networking - Kubernetes:无法访问的后端:阅读udp 10.200.0.9:46159->183.60.83.19:53:I/O超时

我使用kubernetes v12，我的系统是ubuntu16。

我使用以下命令创建DNS资源。

wget https://raw.githubusercontent.com/coredns/deployment/master/kubernetes/coredns.yaml.sed

wget https://raw.githubusercontent.com/coredns/deployment/master/kubernetes/deploy.sh
bash deploy.sh -i 10.32.0.10 -r "10.32.0.0/24" -s -t coredns.yaml.sed | kubectl apply -f -

创建coredns资源后:我检查资源状态。

检查coredns服务

root@master:~# kubectl get svc -n kube-system
NAME           TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)    AGE
calico-typha   ClusterIP   10.32.0.10   <none>        5473/TCP   13h

检查代码DNS pod端点

root@master:~# kubectl get ep -n kube-system
NAME                      ENDPOINTS   AGE
calico-typha              <none>      13h
kube-controller-manager   <none>      18d
kube-scheduler            <none>      18d

我的DNS配置:

root@master:~# cat /etc/resolv.conf
nameserver 183.60.83.19
nameserver 183.60.82.98

检查CoreDNS pod日志

root@master:~# kubectl get po -n kube-system | grep coredns-7bbd44c489-5thlj
coredns-7bbd44c489-5thlj   1/1     Running   0          13h
root@master:~#
root@master:~# kubectl logs -n kube-system pod/coredns-7bbd44c489-5thlj
.:53
2019-03-16T01:37:14.661Z [INFO] CoreDNS-1.2.6
2019-03-16T01:37:14.661Z [INFO] linux/amd64, go1.11.2, 756749c
CoreDNS-1.2.6
linux/amd64, go1.11.2, 756749c
 [INFO] plugin/reload: Running configuration MD5 = 2e2180a5eeb3ebf92a5100ab081a6381
 [ERROR] plugin/errors: 2 526217177044940556.1623766979909084596. HINFO: unreachable backend: read udp 10.200.0.93:45913->183.60.83.19:53: i/o timeout
 [ERROR] plugin/errors: 2 526217177044940556.1623766979909084596. HINFO: unreachable backend: read udp 10.200.0.93:42500->183.60.82.98:53: i/o timeout
 [ERROR] plugin/errors: 2 526217177044940556.1623766979909084596. HINFO: unreachable backend: read udp 10.200.0.93:48341->183.60.82.98:53: i/o timeout
 [ERROR] plugin/errors: 2 526217177044940556.1623766979909084596. HINFO: unreachable backend: read udp 10.200.0.93:33007->183.60.83.19:53: i/o timeout
 [ERROR] plugin/errors: 2 526217177044940556.1623766979909084596. HINFO: unreachable backend: read udp 10.200.0.93:52968->183.60.82.98:53: i/o timeout
 [ERROR] plugin/errors: 2 526217177044940556.1623766979909084596. HINFO: unreachable backend: read udp 10.200.0.93:48992->183.60.82.98:53: i/o timeout
 [ERROR] plugin/errors: 2 526217177044940556.1623766979909084596. HINFO: unreachable backend: read udp 10.200.0.93:35016->183.60.83.19:53: i/o timeout
 [ERROR] plugin/errors: 2 526217177044940556.1623766979909084596. HINFO: unreachable backend: read udp 10.200.0.93:58058->183.60.82.98:53: i/o timeout
 [ERROR] plugin/errors: 2 526217177044940556.1623766979909084596. HINFO: unreachable backend: read udp 10.200.0.93:51709->183.60.83.19:53: i/o timeout
 [ERROR] plugin/errors: 2 526217177044940556.1623766979909084596. HINFO: unreachable backend: read udp 10.200.0.93:53889->183.60.82.98:53: i/o timeout
root@master:~#

我发现 CoreDNS pod ip 无法连接到节点DNS服务器ip地址。

最佳答案

您应该检查calico防火墙策略是否阻止了Pod的Internet访问。
您需要使用以下方式检查印花布的另一种想法:ipip / nat out

关于networking - Kubernetes:无法访问的后端:阅读udp 10.200.0.9:46159->183.60.83.19:53:I/O超时，我们在Stack Overflow上找到一个类似的问题：https://stackoverflow.com/questions/55201973/