Kubernetes 中的 NGINX 无法解析 DNS [英] DNS does not resolve with NGINX in Kubernetes

问题描述

我有一个使用 kube-aws.我正在尝试运行一个自定义 NGINX 配置，该配置使用 DNS 解析到 proxy_pass.这是 NGINX 代码块

I have a Kubernetes cluster that I setup with kube-aws. I'm trying to run a custom NGINX configuration which uses DNS resolutions to proxy_pass. Here is the NGINX block of code

location /api/v1/lead {
  resolver 10.3.0.10 ipv6=off;
  set $container lead-api;
  proxy_pass http://$container:3000;
}

10.3.0.10 来自在 Kubernetes 中找到的 DNS 服务的集群 IP.我也试过 127.0.0.11，这是我们在 docker-compose/docker 环境中使用的.

10.3.0.10 comes from the cluster IP of the DNS service found in Kubernetes. I've also tried 127.0.0.11 which is what we use in the docker-compose/docker environments.

$ kubectl describe --namespace=kube-system service kube-dns
Name:                   kube-dns
Namespace:              kube-system
Labels:                 k8s-app=kube-dns
                        kubernetes.io/cluster-service=true
                        kubernetes.io/name=KubeDNS
Selector:               k8s-app=kube-dns
Type:                   ClusterIP
IP:                     10.3.0.10
Port:                   dns     53/UDP
Endpoints:              10.2.26.61:53
Port:                   dns-tcp 53/TCP
Endpoints:              10.2.26.61:53
Session Affinity:       None

此配置适用于使用 docker-compose 的三种不同环境.但是我在 Kubernetes 集群的 NGINX 日志中收到以下错误

This configuration works well on three different environments which use docker-compose. However I get the following error in the NGINX logs of the Kubernetes cluster

[error] 9#9: *20 无法解析lead-api (2: Server failure), client: 10.2.26.0, server: , request: "GET/api/v1/lead/661DF757-722B-41BB-81BD-C7FD398BBC88 HTTP/1.1"

[error] 9#9: *20 lead-api could not be resolved (2: Server failure), client: 10.2.26.0, server: , request: "GET /api/v1/lead/661DF757-722B-41BB-81BD-C7FD398BBC88 HTTP/1.1"

如果我在 NGINX pod 中运行 nslookup，我可以使用相同的 dns 服务器解析主机:

If I run nslookup within the NGINX pod I can resolve the host with the same dns server:

$ kubectl exec nginx-1855584872-kdiwh -- nslookup lead-api
Server:         10.3.0.10
Address:        10.3.0.10#53

Name:   lead-api.default.svc.cluster.local
Address: 10.3.0.167

我不知道这是否重要，但请注意错误的服务器"部分是空的.当我查看 dnsmasq 的 pod 日志时，我看不到任何相关内容.如果我将 NGINX 块更改为对 proxy_pass 进行硬编码，则它可以正常解决.但是，我还有其他需要动态代理名称的配置.我可以通过这种方式对每个上游进行硬编码，但我想知道如何使 DNS 解析器工作.

I don't know if it matters or not, but notice the "server" part of the error is empty. When I look at the pod logs for dnsmasq I don't see anything relevant. If I change the NGINX block to hardcode the proxy_pass then it resolves fine. However, I have other configurations that require dynamic proxy names. I could hard code every upstream this way, but I want to know how to make the DNS resolver work.

location /api/v1/lead {
  proxy_pass http://lead-api:3000;
}

推荐答案

解析名称失败，因为您需要使用完全限定域名.也就是说，你应该使用:

Resolving the name fails because you need to use the Full Qualified Domain name. That is, you should use:

lead-api..svc.cluster.local

不仅仅是

lead-api

仅使用主机名通常会起作用，因为在 kubernetes 中，resolv.conf 配置了搜索域，因此您通常不需要提供服务的 FQDN.例如:

Using just the hostname will usually work because in kubernetes the resolv.conf is configured with search domains so that you don't usually need to provide a service's FQDN. e.g:

search default.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.3.240.10
options ndots:5

但是，当您告诉 nginx 使用自定义解析器时，必须指定 FQDN，因为它无法从这些域搜索规范中受益.

However, specifying the FQDN is necessary when you tell nginx to use a custom resolver because it does not get the benefit of these domain search specs.

这篇关于Kubernetes 中的 NGINX 无法解析 DNS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！