外部服务的Kubernetes入口规则(具有ExternalName类型) [英] Kubernetes ingress rules for external service (with ExternalName type)
问题描述
我在尝试使用类型为ExternalName和入口控制器将流量重定向到外部服务时遇到问题.
I have issues trying to redirect the traffic to an external service using the type as ExternalName and with the ingress controller.
我收到以下错误,我可以从主机访问此主机,但不能从K8S访问该主机.IP 10.96.0.10也与kube-dns服务绑定.
I get the following error and i can access this host from the host machine but not from K8S. Alsothe IP 10.96.0.10 is tied to the kube-dns service.
解析主机"internaldnsname.com"时出错:查找internaldnsname.com在10.96.0.10:53上:没有这样的主机
Error resolving host "internaldnsname.com": lookup internaldnsname.com on 10.96.0.10:53: no such host
我想念什么?
进入规则
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: external-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/preserve-host: "false"
spec:
rules:
- host:
http:
paths:
- backend:
serviceName: external-service
servicePort: 80
path: /
服务定义
apiVersion: v1
kind: Service
metadata:
name: external-service
spec:
type: ExternalName
externalName: internaldnsname.com
推荐答案
对正在发生的事情的解释:
kube-proxy负责为外部名称以外的类型的服务实现一种虚拟IP形式
kube-proxy is responsible for implementing a form of virtual IP for Services of type other than ExternalName
入口控制器正在尝试解析具有外部服务> CNAME internaldns.com ,当您的kube-dns/coredns(10.96.0.10)尝试进行查找时,它只能找到CNAME记录,而没有
The ingress controller is trying to resolve the external-service which has CNAME internaldns.com and when your kube-dns/coredns (10.96.0.10) tries to do a lookup, it can only find CNAME record but no A record, therefore, your ingress is failing to resolve the DNS name.
当查找主机my-service.prod.svc.cluster.local时,群集DNS服务会返回一个CNAME记录,其值为my.database.example.com
When looking up the host my-service.prod.svc.cluster.local, the cluster DNS Service returns a CNAME record with the value my.database.example.com
此外,网站上有明确警告外部名称:
Moreover there is a clear warning on the website about ExternalNames:
您可能无法将ExternalName用于某些常见协议,包括HTTP和HTTPS.如果使用外部名称,则群集内客户端使用的主机名与外部名称引用的名称不同.
You may have trouble using ExternalName for some common protocols, including HTTP and HTTPS. If you use ExternalName then the hostname used by clients inside your cluster is different from the name that the ExternalName references.
TL;DR: ingress is trying to resolve a DNS using kubernetes DNS(kube-dns/coredns) which doesn't have any A record, hence fails to associate DNS to IP!
如果通过入口查找具有 internaldns.com 的A记录条目的其他DNS服务器(而不是kubernetes DNS),则可能未发生此问题,但我不确定100%是否那是可能的.
If ingress was made to lookup a different DNS server (other than kubernetes DNS) which has A record entry for internaldns.com then this problem may not have happened but I am not 100% sure if that's possible .
解决方案:-创建无头服务 无选择器,然后使用与服务相同的名称手动创建终结点.遵循示例此处
Solution: - Create a Headless service without selector and then manually create an endpoint using the same name as of the service. Follow the example here
注意:
- 在上述解决方案中,您将需要外部服务的静态IP.
- 仅当我的Pod直接希望通过Internet与第三方服务通话时,我才使用ExternalNames,也就是说,该服务托管在我的本地网络之外.我会采用这种方法,因为如果我可以通过IP在本地访问某些内容,为什么会通过与Nameserver解析DNS名称来降低性能!
这篇关于外部服务的Kubernetes入口规则(具有ExternalName类型)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
