Kutshanje siphehlelele iKubernetes 1.9 kwi-AWS sisebenzisa iKops. Izolo, ngelixa ndihambisa ngokutyibilikayo itrafikhi entsha ukuya kwelona qela likhulu leKubernetes, ndiqale ukuqaphela iimpazamo ezingaqhelekanga zokusombulula amagama e-DNS afakwe sisicelo sethu.
Kuninzi malunga noku kwi-GitHub , ngoko ke ndagqiba ekubeni ndiyiqonde. Ekugqibeleni, ndaqonda ukuba kwimeko yethu oku kubangelwa ukunyuka komthwalo kube-dns ΠΈ dnsmasq. Eyona nto inomdla kunye nentsha kum yayisesona sizathu sokwanda okubalulekileyo kwi-DNS yesicelo setrafikhi. Iposti yam imalunga noku kwaye ndenze ntoni ngayo.
Isisombululo seDNS ngaphakathi kwesikhongozeli - njengakuyo nayiphi na inkqubo yeLinux - imiselwa yifayile yoqwalaselo /etc/resolv.conf. I-Kubernetes ehlala ikho dnsPolicy oku ClusterFirst, okuthetha ukuba nasiphi na isicelo se-DNS siya kuthunyelwa kuyo dnsmasq, ukubaleka kwipod kube-dns ngaphakathi kweqela, eliya kuthi lithumele isicelo kwisicelo kube-dns, ukuba igama liphela ngesimamva seqela, okanye, kungenjalo, kwinqanaba eliphezulu leseva yeDNS.
Ifayile /etc/resolv.conf ngaphakathi kwesikhongozeli ngasinye okungagqibekanga kuya kujongeka ngolu hlobo:
nameserver 100.64.0.10
search namespace.svc.cluster.local svc.cluster.local cluster.local
eu-west-1.compute.internal
options ndots:5Njengoko ubona, kukho izikhokelo ezintathu:
- Iseva yegama yi-IP yenkonzo
kube-dns - 4 imimandla yokukhangela yasekuhlaleni echaziweyo
search - Kukho ukhetho
ndots:5
Inxalenye enomdla yolu qwalaselo yindlela uphendlo lwemimandla kunye nezicwangciso ndots:5 dibana kunye. Ukuze uqonde oku, kufuneka uqonde indlela isisombululo se-DNS samagama angafanelekanga esisebenza ngayo.
Ngubani igama elipheleleyo?
Igama eliqeqeshwe ngokupheleleyo ligama ekungasayi kujongwa kulo indawo kwaye igama liya kuthathwa njengelipheleleyo ngexesha lokusonjululwa kwegama. Ngokwengqungquthela, isoftware ye-DNS ithatha igama njengelifaneleke ngokupheleleyo ukuba liphela ngechaphaza (.), kwaye alifanelekanga ngokupheleleyo ngenye indlela. Yiyo i google.com. ichazwe ngokupheleleyo kwaye google.com - Hayi.
Liphathwa njani igama elingafanelekanga?
Xa isicelo siqhagamshela kwinginginya ekude ekhankanyiweyo egameni, isisombululo segama le-DNS siqhele ukwenziwa kusetyenziswa umnxeba wenkqubo, umz. getaddrinfo(). Kodwa ukuba igama alifaneleki (alipheli ngo.) Ndiyazibuza ukuba inkqubo yokufowuna iza kuzama ukusombulula igama njengegama elipheleleyo kuqala, okanye idlule kwimida yokukhangela yasekhaya kuqala? Kuxhomekeke kukhetho ndots.
Ukusuka kwincwadana yemigaqo resolv.conf:
ndots:n
ΡΡΡΠ°Π½Π°Π²Π»ΠΈΠ²Π°Π΅Ρ ΠΏΠΎΡΠΎΠ³ Π΄Π»Ρ ΠΊΠΎΠ»ΠΈΡΠ΅ΡΡΠ²Π° ΡΠΎΡΠ΅ΠΊ, ΠΊΠΎΡΠΎΡΡΠ΅ Π΄ΠΎΠ»ΠΆΠ½Ρ ΠΏΠΎΡΠ²ΠΈΡΡΡΡ Π² ΠΈΠΌΠ΅Π½ΠΈ, ΠΏΡΠ΅ΠΆΠ΄Π΅ ΡΠ΅ΠΌ Π±ΡΠ΄Π΅Ρ ΡΠ΄Π΅Π»Π°Π½ Π½Π°ΡΠ°Π»ΡΠ½ΡΠΉ Π°Π±ΡΠΎΠ»ΡΡΠ½ΡΠΉ Π·Π°ΠΏΡΠΎΡ. ΠΠ½Π°ΡΠ΅Π½ΠΈΠ΅ ΠΏΠΎ ΡΠΌΠΎΠ»ΡΠ°Π½ΠΈΡ Π΄Π»Ρ n ΡΠ°Π²Π½ΠΎ 1, ΡΡΠΎ ΠΎΠ·Π½Π°ΡΠ°Π΅Ρ, ΡΡΠΎ Π΅ΡΠ»ΠΈ Π² ΠΈΠΌΠ΅Π½ΠΈ Π΅ΡΡΡ ΠΊΠ°ΠΊΠΈΠ΅-Π»ΠΈΠ±ΠΎ ΡΠΎΡΠΊΠΈ, ΠΈΠΌΡ Π±ΡΠ΄Π΅Ρ ΡΠ½Π°ΡΠ°Π»Π° ΠΎΠΏΡΠΎΠ±ΠΎΠ²Π°Π½ΠΎ ΠΊΠ°ΠΊ Π°Π±ΡΠΎΠ»ΡΡΠ½ΠΎΠ΅ ΠΈΠΌΡ, ΠΏΡΠ΅ΠΆΠ΄Π΅ ΡΠ΅ΠΌ ΠΊ Π½Π΅ΠΌΡ Π±ΡΠ΄ΡΡ Π΄ΠΎΠ±Π°Π²Π»Π΅Π½Ρ ΠΊΠ°ΠΊΠΈΠ΅-Π»ΠΈΠ±ΠΎ ΡΠ»Π΅ΠΌΠ΅Π½ΡΡ ΡΠΏΠΈΡΠΊΠ° ΠΏΠΎΠΈΡΠΊΠ°.Oku kuthetha ukuba ukuba ndots inikwe ixabiso le-5 kwaye igama liqulethe ngaphantsi kwamachaphaza e-5, ifowuni yenkqubo iya kuzama ukuyicombulula ngokulandelelana, kuqala ukunqumla yonke imimandla yokukhangela yendawo, kwaye, ukuba ayiphumelelanga, ekugqibeleni iyisombulule njengegama elipheleleyo.
Kutheni kengoku ndots:5 inokuba nefuthe elibi kwintsebenzo yesicelo?
Njengoko unokucinga, ukuba isicelo sakho sisebenzisa i-traffic eninzi yangaphandle, kuyo yonke i-TCP uxhumano olusekiweyo (okanye ngokuchanekileyo, igama ngalinye lisonjululwe), liya kukhupha imibuzo ye-5 DNS ngaphambi kokuba igama lilungiswe ngokuchanekileyo, kuba liya kuqala 4 indawo yokukhangela yendawo, kwaye ekugqibeleni iya kukhupha isicelo esipheleleyo sesisombululo segama.
Itshathi elandelayo ibonisa i-traffic iyonke kwiimodyuli zethu ze-kube-dns ezi-3 ngaphambi nasemva kokuba sitshintshe amagama abamkeli abambalwa amiselweyo kwisicelo sethu ukuba bafaneleke ngokupheleleyo.
Lo mzobo ulandelayo ubonisa ukubambezeleka kwesicelo phambi nasemva kokuba sitshintshe amagama enginginya amiselweyo kwisicelo sethu ukuya kumagama apheleleyo (umgca othe nkqo oblowu kukusasazwa):
Isisombululo #1 - Sebenzisa amagama afanelekileyo
Ukuba unamagama ambalwa angatshintshiyo angaphandle (o.k.t. echazwe kuqwalaselo lwesicelo) apho wenza khona inani elikhulu loqhagamshelo, mhlawumbi esona sisombululo silula kukutshintshela kwabo bafaneleke ngokupheleleyo ngokuyifakela ngokulula. ekugqibeleni.
Oku akusona isisombululo sokugqibela, kodwa kunceda ngokukhawuleza, nangona kungacocekanga, ukuphucula imeko. Sisebenzise le patch ukusombulula ingxaki yethu, iziphumo zazo eziboniswe kwiscreenshots apha ngasentla.
Isisombululo #2 - ukwenza ngokwezifiso ndots Π² dnsConfig
Kwi-Kubernetes 1.9, ukusebenza kwavela kwimo ye-alpha (uguqulelo lwe-beta v1.10), ekuvumela ukuba ulawule ngcono iiparamitha ze-DNS ngepropathi ye-pod kwi. dnsConfig. Phakathi kwezinye izinto, ikuvumela ukuba uqwalasele ixabiso ndots kwipod ethile, oko kukuthi.
apiVersion: v1
kind: Pod
metadata:
namespace: default
name: dns-example
spec:
containers:
- name: test
image: nginx
dnsConfig:
options:
- name: ndots
value: "1"Imithombo
Funda namanye amanqaku kwibhlog yethu:
umthombo: www.habr.com