问题描述

我正试图公开"kube-dns"服务，以便在Kubernetes集群之外进行查询.为此，我编辑了服务"定义，将类型"从"ClusterIP"更改为"NodePort"，这似乎很好用.

I'm trying to expose the "kube-dns" service to be available to be queried outside of the Kubernetes cluster. In order to do this I edited the "Service" definition to change "type" from "ClusterIP" to "NodePort" which seemed to work fine.

但是，当我尝试在节点端口上进行查询时，我能够获得TCP会话(使用Telnet测试)，但似乎无法从DNS服务器获得任何响应(使用dig测试).

However, when I attempt to query on the node port, I'm able to get a TCP session (testing with Telnet) but can't seem to get any response from the DNS server (testing with dig).

我已经查看了"kube-dns"容器上每个容器的日志，但是看不到任何不愉快的地方.此外，从群集内(从正在运行的容器中)查询DNS似乎没有任何问题.

I've had a look through the logs on each of the containers on the "kube-dns" Pod but can't see anything untoward. Additionally, querying the DNS from within the cluster (from a running container) appears to work without any issues.

以前有没有人尝试公开kube-dns服务?如果是这样，是否还有其他设置步骤，或者您对我有任何调试建议?

Has anyone tried to expose the kube-dns service before? If so, are there any additional setup steps or do you have any debugging advice for me?

服务定义如下:

$ kubectl get service kube-dns -o yaml --namespace kube-system
apiVersion: v1
kind: Service
metadata:
...
spec:
  clusterIP: 10.0.0.10
  ports:
  - name: dns
    nodePort: 31257
    port: 53
    protocol: UDP
    targetPort: 53
  - name: dns-tcp
    nodePort: 31605
    port: 53
    protocol: TCP
    targetPort: 53
  selector:
    k8s-app: kube-dns
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}

推荐答案

您要查询的是tcp端口还是udp端口?

Are you querying on the tcp port or the udp port?

我将kube-dns更改为NodePort服务:

I changed my kube-dns to be a NodePort service:

$ kubectl describe services kube-dns --namespace kube-system
Name:           kube-dns
Namespace:      kube-system
Labels:         k8s-app=kube-dns
            kubernetes.io/cluster-service=true
            kubernetes.io/name=KubeDNS
Selector:       k8s-app=kube-dns
Type:           NodePort
IP:         10.171.240.10
Port:           dns 53/UDP
NodePort:       dns 30100/UDP
Endpoints:      10.168.0.6:53
Port:           dns-tcp 53/TCP
NodePort:       dns-tcp 30490/TCP
Endpoints:      10.168.0.6:53
Session Affinity:   None

，然后从集群外部查询udp端口，一切似乎都可以正常工作:

and then queried on the udp port from outside of the cluster and everything appeared to work:

$ dig -p 30100 @10.240.0.4 kubernetes.default.svc.cluster.local

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -p 30100 @10.240.0.4 kubernetes.default.svc.cluster.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45472
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;kubernetes.default.svc.cluster.local. IN A

;; ANSWER SECTION:
kubernetes.default.svc.cluster.local. 30 IN A   10.171.240.1

;; Query time: 3 msec
;; SERVER: 10.240.0.4#30100(10.240.0.4)
;; WHEN: Thu May 26 18:27:32 UTC 2016
;; MSG SIZE  rcvd: 70

目前，Kubernetes不允许NodePort服务为tcp&共享同一端口. udp(请参见问题#20092 ).这对于DNS之类的东西来说有点时髦.

Right now, Kubernetes does not allow NodePort services to share the same port for tcp & udp (see Issue #20092). That makes this a little funky for something like DNS.

该错误已在Kubernetes 1.3中修复.

The bug was fixed in Kubernetes 1.3.

这篇关于如何为集群外的查询公开kube-dns服务?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！