microk8s（十一）k8s的DNS服务

一、DNS服务架构演进

• SKyDNS （k8s 1.2）
• KubeDNS (k8s 1.4)
• CoreDNS (k8s 1.11)

DNS服务全部在一个Pod实现，所以整个演进过程对集群都是完全无感知的。microk8s 1.14使用的是kubeDNS版本。

二、查看集群DNS服务

# kubectl get svc --all-namespaces
NAMESPACE     NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGE
default       default-http-backend   ClusterIP   10.152.183.99    <none>        80/TCP              6h16m
default       kubernetes             ClusterIP   10.152.183.1     <none>        443/TCP             6h18m
default       nginx                  NodePort    10.152.183.111   <none>        80:30001/TCP        41m
kube-system   heapster               ClusterIP   10.152.183.152   <none>        80/TCP              6h16m
kube-system   kube-dns               ClusterIP   10.152.183.10    <none>        53/UDP,53/TCP       6h17m
kube-system   kubernetes-dashboard   ClusterIP   10.152.183.120   <none>        443/TCP             6h16m
kube-system   monitoring-grafana     ClusterIP   10.152.183.86    <none>        80/TCP              6h16m
kube-system   monitoring-influxdb    ClusterIP   10.152.183.145   <none>        8083/TCP,8086/TCP   6h16m

可以看到，集群DNS服务的IP地址是10.152.183.10，我们来测试一下

# nslookup nginx.default.svc.cluster.local 10.152.183.10
Server:     10.152.183.10
Address:    10.152.183.10#53

Name:   nginx.default.svc.cluster.local
Address: 10.152.183.111

# nslookup kube-dns.kube-system.svc.cluster.local 10.152.183.10
Server:     10.152.183.10
Address:    10.152.183.10#53

Name:   kube-dns.kube-system.svc.cluster.local
Address: 10.152.183.10

可以看出，DNS服务成功解析的服务名。

三、Pod的DNS配置是怎么实现的

分为两部分

• kubelet 级别
• pod 级别

kubelet两个关键参数

• --cluster-domain=cluster.local
• --cluster-dns=10.152.183.10

pod 两个关键参数

• dnsPolicy
  • Default
  • ClusterFirst
  • ClusterFristWithHostNet
  • None
• dnsConfig
  • nameservers
  • searches
  • options

四、直接在宿主机中进行测试

# nslookup kube-dns.kube-system.svc.cluster.local 10.152.183.10
Server:     10.152.183.10
Address:    10.152.183.10#53

Name:   kube-dns.kube-system.svc.cluster.local
Address: 10.152.183.10

# nslookup kubernetes.default.svc.cluster.local 10.152.183.10
Server:     10.152.183.10
Address:    10.152.183.10#53

Name:   kubernetes.default.svc.cluster.local
Address: 10.152.183.1

五、容器中测试DNS服务

接下来试用一个带有nslookup工具的Pod来验证DNS服务是否正常工作：

apiVersion: v1
kind: Pod
metadata:
        name: httpbin
        labels:
                app: httpbin
spec:
        containers:
                - name: httpbin
                  image: citizenstig/httpbin
                  ports:
                          - containerPort: 8000
                            hostPort: 8000

运行kubectl create -f busybox.yaml 即可完成创建。

在改容器成功启动后，通过 kubectl exec <container_id> nslookup进行测试：

# kubectl exec busybox -- nslookup nginx
Server:    10.152.183.10
Address 1: 10.152.183.10 kube-dns.kube-system.svc.cluster.local

Name:      nginx
Address 1: 10.152.183.111 nginx.default.svc.cluster.local
# kubectl exec busybox -- nslookup kubernetes
Server:    10.152.183.10
Address 1: 10.152.183.10 kube-dns.kube-system.svc.cluster.local

Name:      kubernetes
Address 1: 10.152.183.1 kubernetes.default.svc.cluster.local

😁