Coredns无法访问主机名称服务器 [英] Coredns couldn't reach to Host Nameserver

问题描述

我已经按照Kelsey Hightower的指示从头开始创建了一个kubernetes集群.经过检查，一切正常，没有任何错误，但是在部署了第一个应用程序后，我发现我的应用程序无法解析DNS.

I've created a kubernetes cluster from scratch as the directions of Kelsey Hightower. As I checked, everything works without any error but after I've deployed my first application, I figured out my application couldn't resolve the DNSes.

我检查了我的coredns日志，并看到以下条目:

I've checked my coredns logs and saw below entries :

.:53
2018/10/16 12:31:45 [INFO] CoreDNS-1.2.2
2018/10/16 12:31:45 [INFO] linux/amd64, go1.11, eb51e8b
CoreDNS-1.2.2
linux/amd64, go1.11, eb51e8b
2018/10/16 12:31:45 [INFO] plugin/reload: Running configuration MD5 = 06122de1a2d6c43092ab48d05478dc82
2018/10/16 12:44:27 [ERROR] 2 google.com. A: unreachable backend: read udp 192.168.65.142:51219->172.10.0.2:53: i/o timeout
2018/10/16 12:44:29 [ERROR] 2 google.com. A: unreachable backend: read udp 192.168.65.142:39967->172.10.0.2:53: i/o timeout
2018/10/16 12:44:31 [ERROR] 2 google.com. A: unreachable backend: read udp 192.168.65.142:40187->172.10.0.2:53: i/o timeout

加上Kelsey的文档，我已经在Docker之上安装了calico.

Plus to Kelsey's documentation, I've installed calico on top of Docker.

我的怀疑:

我已经在Docker之上安装了Calico，但是我的kubelet运行时已配置为可与Containerd一起使用.我要塞入印花布吊舱，并且好像它具有网络.但是没有一个带容器的豆荚.但是我找不到在Containered上运行calico的方法.

I've installed Calico on top of Docker, but my kubelet runtime has been configured to work with Containerd. I'm sshing into calico pod and seems it has network. But none of the containerd pods. But I couldn't find a way to run calico over Containerd.

我的Kubelet服务配置:

My Kubelet Service Configuration :

[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=containerd.service
Requires=containerd.service

[Service]
ExecStart=/usr/bin/kubelet \
  --container-runtime=remote \
  --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock \
  --image-pull-progress-deadline=2m \
  --config=/var/lib/kubelet/kubelet-config.yaml \
  --kubeconfig=/var/lib/kubelet/kubeconfig-kubelet \
  --network-plugin=cni \
  --cni-conf-dir=/etc/cni/net.d \
  --cni-bin-dir=/opt/cni/bin \
  --register-node=true \
  --cloud-provider=aws \
  --v=2

Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

还有我的kubelet配置yaml文件:

And my kubelet config yaml file :

kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
  anonymous:
    enabled: false
  webhook:
    enabled: true
  x509:
    clientCAFile: "/etc/kubernetes/pki/ca.pem"
authorization:
  mode: Webhook
clusterDomain: "${cluster_domain}"
clusterDNS:
  - "172.10.0.10"
podCIDR: "172.10.0.0/16"
resolvConf: "/run/systemd/resolve/resolv.conf"
runtimeRequestTimeout: "15m"
tlsCertFile: "/etc/kubernetes/pki/worker.pem"
tlsPrivateKeyFile: "/etc/kubernetes/pki/worker-key.pem"

我在节点计算机上的resolv.conf文件:

My resolv.conf file on the node machine :

nameserver 172.10.0.2

我看到Pod可以连接到coredns pod，但是coredns无法通过端口53连接到172.10.0.2.在主机上，我可以telnet到该端口并得到答案.

I can see that pods could connect to coredns pod but coredns couldn't connect to 172.10.0.2 over port 53. On the host machine, I could telnet to this port and getting answer.

最好

推荐答案

这是一个棘手的问题.我遇到了相同的问题，并通过以下方式解决了它，它也应该为您工作.要将Calico安装到您的群集，您需要修补Calico YAML.依靠文档，如何安装印花棉布:

It is a tricky question. I experienced the same issue and solved in the following way, It should work for you too. To install Calico to your cluster you need to patch the Calico YAML. Rely on documentation, how to install Calico:

要实现您的目标，您需要: 为Calico创建RBAC:

To achieve your goal you need to: Create RBAC for Calico:

kubectl apply -f \
https://docs.projectcalico.org/v3.2/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml

使用Calico的配置下载YAML:

Download the YAML with the configuration of Calico:

curl \
https://docs.projectcalico.org/v3.2/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml -o

编辑文件calico.yaml:

- name: CALICO_IPV4POOL_CIDR
   value: "10.200.0.0/16"

将value粘贴到value部分中，然后保存. 并应用它:

Paste into the section value the 10.200.0.0/16 than save. and apply it:

kubectl apply -f calico.yaml

这篇关于Coredns无法访问主机名称服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！