38-DNS for Services and Pods

concepts/services-networking/dns-pod-service/

DNS for Services and Pods

This page provides an overview of DNS support by Kubernetes. 本页概述了kubernetes对dns的支持。

Introduction

Kubernetes DNS schedules a DNS Pod and Service on the cluster, and configures the kubelets to tell individual containers to use the DNS Service’s IP to resolve DNS names. kubernetes dns在集群上调度dns pod和服务,并将kubelets配置为告诉各个容器使用dns服务的ip来解析dns名称。

What things get DNS names?

Every Service defined in the cluster (including the DNS server itself) is assigned a DNS name. By default, a client Pod’s DNS search list will include the Pod’s own namespace and the cluster’s default domain. This is best illustrated by example: 群集中定义的每个服务(包括dns服务器本身)都分配了一个dns名称。默认情况下,客户端pod的dns搜索列表将包括pod自己的名称空间和集群的默认域。这一点最好用例子来说明:

Assume a Service named foo in the Kubernetes namespace bar. A Pod running in namespace bar can look up this service by simply doing a DNS query for foo. A Pod running in namespace quux can look up this service by doing a DNS query for foo.bar. 假设kubernetes命名空间栏中有一个名为foo的服务。运行在命名空间栏中的pod可以通过简单地对foo执行dns查询来查找此服务。运行在命名空间qux中的pod可以通过对foo.bar执行dns查询来查找此服务。

The following sections detail the supported record types and layout that is supported. Any other layout or names or queries that happen to work are considered implementation details and are subject to change without warning. For more up-to-date specification, see Kubernetes DNS-Based Service Discovery. 以下各节详细介绍了支持的记录类型和布局。任何其他正在工作的布局、名称或查询都将被视为实现细节,并且可能会在没有警告的情况下进行更改。有关最新规范的详细信息,请参阅基于kubernetes dns的服务发现。

Services

A records

“Normal” (not headless) Services are assigned a DNS A record for a name of the form my-svc.my-namespace.svc.cluster-domain.example. This resolves to the cluster IP of the Service. “normal”(非headless)服务被分配一个dns a记录,其格式为my-svc.my-namespace.svc.cluster-domain.example。这将解析为服务的群集IP。

“Headless” (without a cluster IP) Services are also assigned a DNS A record for a name of the form my-svc.my-namespace.svc.cluster-domain.example. Unlike normal Services, this resolves to the set of IPs of the pods selected by the Service. Clients are expected to consume the set or else use standard round-robin selection from the set. “headless”(不带群集IP)服务还被分配一个DNS A记录,其格式为my-svc.my-namespace.svc.cluster-domain.example。与普通服务不同,这将解析为服务选择的pod的ip集。客户机需要使用集合,否则将使用集合中的标准循环选择。

SRV records

SRV Records are created for named ports that are part of normal or Headless Services. For each named port, the SRV record would have the form _my-port-name._my-port-protocol.my-svc.my-namespace.svc.cluster-domain.example. For a regular service, this resolves to the port number and the domain name: my-svc.my-namespace.svc.cluster-domain.example. For a headless service, this resolves to multiple answers, one for each pod that is backing the service, and contains the port number and the domain name of the pod of the form auto-generated-name.my-svc.my-namespace.svc.cluster-domain.example. SRV记录是为属于正常或无头服务的命名端口创建的。对于每个命名端口,srv记录的格式为“my-port-name.”my-port-protocol.my-svc.my-namespace.svc.cluster-domain.example。对于常规服务,这将解析为端口号和域名:my-svc.my-namespace.svc.cluster-domain.example。对于无头服务,这将解析为多个答案,每个支持该服务的pod对应一个答案,并包含pod的端口号和域名,格式为auto-generated-name.my-svc.my-namespace.svc.cluster-domain.example。

Pods

Pod’s hostname and subdomain fields

Currently when a pod is created, its hostname is the Pod’s metadata.name value. 当前创建pod时,其主机名是pod的metadata.name值。

The Pod spec has an optional hostname field, which can be used to specify the Pod’s hostname. When specified, it takes precedence over the Pod’s name to be the hostname of the pod. For example, given a Pod with hostname set to “my-host”, the Pod will have its hostname set to “my-host”. pod规范有一个可选的hostname字段,可用于指定pod的主机名。指定后,它优先于pod的名称作为pod的主机名。例如,假设一个pod的主机名设置为“my host”,那么该pod的主机名将设置为“myhost”。

The Pod spec also has an optional subdomain field which can be used to specify its subdomain. For example, a Pod with hostname set to “foo”, and subdomain set to “bar”, in namespace “my-namespace”, will have the fully qualified domain name (FQDN) “foo.bar.my-namespace.svc.cluster-domain.example”. pod规范还有一个可选的子域字段,可用于指定其子域。例如,在命名空间“My namespace”中,主机名设置为“foo”、子域设置为“bar”的pod将具有完全限定的域名(fqdn)“foo.bar.My namespace.svc.cluster domain.example”。

Example:

apiVersion: v1
kind: Service
metadata:
  name: default-subdomain
spec:
  selector:
    name: busybox
  clusterIP: None
  ports:
  - name: foo # Actually, no port is needed.
    port: 1234
    targetPort: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: busybox1
  labels:
    name: busybox
spec:
  hostname: busybox-1
  subdomain: default-subdomain
  containers:
  - image: busybox:1.28
    command:
      - sleep
      - "3600"
    name: busybox
---
apiVersion: v1
kind: Pod
metadata:
  name: busybox2
  labels:
    name: busybox
spec:
  hostname: busybox-2
  subdomain: default-subdomain
  containers:
  - image: busybox:1.28
    command:
      - sleep
      - "3600"
    name: busybox

If there exists a headless service in the same namespace as the pod and with the same name as the subdomain, the cluster’s KubeDNS Server also returns an A record for the Pod’s fully qualified hostname. For example, given a Pod with the hostname set to “busybox-1” and the subdomain set to “default-subdomain”, and a headless Service named “default-subdomain” in the same namespace, the pod will see its own FQDN as “busybox-1.default-subdomain.my-namespace.svc.cluster-domain.example”. DNS serves an A record at that name, pointing to the Pod’s IP. Both pods “busybox1” and “busybox2” can have their distinct A records. 如果在与POD相同的命名空间中存在无头服务,并且与子域相同的名称,则集群的KuBDNS服务器还返回POD的完全限定主机名的A记录。例如,给定一个主机名设置为“busybox-1”、子域设置为“default subdomain”的pod,以及同一命名空间中名为“default subdomain”的无头服务,pod将看到自己的fqdn为“busybox-1.default subdomain.my namespace.svc.cluster domain.example`”。dns在该名称处服务一个记录,指向pod的ip。“busybox1”和“busybox2”豆荚都可以有各自不同的a记录。

The Endpoints object can specify the hostname for any endpoint addresses, along with its IP.endpoints对象可以为任何端点地址及其ip指定“hostname”。

Note: Because A records are not created for Pod names, hostname is required for the Pod’s A record to be created. A Pod with no hostname but with subdomain will only create the A record for the headless service (default-subdomain.my-namespace.svc.cluster-domain.example), pointing to the Pod’s IP address. Also, Pod needs to become ready in order to have a record unless publishNotReadyAddresses=True is set on the Service. 由于没有为pod名称创建记录,因此需要使用hostname来创建pod的a记录。没有主机名但有子域的pod只会为headless服务(default subdomain.my namespace.svc.cluster domain.example)创建a记录,指向pod的ip地址。另外,POD需要准备好才能有记录,除非服务上设置了publishNotReadyAddresses=true。

Pod’s DNS Policy

DNS policies can be set on a per-pod basis. Currently Kubernetes supports the following pod-specific DNS policies. These policies are specified in the dnsPolicy field of a Pod Spec. dns策略可以基于每个pod设置。目前,kubernetes支持以下特定于pod的dns策略。这些策略在pod规范的dnspolicy字段中指定。

  • Default“: The Pod inherits the name resolution configuration from the node that the pods run on. See related discussion for more details. “默认”:pod从运行pod的节点继承名称解析配置。有关详细信息,请参阅相关讨论。
  • ClusterFirst“: Any DNS query that does not match the configured cluster domain suffix, such as “www.kubernetes.io”, is forwarded to the upstream nameserver inherited from the node. Cluster administrators may have extra stub-domain and upstream DNS servers configured. See related discussion for details on how DNS queries are handled in those cases. “clusterfirst”:任何与配置的群集域后缀不匹配的DNS查询,例如“www.kubernetes.io”,都会转发到从节点继承的上游名称服务器。群集管理员可能配置了额外的存根域和上游DNS服务器。有关在这些情况下如何处理DNS查询的详细信息,请参阅相关讨论。
  • ClusterFirstWithHostNet“: For Pods running with hostNetwork, you should explicitly set its DNS policy “ClusterFirstWithHostNet”. “clusterfirstwithhostnet”:对于使用hostnetwork运行的pod,应显式设置其dns策略“clusterfirstwithhostnet”。
  • None“: It allows a Pod to ignore DNS settings from the Kubernetes environment. All DNS settings are supposed to be provided using the dnsConfig field in the Pod Spec. See Pod’s DNS config subsection below. “none”:它允许pod忽略来自kubernetes环境的dns设置。所有DNS设置都应该使用POD规范中的dns config字段提供。请参阅下面POD的DNS配置小节。

Note: “Default” is not the default DNS policy. If dnsPolicy is not explicitly specified, then “ClusterFirst” is used. 注意:“默认”不是默认的DNS策略。如果未显式指定dnspolicy,则使用“clusterfirst”。

The example below shows a Pod with its DNS policy set to “ClusterFirstWithHostNet” because it has hostNetwork set to true. 下面的示例显示了一个pod,它的dns策略设置为“clusterfirstwithhostnet”,因为它的hostnetwork设置为true。

apiVersion: v1
kind: Pod
metadata:
  name: busybox
  namespace: default
spec:
  containers:
  - image: busybox:1.28
    command:
      - sleep
      - "3600"
    imagePullPolicy: IfNotPresent
    name: busybox
  restartPolicy: Always
  hostNetwork: true
  dnsPolicy: ClusterFirstWithHostNet

Pod’s DNS Config

Pod’s DNS Config allows users more control on the DNS settings for a Pod. POD的DNS配置允许用户对POD的DNS设置进行更多控制。

The dnsConfig field is optional and it can work with any dnsPolicy settings. However, when a Pod’s dnsPolicy is set to “None”, the dnsConfig field has to be specified. dnsconfig字段是可选的,它可以使用任何dnspolicy设置。但是,当pod的dnspolicy设置为“none”时,必须指定dnsconfig字段。

Below are the properties a user can specify in the dnsConfig field: 以下是用户可以在dnsconfig字段中指定的属性:

  • nameservers: a list of IP addresses that will be used as DNS servers for the Pod. There can be at most 3 IP addresses specified. When the Pod’s dnsPolicy is set to “None”, the list must contain at least one IP address, otherwise this property is optional. The servers listed will be combined to the base nameservers generated from the specified DNS policy with duplicate addresses removed. 将用作POD的DNS服务器的IP地址列表。最多可以指定3个IP地址。当pod的dnspolicy设置为“none”时,列表必须至少包含一个IP地址,否则此属性是可选的。列出的服务器将合并到从指定DNS策略生成的基本名称服务器,并删除重复地址。
  • searches: a list of DNS search domains for hostname lookup in the Pod. This property is optional. When specified, the provided list will be merged into the base search domain names generated from the chosen DNS policy. Duplicate domain names are removed. Kubernetes allows for at most 6 search domains. 在POD中查找主机名的DNS搜索域列表。此属性是可选的。指定后,提供的列表将合并到从所选DNS策略生成的基本搜索域名中。将删除重复的域名。Kubernetes最多允许6个搜索域。
  • options: an optional list of objects where each object may have a name property (required) and a value property (optional). The contents in this property will be merged to the options generated from the specified DNS policy. Duplicate entries are removed. 对象的可选列表,其中每个对象可能具有名称属性(必需)和值属性(可选)。此属性中的内容将合并到从指定DNS策略生成的选项中。重复的条目将被删除。

The following is an example Pod with custom DNS settings:

service/networking/custom-dns.yaml Copy service/networking/custom-dns.yaml to clipboard

apiVersion: v1
kind: Pod
metadata:
  namespace: default
  name: dns-example
spec:
  containers:
    - name: test
      image: nginx
  dnsPolicy: "None"
  dnsConfig:
    nameservers:
      - 1.2.3.4
    searches:
      - ns1.svc.cluster-domain.example
      - my.dns.search.suffix
    options:
      - name: ndots
        value: "2"
      - name: edns0

When the Pod above is created, the container test gets the following contents in its /etc/resolv.conf file: 创建上述pod时,容器测试将在其/etc/resolv.conf文件中获取以下内容:

nameserver 1.2.3.4
search ns1.svc.cluster-domain.example my.dns.search.suffix
options ndots:2 edns0

For IPv6 setup, search path and name server should be setup like this: 对于IPv6设置,搜索路径和名称服务器的设置应如下所示:

kubectl exec -it dns-example -- cat /etc/resolv.conf

The output is similar to this: 输出类似于:

nameserver fd00:79:30::a
search default.svc.cluster-domain.example svc.cluster-domain.example cluster-domain.example
options ndots:5

Feature availability

The availability of Pod DNS Config and DNS Policy “None”” is shown as below. POD DNS配置和DNS策略“无”的可用性如下所示。

k8s version Feature support
1.14 Stable
1.10 Beta (on by default)
1.9 Alpha

What's next

For guidance on administering DNS configurations, check Configure DNS Service

Feedback

Was this page helpful?

k8s
本作品采用《CC 协议》,转载必须注明作者和本文链接
《L04 微信小程序从零到发布》
从小程序个人账户申请开始,带你一步步进行开发一个微信小程序,直到提交微信控制台上线发布。
《G01 Go 实战入门》
从零开始带你一步步开发一个 Go 博客项目,让你在最短的时间内学会使用 Go 进行编码。项目结构很大程度上参考了 Laravel。
讨论数量: 0
(= ̄ω ̄=)··· 暂无内容!

讨论应以学习和精进为目的。请勿发布不友善或者负能量的内容,与人为善,比聪明更重要!