Qaphela. transl.: Inkinga ye-DNS ku-Kubernetes, noma ngokuqondile, izilungiselelo zepharamitha ndots, iyathandwa ngokumangalisayo, futhi kakade . Kwenye inothi ngalesi sihloko, umbhali wayo, unjiniyela we-DevOps ovela enkampanini enkulu yabathengisi e-India, ukhuluma ngendlela elula nemfishane mayelana nokuthi yini ewusizo kozakwabo abasebenza i-Kubernetes ukuze bakwazi.
Enye yezinzuzo eziyinhloko zokuthumela izinhlelo zokusebenza ku-Kubernetes ukutholakala kwezinhlelo zokusebenza okungenamthungo. Ukusebenzisana kwe-Intra-cluster kwenziwa lula kakhulu ngenxa yomqondo wesevisi (), okuyi-IP ebonakalayo esekela isethi yamakheli e-pod IP. Isibonelo, uma isevisi vanilla ifisa ukuxhumana nesevisi chocolate, ingafinyelela ngokuqondile i-IP ebonakalayo ye chocolate. Umbuzo uphakama: ngubani kulokhu ozoxazulula isicelo se-DNS kuye chocolate Futhi Kanjani?
Ukulungiswa kwegama le-DNS kulungiselelwe kuqoqo le-Kubernetes kusetshenziswa . I-Kubelet ibhalisa i-pod nge-CoreDNS njenge-nameserver kumafayela /etc/resolv.conf zonke izinja. Uma ubheka okuqukethwe /etc/resolv.conf noma iyiphi i-pod, izobukeka kanjena:
search hello.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.152.183.10
options ndots:5
Lokhu kulungiselelwa kusetshenziswa amaklayenti e-DNS ukudlulisela izicelo kuseva ye-DNS. Kufayela resolv.conf iqukethe ulwazi olulandelayo:
- nameserver: iseva okuzothunyelwa kuyo izicelo ze-DNS. Esimweni sethu, leli ikheli lesevisi ye-CoreDNS;
- search: Ichaza indlela yosesho yesizinda esithile. Kuyathakazelisa lokho
google.comnomamrkaran.devakuyona i-FQDN (). Ngokuvumelana nesimiso esijwayelekile esilandelwa iningi labaxazululi be-DNS, lezo kuphela ezigcina ngechashazi ".", ezimele indawo yempande, zibhekwa njengezizinda ezifanelekayo ngokugcwele (i-FDQN). Ezinye izixazululi zingangeza iphoyinti ngokwazo. Ngakho,mrkaran.dev.igama lesizinda elifaneleke ngokugcwele (FQDN), futhimrkaran.dev- Cha; - Ndothi: Ipharamitha ethakazelisa kakhulu (lesi sihloko simayelana nayo).
ndotsicacisa inombolo yomkhawulo wamachashazi egameni lesicelo ngaphambi kokuthi lithathwe njengegama lesizinda βelifaneleke ngokugcweleβ. Sizokhuluma kabanzi ngalokhu kamuva lapho sihlaziya ukulandelana kokubheka kwe-DNS.
Ake sibone ukuthi kwenzekani lapho sibuza mrkaran.dev ku-pod:
$ nslookup mrkaran.dev
Server: 10.152.183.10
Address: 10.152.183.10#53
Non-authoritative answer:
Name: mrkaran.dev
Address: 157.230.35.153
Name: mrkaran.dev
Address: 2400:6180:0:d1::519:6001
Ngalokhu kuhlolwa, ngimise ileveli yokungena ye-CoreDNS ukuthi all (okwenza kube nezwi ngempela). Ake sibheke izingodo ze-pod coredns:
[INFO] 10.1.28.1:35998 - 11131 "A IN mrkaran.dev.hello.svc.cluster.local. udp 53 false 512" NXDOMAIN qr,aa,rd 146 0.000263728s
[INFO] 10.1.28.1:34040 - 36853 "A IN mrkaran.dev.svc.cluster.local. udp 47 false 512" NXDOMAIN qr,aa,rd 140 0.000214201s
[INFO] 10.1.28.1:33468 - 29482 "A IN mrkaran.dev.cluster.local. udp 43 false 512" NXDOMAIN qr,aa,rd 136 0.000156107s
[INFO] 10.1.28.1:58471 - 45814 "A IN mrkaran.dev. udp 29 false 512" NOERROR qr,rd,ra 56 0.110263459s
[INFO] 10.1.28.1:54800 - 2463 "AAAA IN mrkaran.dev. udp 29 false 512" NOERROR qr,rd,ra 68 0.145091744sPhew. Izinto ezimbili ezibamba ukunaka kwakho lapha:
- Isicelo sidlula kuzo zonke izigaba zokusesha kuze kube impendulo iqukethe ikhodi
NOERROR(Amaklayenti e-DNS ayayiqonda futhi ayigcine njengomphumela).NXDOMAINkusho ukuthi alikho irekhodi elitholakele legama lesizinda elinikeziwe. Ngoba imrkaran.devakulona igama le-FQDN (ngokushondots=5), isixazululi sibheka indlela yokusesha futhi sinquma ukuhleleka kwezicelo; - Okuthunyelwe
ΠΠΈΠΠΠΠfika ngokuhambisana. Iqiniso liwukuthi izicelo zesikhathi esisodwa ku/etc/resolv.confNgokuzenzakalela, zilungiswa ngendlela yokuthi ukusesha okuhambisanayo kwenziwe kusetshenziswa iphrothokholi ye-IPv4 ne-IPv6. Ungakhansela lokhu kuziphatha ngokwengeza inkethosingle-requestΠ²resolv.conf.
Qaphela: glibc ingalungiselelwa ukuthumela lezi zicelo ngokulandelana, futhi musl - cha, ngakho-ke abasebenzisi be-Alpine kufanele baqaphele.
Ukuhlola nge-ndots
Ake sizame okwengeziwe ndots futhi ake sibone ukuthi le parameter iziphatha kanjani. Umbono ulula: ndots inquma ukuthi iklayenti le-DNS lizophatha isizinda njengesiphelele noma isihlobo. Isibonelo, esimweni seklayenti le-Google DNS elilula, lazi kanjani ukuthi lesi sizinda siphelele? Uma usetha ndots elilingana no-1, iklayenti lizothi: "Oh, phakathi google alikho iphuzu elilodwa; Ngicabanga ukuthi ngizoluthola lonke uhlu lokusesha." Nokho, uma ubuza google.com, uhlu lwezijobelelo luzozitshwa ngokuphelele ngoba igama eliceliwe lihlangabezana nomkhawulo ndots (okungenani kukhona iphuzu elilodwa).
Masiqinisekise lokhu:
$ cat /etc/resolv.conf
options ndots:1
$ nslookup mrkaran
Server: 10.152.183.10
Address: 10.152.183.10#53
** server can't find mrkaran: NXDOMAINAmalogi we-CoreDNS:
[INFO] 10.1.28.1:52495 - 2606 "A IN mrkaran.hello.svc.cluster.local. udp 49 false 512" NXDOMAIN qr,aa,rd 142 0.000524939s
[INFO] 10.1.28.1:59287 - 57522 "A IN mrkaran.svc.cluster.local. udp 43 false 512" NXDOMAIN qr,aa,rd 136 0.000368277s
[INFO] 10.1.28.1:53086 - 4863 "A IN mrkaran.cluster.local. udp 39 false 512" NXDOMAIN qr,aa,rd 132 0.000355344s
[INFO] 10.1.28.1:56863 - 41678 "A IN mrkaran. udp 25 false 512" NXDOMAIN qr,rd,ra 100 0.034629206s
Kusukela ku mrkaran alikho iphuzu elilodwa, ukusesha kwenziwa kulo lonke uhlu lwezijobelelo.
Qaphela: ekusebenzeni inani eliphezulu ndots kukhawulelwe ku-15; ngokuzenzakalelayo ku-Kubernetes ingu-5.
Isicelo ekukhiqizeni
Uma uhlelo lokusebenza lwenza izingcingo eziningi zangaphandle zenethiwekhi, i-DNS ingaba ibhodlela esimweni sethrafikhi esebenzayo, njengoba ukulungiswa kwegama kwenza imibuzo eminingi engadingekile (ngaphambi kokuba uhlelo lufike kwelungile). Izinhlelo zokusebenza ngokuvamile azingezi indawo yempande emagameni wesizinda, kodwa lokhu kuzwakala njengokugebenga. Okungukuthi, esikhundleni sokubuza api.twitter.com, ungakwazi hardcode api.twitter.com. (enechashazi) kuhlelo lokusebenza, okuzokwazisa amaklayenti e-DNS ukuthi enze ukubheka okugunyaziwe ngokuqondile esizindeni esiphelele.
Ukwengeza, ukuqala ngenguqulo ye-Kubernetes 1.14, izandiso dnsConfig ΠΈ dnsPolicy ithole isimo esizinzile. Ngakho-ke, lapho uthumela i-pod, unganciphisa inani ndots, yithi, kufika koku-3 (ngisho nokufika koku-1!). Ngenxa yalokhu, yonke imilayezo engaphakathi kwendawo kuzodingeka ifake isizinda esigcwele. Lokhu kungenye yezindlela zokuhweba zakudala lapho kufanele ukhethe phakathi kokusebenza nokuphatheka. Kimina kubonakala sengathi kufanele ukhathazeke ngalokhu kuphela uma ukubambezeleka okuphansi kakhulu kubalulekile kuhlelo lwakho lokusebenza, njengoba imiphumela ye-DNS nayo ifakwe kunqolobane ngaphakathi.
izithenjwa
Ngiqale ngafunda ngalesi sici ku , obanjwe ngoJanuwari 25. Lapho baxoxile, phakathi kokunye, ngale nkinga.
Nazi ezinye izixhumanisi zokuhlola okwengeziwe:
- , kungani ndots=5 ku-Kubernetes;
- ukuthi ukushintsha ama-ndots kuthinta kanjani ukusebenza kohlelo lokusebenza;
- phakathi kwezixazululi ze-musl ne-glibc.
Qaphela: Ngikhethe ukungasebenzisi dig kule ndatshana. dig yengeza ngokuzenzakalelayo ichashazi (inkomba yendawo yezimpande), okwenza isizinda "sifaneleke ngokugcwele" (FQDN), hhayi ngokuyisebenzisa kuqala ohlwini lokusesha. Ubhale ngalokhu ku . Kodwa-ke, kuyamangaza ukuthi, ngokuvamile, ifulegi elihlukile kufanele licaciswe ngokuziphatha okujwayelekile.
I-DNSing enhle! Ngizokubona ngemva kwesikhathi!
I-PS evela kumhumushi
Funda futhi kubhulogi yethu:
- Β«";
- Β«";
- "Umhlahlandlela Onemifanekiso Wokuxhumana Nenethiwekhi ku-Kubernetes": , .
Source: www.habr.com