参考链接:https://kubernetes.io/zh/docs/concepts/services-networking/dns-pod-service/
清除 Pod 预设 DNS 配置,当 dnsPolicy 设置成为这个值之后, kubernetes 不会为 Pod 预先加载任何逻辑用于判定得到 DNS 的配置。因此若将 dnsPolicy 设置为 None , 为了避免 Pod 里面没有 DNS 配置,最好通过 dnsConfig 来描述自定义的 DNS 参数。如下所示:
apiVersion: v1
kind: Pod
metadata:
name: busybox-test
spec:
restartPolicy: onFailure
dnsPolicy: None
dnsConfig:
nameservers:
- 114.114.114.114
- 8.8.8.8
searches:
- test.svc.cluster.local
options:
- name: ndots
value: "5"
containers:
- name: busybox
image: busybox:1.28
imagePullPolicy: IfNotPresent
command:
- "sleep"
- "600"
# 查看dns配置 [root@k8s-master-1 learn]# kubectl exec busybox-test -- cat /etc/resolv.conf nameserver 114.114.114.114 nameserver 8.8.8.8 search test.svc.cluster.local options ndots:5默认预设 (Default)
Pod 里面的 DNS 配置继承了宿主机上的 DNS 配置。即,该 Pod 的 DNS 配置与宿主机完全一致。默认是使用ClusterFirst
apiVersion: v1
kind: Pod
metadata:
name: busybox-test
spec:
restartPolicy: onFailure
dnsPolicy: Default
containers:
- name: busybox
image: busybox:1.28
imagePullPolicy: IfNotPresent
command:
- "sleep"
- "600"
# 查看宿主机dns信息 [root@k8s-master-1 learn]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 8.8.8.8 nameserver 114.114.114.114 # 查看busybox-test内dns信息 [root@k8s-master-1 learn]# kubectl exec busybox-test -- cat /etc/resolv.conf nameserver 8.8.8.8 nameserver 114.114.114.114集群优先 (ClusterFirst)
与 Default 相反,会预先使用 kube-dns (或 CoreDNS ) 的信息当预设置参数写入到该 Pod 内的DNS配置,k8s默认使用这个模式
apiVersion: v1
kind: Pod
metadata:
name: busybox-test
spec:
restartPolicy: onFailure
dnsPolicy: ClusterFirst
containers:
- name: busybox
image: busybox:1.28
imagePullPolicy: IfNotPresent
command:
- "sleep"
- "600"
# 查看busybox-test内dns信息 [root@k8s-master-1 learn]# kubectl exec busybox-test -- cat /etc/resolv.conf nameserver 10.0.0.10 search default.svc.cluster.local. svc.cluster.local. cluster.local. options ndots:5
注:
- 设置 hostNetwork = true 之后,会让 Pod 与该节点公用相同的网络空间(网卡/路由等)
- 如设置了 hostNetwork = true 时,ClusterFirst 会被强制转化为 Default 。如下:
[root@k8s-master-1 learn]# cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: busybox-test
spec:
restartPolicy: onFailure
dnsPolicy: ClusterFirst
hostNetwork: true
containers:
- name: busybox
image: busybox:1.28
imagePullPolicy: IfNotPresent
command:
- "sleep"
- "600"
[root@k8s-master-1 learn]# kubectl exec busybox-test -- cat /etc/resolv.conf nameserver 8.8.8.8 nameserver 114.114.114.114宿主机与 Kubernetes 共存 ( ClusterFirstWithHostNet )
这种情况下的POD,既能用host的DNS服务,又能使用集群内,需要将hostNetwork打开
同时使用 hostNetwork 与 kube-dns 作为 Pod 预设 DNS 配置。
apiVersion: v1
kind: Pod
metadata:
name: busybox-test
spec:
restartPolicy: onFailure
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
containers:
- name: busybox
image: busybox:1.28
imagePullPolicy: IfNotPresent
command:
- "sleep"
- "600"
[root@k8s-master-1 learn]# kubectl exec busybox-test -- cat /etc/resolv.conf nameserver 10.0.0.10 search default.svc.cluster.local. svc.cluster.local. cluster.local. options ndots:5hostNetwork
To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. # 如果不加上dnsPolicy: ClusterFirstWithHostNet ,pod默认使用所在宿主主机使用的DNS,这样也会导致容器内不能通过service name 访问k8s集群中其他PODhostAlias
# pod内增加域名解析
[root@k8s-master-1 learn]# cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: busybox-test
spec:
hostAliases:
- hostnames:
- www.baidu.com
- baidu.com
ip: 103.235.46.39
containers:
- name: busybox
image: busybox:1.28
command:
- "sleep"
- "600"
# 结果,查看容器的/etc/hosts,自定义域名
[root@k8s-master-1 learn]# kubectl exec busybox-test -- cat /etc/hosts
# Kubernetes-managed hosts file.
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
fe00::0 ip6-mcastprefix
fe00::1 ip6-allnodes
fe00::2 ip6-allrouters
10.70.2.4 busybox-test
# Entries added by HostAliases.
103.235.46.39 www.baidu.com baidu.com
