如何在 k8s 集群的 kube-flannel-ds pod 中配置 /etc/resolv.conf?

tag-icon tag-icon kubernetes nameserver
如何在 k8s 集群的 kube-flannel-ds pod 中配置 /etc/resolv.conf?

我正在运行一个 kubernetes 集群(裸机;v1.23),其中有一个主节点和三个从节点。我使用 flannel(v0.19.2)作为 pod 网络。

在我的系统日志中,我看到类似这样的错误:Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 46.38.252.230 46.38.225.230 2a03:4000:8000::fce6,其根源在于kube-flannel-dspod。在 pod 内部,我看到:

$ cat /etc/resolv.conf

nameserver 46.38.252.230
nameserver 46.38.225.230
nameserver 2a03:4000:0:1::e1e6
search

由于超过三行,所以出现错误信息。但我不确定如何解决这个问题,因为我不知道这个conf文件是如何生成的。

在创建 k8s 集群时我做了:kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/v0.19.2/Documentation/kube-flannel.yml >> pod_network_setup.txt

更新

工作节点在 ubuntu 22.04 机器上运行。

猫/etc/resolv.conf

# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search .

resolvectl 状态

Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
Current DNS Server: 46.38.252.230
       DNS Servers: 46.38.252.230 46.38.225.230 2a03:4000:8000::fce6 2a03:4000:0:1::e1e6

Link 2 (eth0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (docker0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

答案1

如果dnsPolicy设置为Default,Kubernetes pod 将从其所在的工作节点继承 DNS 配置。

根据您的工作 Linux 发行版和其他详细信息,您可能会在以下位置找到该配置:

  • /etc/resolv.conf

  • /etc/dhcp/dhclient.conf

  • /etc/sysconfig/network-scripts/(Fedora、Centos 和 RHEL)

相关内容