Kubernetes，无法通过DNS挂载NFS共享 [英] Kubernetes, cannot mount NFS share via DNS

问题描述

我正在尝试通过DNS查找在容器中挂载NFS共享(在k8s群集之外)，我的配置如下

I am trying to mount a NFS share (outside of k8s cluster) in my container via DNS lookup, my config is as below

apiVersion: v1
kind: Pod
metadata:
  name: service-a
spec:
  containers:
  - name: service-a
    image: dockerregistry:5000/centOSservice-a
    command: ["/bin/bash"]
    args: ["/etc/init.d/jboss","start"]
    volumeMounts:
      - name: service-a-vol
        mountPath: /myservice/por/data
  volumes:
    - name: service-a-vol
      nfs:
        server: nfs.service.domain
        path: "/myservice/data"
  restartPolicy: OnFailure 

nfs.service.domin的nslookup在我的容器中工作正常.这是通过StubDomain实现的.但是，在创建容器时，它无法解析nfs服务器.错误:

nslookup of nfs.service.domin works fine from my container. This is achiveded via StubDomain . However when creating the container it fails to resolve the nfs server. Error:

Warning  FailedMount  <invalid>  kubelet, worker-node-1  MountVolume.SetUp failed for volume "service-a-vol" : mount failed: exit status 32
Mounting command: systemd-run
Mounting arguments: --description=Kubernetes transient mount for /var/lib/kubelet/pods/44aabfb8-2767-11e8-bcf9-fa163ece9426/volumes/kubernetes.io~nfs/service-a-vol --scope -- mount -t nfs nfs.service.domain:/myservice/data /var/lib/kubelet/pods/44aabfb8-2767-11e8-bcf9-fa163ece9426/volumes/kubernetes.io~nfs/service-a-vol
Output: Running scope as unit run-27293.scope.
mount.nfs: Failed to resolve server nfs.service.domain: Name or service not known
mount.nfs: Operation already in progress

如果我将server: nfs.service.domain修改为server: 10.10.1.11，则效果很好！总结一下

If i modify server: nfs.service.domain to server: 10.10.1.11 this works fine! So to summarise

1. 该服务的DNS解析正常
2. 不通过DNS解析安装
3. 通过特定IP地址进行安装
4. 我尝试使用Headless Service而不是StubDomain，但是存在相同的问题

1. DNS resolution of the service works fine
2. Mounting via DNS resolution does not
3. Mounting via specific IP address works
4. I have tried Headless Service instead of StubDomain but the same issue exists

非常感谢任何帮助

更新1 :如果我在worker/master节点10.10.1.11 nfs.service.domain的/etc/hosts文件中添加一个条目，则我在server: nfs.service.domain之上的配置有效.显然这不是理想的解决方法...

Update 1: If i add an entry in the /etc/hosts files of worker/master nodes 10.10.1.11 nfs.service.domain then my configuration above server: nfs.service.domain works. This is obviously not a desired workaround...

推荐答案

由@Giorgio Cerruti指出并在此github票证等当前无法实现，因为该节点需要能够解析DNS条目，并且不能解析kube-dns.两种可能的解决方案是:

As pointed out by @Giorgio Cerruti and as referenced in this github ticket among others this is currently not possible as the node needs to be able to resolve the DNS entry and it does not resolve kube-dns. Two possible solutions are:

1. 更新每个kubernetes节点的/etc/hosts以解析NFS端点(按照上面的更新).这是一个原始的解决方案.

2. 对此NFS服务和同一域(与NFS)相同的任何其他远程服务有效的更强大的修复程序是，将远程DNS服务器添加到kubernetes节点resolv.conf

1. Update /etc/hosts of each kubernetes node to resolve the NFS endpoint (as per update above). This is a primitive solution.

2. A more robust fix that would work for this NFS service and any other remote service in the same domain (as NFS) is to add the remote DNS server to the kubernetes nodes resolv.conf

someolddomain.org service.domain xx.xxx.xx nameserver 10.10.0.12 nameserver 192.168.20.22 nameserver 8.8.4.4

someolddomain.org service.domain xx.xxx.xx nameserver 10.10.0.12 nameserver 192.168.20.22 nameserver 8.8.4.4

这篇关于Kubernetes，无法通过DNS挂载NFS共享的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！