Kubernetes 中的 NGINX 无法解析 DNS [英] DNS does not resolve with NGINX in Kubernetes
问题描述
我有一个使用 kube-aws设置的 Kubernetes 集群一>.我正在尝试运行一个自定义 NGINX 配置,该配置使用 DNS 解析到 proxy_pass.这是 NGINX 代码块
I have a Kubernetes cluster that I setup with kube-aws. I'm trying to run a custom NGINX configuration which uses DNS resolutions to proxy_pass. Here is the NGINX block of code
location /api/v1/lead {
resolver 10.3.0.10 ipv6=off;
set $container lead-api;
proxy_pass http://$container:3000;
}
10.3.0.10 来自在 Kubernetes 中找到的 DNS 服务的集群 IP.我也试过 127.0.0.11,这是我们在 docker-compose/docker 环境中使用的.
10.3.0.10 comes from the cluster IP of the DNS service found in Kubernetes. I've also tried 127.0.0.11 which is what we use in the docker-compose/docker environments.
$ kubectl describe --namespace=kube-system service kube-dns
Name: kube-dns
Namespace: kube-system
Labels: k8s-app=kube-dns
kubernetes.io/cluster-service=true
kubernetes.io/name=KubeDNS
Selector: k8s-app=kube-dns
Type: ClusterIP
IP: 10.3.0.10
Port: dns 53/UDP
Endpoints: 10.2.26.61:53
Port: dns-tcp 53/TCP
Endpoints: 10.2.26.61:53
Session Affinity: None
此配置适用于使用 docker-compose 的三种不同环境.但是我在 Kubernetes 集群的 NGINX 日志中收到以下错误
This configuration works well on three different environments which use docker-compose. However I get the following error in the NGINX logs of the Kubernetes cluster
[error] 9#9: *20 无法解析lead-api (2: Server failure), client: 10.2.26.0, server: , request: "GET/api/v1/lead/661DF757-722B-41BB-81BD-C7FD398BBC88 HTTP/1.1"
[error] 9#9: *20 lead-api could not be resolved (2: Server failure), client: 10.2.26.0, server: , request: "GET /api/v1/lead/661DF757-722B-41BB-81BD-C7FD398BBC88 HTTP/1.1"
如果我在 NGINX pod 中运行 nslookup,我可以使用相同的 dns 服务器解析主机:
If I run nslookup within the NGINX pod I can resolve the host with the same dns server:
$ kubectl exec nginx-1855584872-kdiwh -- nslookup lead-api
Server: 10.3.0.10
Address: 10.3.0.10#53
Name: lead-api.default.svc.cluster.local
Address: 10.3.0.167
我不知道这是否重要,但请注意错误的服务器"部分是空的.当我查看 dnsmasq 的 pod 日志时,我看不到任何相关内容.如果我将 NGINX 块更改为对 proxy_pass 进行硬编码,则它可以正常解决.但是,我还有其他需要动态代理名称的配置.我可以通过这种方式对每个上游进行硬编码,但我想知道如何使 DNS 解析器工作.
I don't know if it matters or not, but notice the "server" part of the error is empty. When I look at the pod logs for dnsmasq I don't see anything relevant. If I change the NGINX block to hardcode the proxy_pass then it resolves fine. However, I have other configurations that require dynamic proxy names. I could hard code every upstream this way, but I want to know how to make the DNS resolver work.
location /api/v1/lead {
proxy_pass http://lead-api:3000;
}
推荐答案
解析名称失败,因为您需要使用完全限定域名.也就是说,你应该使用:
Resolving the name fails because you need to use the Full Qualified Domain name. That is, you should use:
lead-api.
不仅仅是
lead-api
仅使用主机名通常会起作用,因为在 kubernetes 中,resolv.conf
配置了搜索域,因此您通常不需要提供服务的 FQDN.例如:
Using just the hostname will usually work because in kubernetes the resolv.conf
is configured with search domains so that you don't usually need to provide a service's FQDN. e.g:
search default.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.3.240.10
options ndots:5
但是,当您告诉 nginx 使用自定义解析器时,必须指定 FQDN,因为它无法从这些域搜索规范中受益.
However, specifying the FQDN is necessary when you tell nginx to use a custom resolver because it does not get the benefit of these domain search specs.
这篇关于Kubernetes 中的 NGINX 无法解析 DNS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!