa ts'ebeletso (Service), e leng IP ea sebele e tšehetsang sehlopha sa liaterese tsa IP tsa pod. Ka mohlala, haeba tšebeletso vanilla e lakatsa ho ikopanya le litšebeletso chocolate, e ka fihlella ka ho toba IP ea sebele bakeng sa chocolate. Ho hlaha potso: ke mang tabeng ena ea tla rarolla kopo ea DNS ho chocolate Hona Joang?

Qeto ea lebitso la DNS e hlophisitsoe ho sehlopha sa Kubernetes ho sebelisoa CoreDNS. Kubelet e ngolisa pod ka CoreDNS e le nameserver lifaeleng /etc/resolv.conf likotoana tsohle. Haeba u sheba litaba /etc/resolv.conf leha e le efe, e tla shebahala tjena:

search hello.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.152.183.10
options ndots:5

Tokiso ena e sebelisoa ke bareki ba DNS ho fetisetsa likopo ho seva sa DNS. Ka faele resolv.conf e na le lintlha tse latelang:

  • nameserver: seva eo likopo tsa DNS li tla romelloa ho eona. Tabeng ea rona, ena ke aterese ea tšebeletso ea CoreDNS;
  • fuputso: E hlalosa tsela ea ho batla sebaka se itseng. Hoa thahasellisa hore google.com kapa mrkaran.dev ha se FQDN (mabitso a domain a tšoanelehang ka botlalo). Ho ea ka tumellano e tloaelehileng eo bahlalosi ba bangata ba DNS ba e latelang, ke feela tse qetellang ka letheba ".", tse emelang sebaka sa motso, li nkuoa e le libaka tse tšoanelehang ka botlalo (FDQN). Bareki ba bang ba ka eketsa ntlha ka bo bona. Kahoo, mrkaran.dev. ke domain name e tšoanelehang ka botlalo (FQDN), le mrkaran.dev - Che;
  • lintlha: Parameter e thahasellisang ka ho fetisisa (sengoloa sena se bua ka eona). ndots e totobatsa palo ea matheba a matheba lebitsong la kopo pele e nkuoa e le lebitso la "domain" le "tiloeng ka botlalo". Re tla bua haholoanyane ka sena hamorao ha re sekaseka tatelano ea ho sheba DNS.

Batla DNS ho Kubernetes

A re bone se etsahalang ha re botsa mrkaran.dev ka pod:

$ nslookup mrkaran.dev
Server: 10.152.183.10
Address: 10.152.183.10#53

Non-authoritative answer:
Name: mrkaran.dev
Address: 157.230.35.153
Name: mrkaran.dev
Address: 2400:6180:0:d1::519:6001

Bakeng sa teko ena, ke behile boemo ba ho rema lifate ba CoreDNS ho all (e leng se etsang hore e be leetsi haholo). Ha re shebeng likutu tsa pod coredns:

[INFO] 10.1.28.1:35998 - 11131 "A IN mrkaran.dev.hello.svc.cluster.local. udp 53 false 512" NXDOMAIN qr,aa,rd 146 0.000263728s
[INFO] 10.1.28.1:34040 - 36853 "A IN mrkaran.dev.svc.cluster.local. udp 47 false 512" NXDOMAIN qr,aa,rd 140 0.000214201s
[INFO] 10.1.28.1:33468 - 29482 "A IN mrkaran.dev.cluster.local. udp 43 false 512" NXDOMAIN qr,aa,rd 136 0.000156107s
[INFO] 10.1.28.1:58471 - 45814 "A IN mrkaran.dev. udp 29 false 512" NOERROR qr,rd,ra 56 0.110263459s
[INFO] 10.1.28.1:54800 - 2463 "AAAA IN mrkaran.dev. udp 29 false 512" NOERROR qr,rd,ra 68 0.145091744s

Phew. Lintho tse peli li hapa tlhokomelo ea hau mona:

  • Kopo e tsamaea ka mekhahlelo eohle ea ho batla ho fihlela karabo e na le khoutu NOERROR (Bareki ba DNS ba e utloisisa mme ba e boloka ka lebaka leo). NXDOMAIN ho bolela hore ha ho rekoto e fumanoeng bakeng sa lebitso le fanoeng la domain. Hobane the mrkaran.dev ha se lebitso la FQDN (ho latela ndots=5), solver o sheba tsela ea ho batla mme o etsa qeto ea tatellano ea likopo;
  • Lipehelo А и АААА fihla ka ho bapana. 'Nete ke hore likopo tsa nako e le' ngoe ho /etc/resolv.conf Ka linako tsohle, li hlophisitsoe ka tsela eo hore lipatlisiso tse tšoanang li etsoa ho sebelisoa liprothokholo tsa IPv4 le IPv6. O ka hlakola boits'oaro bona ka ho eketsa khetho single-request в resolv.conf.

Ela hloko: glibc e ka hlophisoa ho romela likopo tsena ka tatellano, le musl - che, kahoo basebelisi ba Alpine ba lokela ho ela hloko.

Ho leka ka li-ndots

Ha re lekeng hanyane ka ndots 'me re bone hore na parameter ena e sebetsa joang. Mohopolo o bonolo: ndots e etsa qeto ea hore na moreki oa DNS o tla nka sebaka sa marang-rang e le se felletseng kapa se amanang. Ka mohlala, tabeng ea google DNS client e bonolo, e tseba joang hore sebaka see se nepahetse? Haeba u beha ndots ho lekana le 1, moreki o tla re: "Oh, in google ha ho ntlha e le 'ngoe; Ke nahana hore ke tla sheba lenane lohle la lipatlisiso. ” Leha ho le joalo, haeba u botsa google.com, lenane la li-suffixes le tla hlokomolohuoa ka ho feletseng hobane lebitso le kopiloeng le kopana le moeli ndots (ho na le bonyane ntlha e le 'ngoe).

Ha re etse bonnete ba sena:

$ cat /etc/resolv.conf
options ndots:1
$ nslookup mrkaran
Server: 10.152.183.10
Address: 10.152.183.10#53

** server can't find mrkaran: NXDOMAIN

CoreDNS logs:

[INFO] 10.1.28.1:52495 - 2606 "A IN mrkaran.hello.svc.cluster.local. udp 49 false 512" NXDOMAIN qr,aa,rd 142 0.000524939s
[INFO] 10.1.28.1:59287 - 57522 "A IN mrkaran.svc.cluster.local. udp 43 false 512" NXDOMAIN qr,aa,rd 136 0.000368277s
[INFO] 10.1.28.1:53086 - 4863 "A IN mrkaran.cluster.local. udp 39 false 512" NXDOMAIN qr,aa,rd 132 0.000355344s
[INFO] 10.1.28.1:56863 - 41678 "A IN mrkaran. udp 25 false 512" NXDOMAIN qr,rd,ra 100 0.034629206s

Ho tloha ka mrkaran ha ho na ntlha e le 'ngoe, patlo e entsoe lethathamong lohle la li-suffixes.

Tlhokomeliso: ts'ebetsong boleng bo phahameng ndots e lekanyelitsoe ho 15; ka ho sa feleng ho Kubernetes ke 5.

Kopo tlhahiso

Haeba ts'ebeliso e etsa mehala e mengata ea marang-rang, DNS e ka fetoha tšitiso tabeng ea sephethephethe se sebetsang, kaha tlhaloso ea mabitso e etsa lipotso tse ngata tse sa hlokahaleng (pele tsamaiso e fihla ho e nepahetseng). Hangata lits'ebetso ha li kenye sebaka sa motso ho mabitso a domain, empa sena se utloahala joalo ka hack. Ke hore, sebakeng sa ho botsa api.twitter.com, u ka e 'hardcode' api.twitter.com. (e nang le letheba) ts'ebelisong, e tla khothaletsa bareki ba DNS ho etsa lipatlisiso tse nang le matla ka kotloloho sebakeng se felletseng.

Ntle le moo, ho qala ka mofuta oa Kubernetes 1.14, likeketso dnsConfig и dnsPolicy e fumane boemo bo tsitsitseng. Kahoo, ha u tsamaisa pod, u ka fokotsa boleng ndots, e re, ho fihla ho 3 (esita le ho fihla ho 1!). Ka lebaka lena, molaetsa o mong le o mong o ka har'a node o tla tlameha ho kenyelletsa domain name e felletseng. Ena ke e 'ngoe ea li-trade-offs tsa khale ha u tlameha ho khetha pakeng tsa ts'ebetso le ho nkeha habonolo. Ho 'na ho bonahala eka u lokela ho tšoenyeha feela ka sena haeba ultra-low latency e le bohlokoa ho kopo ea hau, kaha liphetho tsa DNS le tsona li bolokiloe ka hare.

litšupiso

Ke ile ka qala ho ithuta ka tšobotsi ena ka K8s-kopano, e ileng ea tšoaroa ka la 25 January. Ho bile le puisano ka bothata bona, hara tse ding.

Lihokelo tse ling tsa boithuto bo eketsehileng ke tsena:

  • Tlhaloso, hobaneng ndots=5 ho Kubernetes;
  • Lintho tse kholo hore na ho fetola li-ndots ho ama ts'ebetso ea kopo joang;
  • Liphapang pakeng tsa li-solvents tsa musl le glibc.

Tlhokomeliso: Ke khethile ho se sebelise dig sengoloeng sena. dig ka bo eona e eketsa letheba (sekhetho sa libaka tsa motso), se etsa hore sebaka se "tšoanelehe ka botlalo" (FQDN), ha ka ho qala ka ho e tsamaisa ka lethathamo la lipatlisiso. O ngotse ka sena ho e 'ngoe ea likhatiso tse fetileng. Leha ho le joalo, hoa makatsa hore ebe, ka kakaretso, folakha e arohaneng e tlameha ho hlalosoa bakeng sa boitšoaro bo tloaelehileng.

Thabela DNSing! Ke tla u bona hamorao!

PS ho tsoa ho mofetoleli

Bala hape ho blog ea rona:

Source: www.habr.com

Eketsa ka tlhaloso