如何让CoreDNS在我的Raspberry Pi Kubernetes群集上解析? [英] How can I get CoreDNS to resolve on my Raspberry Pi Kubernetes cluster?
问题描述
我已经遵循了许多在线教程,以在四个Raspberry Pi 4s上设置Kubernetes集群.我最终使用Flannel作为网络插件,因为这似乎是唯一可以在RPi上实际使用的插件,根据 arm32v7/buildpack-deps:latest 容器.它可以很好地从Docker集线器中提取映像.但是,当我将其装入其中并只需键入 curl https://www.google.com 时,它便会挂起,直到最终超时.对于我启动的任何需要与外部Internet交互的Pod来说,情况都是如此:它们挂起,挂起并挂起.
以下是我已经在每个节点上运行的所有与网络相关的命令:
sudo iptables -P FORWARD ACCEPTsudo iptables -A转发-i cni0 -j接受sudo iptables -A转发-o cni0 -j接受须藤ufw允许sshsudo ufw allow 443#不记得为什么我跑了这个sudo ufw允许6443sudo ufw allow 8080#这可能不是严格必要的须藤ufw允许10250sudo ufw默认允许路由sudo ufw启用 我不能完全确定最后两个 iptables 命令有什么作用;我从我链接的该指南的评论部分中获取了它们到更早.我知道该指南假定其中一个正在使用kube-dns,但它也已有3年的历史,所以我改用(较新的)默认值coredns.
我想念什么?我觉得我已经接近使该群集完全正常运行,但是显然我需要运行DNS!
更新:我知道这是一个DNS问题,而不是一般的Internet连接,原因有两个:(1)群集本身可以拉下我从Dockerhub指定的任何映像,以及(2)当我将Shell装入运行中的容器时具有卷曲并执行 curl -H主机:www.google.com"的主机142.250.73.206 ,它会成功返回Google主页HTML.但是如前所述,如果我尝试使用主机名执行以前的curl命令,则会超时.
正如注释中指出的: kubeadm 的配置似乎很好.
您的广告连播具有正确的/etc/resolv.conf ,并且可以正常工作.
很难轻易地确定问题所在-这里可能发生很多事情.
我的猜测: ufw 有点不对劲.
您可以轻松地证明这一点:在所有节点上禁用 ufw (使用 ufw disable ).
我不确定百分百需要哪个端口.我在单个节点k8上使用了 iptables ,一开始我在 FORWARD 与 INPUT 规则上遇到了很多问题.在docker中,所有端口均被转发.
所以我想 FORWARD -规则和/或dns端口( 53/udp 和 53/tcp )出了问题./p>
祝你好运.
I've followed a number of online tutorials to set up a Kubernetes cluster on four Raspberry Pi 4s. I ended up using Flannel as the networking plugin as that seems to be the only one that actually works on RPi, with a pod network CIDR of 10.244.0.0/16, per this guide from 2017. Most everything is working... all of the base pods in the kube-system namespace are running/healthy, and I can pull down images and launch new containers. At first I wasn't able to get any pod logs, but that was quickly remedied by opening up port 10250 on each node.
But there still seems to be a problem DNS resolution. I should clarify that DNS resolution on the hosts clearly does work, as the cluster is able to download any container image I specify. But once a container is running, it isn't able to "dial out" to anything. As a test, I'm running the arm32v7/buildpack-deps:latest container in a pod. It pulls the image from Docker hub just fine. But when I shell into it and simply type curl https://www.google.com it hangs before eventually timing out. And the same is true of any pod I launch that needs to interact with the external Internet: they hang and hang and hang.
Here are all the networking-related commands I've already run on each node:
sudo iptables -P FORWARD ACCEPT
sudo iptables -A FORWARD -i cni0 -j ACCEPT
sudo iptables -A FORWARD -o cni0 -j ACCEPT
sudo ufw allow ssh
sudo ufw allow 443 # can't remember why i ran this one
sudo ufw allow 6443
sudo ufw allow 8080 # this one might not be strictly necessary, either
sudo ufw allow 10250
sudo ufw default allow routed
sudo ufw enable
I'm not entirely sure that the last two iptables commands did anything; I grabbed them from the comment section of that guide I linked to earlier. I know that guide assumes one is using kube-dns but it's also 3 years old so I am using the (newer) default, coredns, instead.
What am I missing? I feel like I'm so close to having this cluster fully operational, but obviously I need functioning DNS!
UPDATE: I know that it's a DNS problem, and not general Internet connectivity, for two reasons: (1) the cluster itself can pull down any image I specify from Dockerhub, and (2) when I shell into a running container that has curl and execute curl -H "Host: www.google.com" 142.250.73.206, it successfully returns the Google homepage HTML. But as mentioned if I try and do my earlier curl command using the hostname, that times out.
As pointed out in the comments: The configuration of kubeadm seems fine.
Your pods have the correct /etc/resolv.conf and they should work.
It's pretty hard to clarily determine the problem - many things can be happend here.
My guess: There something not right with ufw.
You can easily proof it: Disable ufw on all nodes (with ufw disable).
I'm not hundred percent sure which ports are needed. I'm using iptables for my single node k8s and at the start I had many problems FORWARD vs INPUT rules. In docker all ports are forwarded.
So I guess there is something wrong with FORWARD-rules and/or the dns-ports (53/udp and 53/tcp).
Good luck.
这篇关于如何让CoreDNS在我的Raspberry Pi Kubernetes群集上解析?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
