与 dns 名称的 Pod 间通信在 kubernetes 中不起作用
[英]Inter pods communication with dns name not working in kubernetes
问题描述
I have installed Kubernetes(1.17.3) on one server(not VM) with flannel(v0.11.0-amd64) using kubeadm.
我已经使用 kubeadm 在一台带有 flannel(v0.11.0-amd64) 的服务器(不是 VM)上安装了 Kubernetes(1.17.3)。 Then i installed grafana and prometheus and can access both on NodePort http://<serverip>:31000然后我安装了 grafana 和 prometheus 并且可以在 NodePort http://<serverip>:31000上访问两者
Now when i tries to access prometheus service from grafana its giving error Could not resolve host: prometheus-server;现在,当我尝试从 grafana 访问普罗米修斯服务时,它给出的错误Could not resolve host: prometheus-server;
I start troubleshooting and perform following steps我开始故障排除并执行以下步骤
verified that podsCIDR is configurered
验证 podsCIDR 已配置kubectl get nodes -o jsonpath='{.items[*].spec.podCIDR}' 10.244.0.0/24Curl on IPs and DNS Name of service
IP 上的 Curl 和 DNS 服务名称# curl 10.244.0.33:9090 <a href="/prometheus/graph">Found</a># curl 10.109.215.27:9090 <a href="/prometheus/graph">Found</a># curl http://prometheus-server:9090 curl: (6) Could not resolve host: prometheus-server; Unknown errorMy /etc/resolv.conf was empty and i added below entry but still no success
我的 /etc/resolv.conf 是空的,我在下面添加了条目但仍然没有成功search cluster.local nameserver <IP of Server>Following is output of CoreDNS logs
以下是 CoreDNS 日志的 outputkubectl logs -f coredns-6955765f44-cnhtz -n kube-system.:53 [INFO] plugin/reload: Running configuration MD5 = 4e235fcc3696966e76816bcd9034ebc7 CoreDNS-1.6.5 linux/amd64, go1.13.4, c2fd1b2 [ERROR] plugin/errors: 2 2339874627451903403.2757028323724952357. HINFO: read udp 10.244.0.13:38879->8.8.4.4:53: read: no route to host [ERROR] plugin/errors: 2 2339874627451903403.2757028323724952357. HINFO: read udp 10.244.0.13:53266->8.8.4.4:53: i/o timeout [ERROR] plugin/errors: 2 2339874627451903403.2757028323724952357. HINFO: read udp 10.244.0.13:37289->8.8.8.8:53: i/o timeout [ERROR] plugin/errors: 2 2339874627451903403.2757028323724952357. HINFO: read udp 10.244.0.13:44281->8.8.4.4:53: read: no route to host
Update1:更新1:
In response to @KoopaKiller I run curl http://prometheus-server:9090 ?为了响应@KoopaKiller,我运行 curl http://prometheus-server:9090 ? from host and from grafana pod (from grafana pods infact its not responding to IPs).来自主机和 grafana pod(来自 grafana pod 实际上它没有响应 IP)。 I installed prometheus and grafana with manifest and both are in same namespace.我用清单安装了 prometheus 和 grafana,它们都在同一个命名空间中。
kubectl get pods -A
NAMESPACE NAME READY STATUS
kube-system coredns-6955765f44-cnhtz 1/1 Running
kube-system coredns-6955765f44-d9wrj 1/1 Running
kube-system kube-flannel-ds-amd64-rbsbv 1/1 Running
kube-system kube-proxy-nblnq 1/1 Running
monitoring-logging grafana-b57ccddf9-p7w2q 1/1 Running
monitoring-logging prometheus-server-65d7dc7999-frd8k 2/2 Running
One more thing which i observed in events of coredns is about missing file "/run/flannel/subnet.env" but file is available it look like it get recreate on every reboot and CoreDNS find it very late.我在 coredns 事件中观察到的另一件事是缺少文件“/run/flannel/subnet.env”,但文件可用,看起来每次重新启动时都会重新创建,CoreDNS 发现它很晚。
Events:
Type Reason Message
---- ------ -------
Warning FailedCreatePodSandBox Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "d69af6411310ae3c4865a3ddce0667a40092b0dcf55eb5f8ddb642e503dcc0c5" network for pod "coredns-6955765f44-d9wrj": networkPlugin cni failed to set up pod "coredns-6955765f44-d9wrj_kube-system" network: open /run/flannel/subnet.env: no such file or directory
Warning FailedCreatePodSandBox Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "b6199b3ce4a769c0ccfef6f247763beb1ca0231de52f6309d2b2f122844746ee" network for pod "coredns-6955765f44-d9wrj": networkPlugin cni failed to set up pod "coredns-6955765f44-d9wrj_kube-system" network: open /run/flannel/subnet.env: no such file or directory
Normal SandboxChanged Pod sandbox changed, it will be killed and re-created.
Warning FailedCreatePodSandBox Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "097dbf97858d8ea3510e8337eb9b0bc8baf966ab51a2a56971e8ae54c5b516a6" network for pod "coredns-6955765f44-d9wrj": networkPlugin cni failed to set up pod "coredns-6955765f44-d9wrj_kube-system" network: open /run/flannel/subnet.env: no such file or directory
Normal Pulled Container image "k8s.gcr.io/coredns:1.6.5" already present on machine
Normal Created Created container coredns
Normal Started Started container coredns
Update2: I followed link to debug DNS and it shows result for Update2:我按照链接调试 DNS 并显示结果
kubectl exec -ti dnsutils -- nslookup kubernetes.default
kubectl exec dnsutils cat /etc/resolv.conf
Then i added the log plugin to the CoreDNS configuration and realize no DNS queries being received by CoreDNS, i disabled my firewalld and everything start working as expectation, But why its not working with firewalld my open ports are following, it has ports for flannel too然后我将日志插件添加到CoreDNS配置中,并实现CoreDNS没有收到DNS查询,我禁用了我的firewalld,一切都开始按预期工作,但是为什么它不能与firewalld一起工作,我的开放端口如下,它也有法兰绒端口
firewall-cmd --list-ports
6443/tcp 2379-2380/tcp 10250/tcp 10251/tcp 10252/tcp 30000-32767/tcp 8080/tcp 8443/tcp 8285/udp 8472/udp 502/tcp
1 个解决方案
解决方案1
4 已采纳 2020-04-16 17:39:22
To make it work without disabling firewalld i have to add below rule and everything start working with dnsnames为了使其在不禁用防火墙的情况下工作,我必须添加以下规则,一切都开始使用 dnsnames
firewall-cmd --add-masquerade --permanent
firewall-cmd --reload
systemctl restart firewalld
I got hint from below link, but will look into more details why we need it?我从下面的链接中得到了提示,但会更详细地了解我们为什么需要它?
How can I use Flannel without disabing firewalld (Kubernetes) 如何在不禁用 firewalld (Kubernetes) 的情况下使用 Flannel
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.