DNS in Kubernetes
- 对象分配的名称
- Service DNS 记录
- Pod DNS 记录
Cluster DNS参考
DNS for Services and Pods
这里主要讨论集群内不同对象之间的DNS解析
默认情况下,创建集群时,k8s会部署内置的DNS服务器,在集群内,我们不关注Node,只关注Pod和Service
假设集群正常,所有的Pod和Service都可以通过IP访问,为了让下图中的web pod可以被test pod访问,创建一个web-svc Service,当Service创建时,集群中的DNS服务就会为这个Service创建一条记录,所以在任何Pod都可以使用此名称进行访问web pod提供的服务
注意 ,这里特指处于同一个namespace的资源
假设web-svc位于一个名为web的namespace中
如果从test pod访问web-svc,就需要在域名后添加.web后缀,对于每个namespace DNS 服务都会创建一个subdomain
所有的Services都被组合到另一个subdomain中
最后,所有的Pod和Service都被分组到一个subdomain Root中
默认情况下不会创建Pod的记录,DNS 服务会将pod的IP转化格式
DNS Practice
default namespace
# 创建持久化test pod用于测试
kubectl run test --image=rockylinux/rockylinux --command -- /bin/bash -c "while true; do sleep 3600; done"
# 创建pod/web service/web-svc
controlplane ~ ➜ kubectl run web --image=nginx
pod/web created
controlplane ~ ➜ kubectl expose pod web --port=80 --target-port=80 --name=web-svc
service/web-svc exposed
# 查看IP地址
controlplane ~ ➜ kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
test 1/1 Running 0 2m1s 10.244.3.2 node02 <none> <none>
web 1/1 Running 0 96s 10.244.1.2 node01 <none> <none>
controlplane ~ ➜ kubectl get svc web-svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
web-svc ClusterIP 10.105.191.187 <none> 80/TCP 3m39s
# 进入test测试
controlplane ~ ➜ kubectl exec test -it -- /bin/bash
# 直接访问svc名称
[root@test /]# curl http://web-svc
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
# 访问pod
[root@test /]# curl http://10-244-1-2.default.pod.cluster.local
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
different namespaces
# 删除ns:default的web资源
controlplane ~ ➜ kubectl delete pod web
pod "web" deleted
controlplane ~ ➜ kubectl delete svc web-svc
service "web-svc" deleted
# 创建ns:web
controlplane ~ ➜ kubectl create namespace web
namespace/web created
# 为了让返回信息精简 image使用httpd
controlplane ~ ➜ kubectl run web --image=httpd --namespace=web
pod/web created
controlplane ~ ➜ kubectl expose pod web -n web --port=80 --target-port=80 --name=web-svc
service/web-svc exposed
controlplane ~ ➜ kubectl get all -n web -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/web 1/1 Running 0 21s 10.244.3.3 node02 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/web-svc ClusterIP 10.98.197.224 <none> 80/TCP 11s run=web
# 进入test测试
controlplane ~ ➜ kubectl exec test -it -- /bin/bash
#之前直接curl Service名称不可行
[root@test /]# curl http://web-svc
curl: (6) Could not resolve host: web-svc
[root@test /]# curl http://web-svc.web
<html><body><h1>It works!</h1></body></html>
[root@test /]# curl http://web-svc.web.svc
<html><body><h1>It works!</h1></body></html>
[root@test /]# curl http://web-svc.web.svc.cluster.local
<html><body><h1>It works!</h1></body></html>
[root@test /]# curl http://10-244-3-3.web.pod.cluster.local
<html><body><h1>It works!</h1></body></html>
