Kubernetes 集群的 DNS 问题：无法访问任何服务器

2024-6-2 • tag-icon

我仍然遇到 DNS 和网络问题，而且我处于死机状态，正在寻找提示和建议

加起来：

按照此处的指示：https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/我检查了 DNS 是否正常工作。但出现了以下错误：

root@k8s-eu-1-master:~# kubectl exec -ti dnsutils -- cat /etc/resolv.conf
search default.svc.cluster.local svc.cluster.local cluster.local invalid
nameserver 10.96.0.10
options ndots:5

是：dns podrunning

root@k8s-eu-1-master:~# kubectl get pods --namespace=kube-system -l k8s-app=kube-dns
NAME                       READY   STATUS    RESTARTS   AGE
coredns-5dd5756b68-k25bf   1/1     Running   0          11m
coredns-5dd5756b68-z6wpn   1/1     Running   0          11m

看起来log不错Core DNS：

root@k8s-eu-1-master:~# kubectl logs --namespace=kube-system -l k8s-app=kube-dns
.:53
[INFO] plugin/reload: Running configuration SHA512 = 591cf328cccc12bc490481273e738df59329c62c0b729d94e8b61db9961c2fa5f046dd37f1cf888b953814040d180f52594972691cd6ff41be96639138a43908
CoreDNS-1.10.1
linux/amd64, go1.20, 055b2c3
.:53
[INFO] plugin/reload: Running configuration SHA512 = 591cf328cccc12bc490481273e738df59329c62c0b729d94e8b61db9961c2fa5f046dd37f1cf888b953814040d180f52594972691cd6ff41be96639138a43908
CoreDNS-1.10.1
linux/amd64, go1.20, 055b2c3

是：DNS Serviceup

root@k8s-eu-1-master:~# kubectl get svc --namespace=kube-system
NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
kube-dns   ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   57m

包括：DNS endpointsexposed

root@k8s-eu-1-master:~# kubectl get endpoints kube-dns --namespace=kube-system
NAME       ENDPOINTS                                                        AGE
kube-dns   192.168.151.1:53,192.168.151.2:53,192.168.151.1:53 + 3 more...   13m

Core DNS具有足够的权限：

root@k8s-eu-1-master:~# kubectl describe clusterrole system:coredns -n kube-system
Name:         system:coredns
Labels:       <none>
Annotations:  <none>
PolicyRule:
  Resources                        Non-Resource URLs  Resource Names  Verbs
  ---------                        -----------------  --------------  -----
  endpoints                        []                 []              [list watch]
  namespaces                       []                 []              [list watch]
  pods                             []                 []              [list watch]
  services                         []                 []              [list watch]
  endpointslices.discovery.k8s.io  []                 []              [list watch]

ping google 没问题：

root@k8s-eu-1-master:~# ping google.com
PING google.com (142.250.179.174) 56(84) bytes of data.
64 bytes from ams15s41-in-f14.1e100.net (142.250.179.174): icmp_seq=1 ttl=118 time=8.56 ms
64 bytes from ams15s41-in-f14.1e100.net (142.250.179.174): icmp_seq=2 ttl=118 time=8.66 ms
64 bytes from ams15s41-in-f14.1e100.net (142.250.179.174): icmp_seq=3 ttl=118 time=9.96 ms
64 bytes from ams15s41-in-f14.1e100.net (142.250.179.174): icmp_seq=4 ttl=118 time=19.4 ms
64 bytes from ams15s41-in-f14.1e100.net (142.250.179.174): icmp_seq=5 ttl=118 time=8.34 ms
^C
--- google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 8.338/10.993/19.441/4.261 ms

根据这些迹象：https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues 我添加了/etc/systemd/system/kubelet.service.d/10-kubeadm.conf这两行：

Environment="KUBELET_EXTRA_ARGS=--resolv-conf=/run/systemd/resolve/resolv.conf"
Environment="KUBELET_EXTRA_ARGS=--resolv-conf=dnsmasq"

但 DNS 问题仍然存在。我还能做什么？

相关内容