在专用子网中运行时，AWS EKS上的DNS问题 [英] DNS problem on AWS EKS when running in private subnets

问题描述

我在VPC中有一个EKS群集设置.工作程序节点在专用子网中启动.我可以成功部署Pod和服务.

I have an EKS cluster setup in a VPC. The worker nodes are launched in private subnets. I can successfully deploy pods and services.

但是，我无法从Pod内执行DNS解析. (它在容器外部的工作节点上工作正常.)

However, I'm not able to perform DNS resolution from within the pods. (It works fine on the worker nodes, outside the container.)

使用 https://kubernetes.io/docs/tasks进行故障排除/administer-cluster/dns-debugging-resolution/从nslookup中产生以下结果(大约一分钟后超时):

Troubleshooting using https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/ results in the following from nslookup (timeout after a minute or so):

服务器:172.20.0.0.10 地址1:172.20.0.10

Server: 172.20.0.10 Address 1: 172.20.0.10

nslookup:无法解析"kubernetes.default"

nslookup: can't resolve 'kubernetes.default'

当我在所有公共VPC中启动群集时，我没有这个问题.我是否从私有子网中缺少DNS解析的任何必要步骤?

When I launch the cluster in an all-public VPC, I don't have this problem. Am I missing any necessary steps for DNS resolution from within a private subnet?

非常感谢， 丹尼尔

推荐答案

我觉得我必须给一个正确的答案，因为遇到这个问题就是我连续10个小时进行调试的答案.正如@Daniel在他的评论中所说，我发现的问题是我的ACL阻止了UDP端口53上的出站流量，这显然是kubernetes用来解析DNS记录的.

I feel like I have to give this a proper answer because coming upon this question was the answer to 10 straight hours of debugging for me. As @Daniel said in his comment, the issue I found was with my ACL blocking outbound traffic on UDP port 53 which apparently kubernetes uses to resolve DNS records.

这个过程对我来说尤其令人困惑，因为我的其中一个Pod实际上一直在工作，因为(我认为?)它恰好与kubernetes DNS解析器位于同一区域.

The process was especially confusing for me because one of my pods worked actually worked the entire time since (I think?) it happened to be in the same zone as the kubernetes DNS resolver.

这篇关于在专用子网中运行时，AWS EKS上的DNS问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！