配置Kubernetes DNS名称服务器
我有一个无法解析域的IP地址的POD。 DNS条目是在Windows AD网络上设置的,并且 node 使用这些Windows服务器作为DNS,并且 can 正确解析了IP。
但是,当我运行POD时,它会拾取K8S DNS服务器(例如10.43.0.10),该服务器以某种方式不使用父节点的DNS服务器,但仅使用外部dns服务器,因此可以解决EG google.com,但我的内部DNS不能解决。唯一的并发症是该域有外部SOA记录(带有公共DNS条目),但是如果仅查询AD服务器,则不应使用此记录。
有很多文档谈论集群本身的DNS,但我无法弄清楚群集如何配置DNS来解决外部域。
I have a pod that cannot resolve the IP address for a domain. The DNS entry is setup on a Windows AD network and the node uses these windows servers for DNS and can correctly resolve the IP.
However, when I run a pod, it picks up a K8S DNS server (e.g. 10.43.0.10) which somehow does not use the parent node's DNS servers but is only using external ones so it can resolve e.g. google.com but not my internal DNS. The only complication is that there is an external SOA record for the domain (with public DNS entries) but this should not be used if only the AD servers are queried.
There are so many documents that talk about DNS for the cluster itself but I cannot work out how the cluster configures DNS for resolving external domains.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
因此,最终,我发现问题不是kubernetes配置,而是在Ubuntu节点上具有DNS配置。 Systemd-resolve非常复杂,并且我在接口上添加自定义名称服务器的方式意味着它们在节点上工作,但没有由Core-DNS Pod找到。
然后,我意识到,由于SystemD-resolve和最大名称服务器数量的局限性,更容易安装DNSMASQ代替SystemD,而不是简单的resolv.conf,然后我可以按预期工作。
So eventually, I found out that the issue was not with Kubernetes configuration but with the DNS configuration on the Ubuntu nodes. Systemd-resolve is pretty complicated and the way I had added the custom nameservers against the interface meant that they worked on the node but were not found by the core-dns pods.
I then realised that due to some limitations of systemd-resolve and the max number of nameservers, it was easier instead to install dnsmasq in place of systemd with a much simpler resolv.conf and then I got it to work as expected.