kubernetes 无法解析 aws 中服务的 dns 名称
kubernetes can't resolve dns name for the service in aws
我在 aws 云上的 k8s 集群中创建了一个服务
apiVersion: v1
kind: Service
metadata:
name: widget-svc
labels:
app: widget-test
spec:
type: LoadBalancer
ports:
- port: 3000
nodePort: 30003
protocol: TCP
selector:
app: widget-test
我的deployment.yml:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: widget-deploy
spec:
replicas: 10
template:
metadata:
labels:
app: widget-test
spec:
containers:
- name: widget-pod
image: xxxxx/xxx:xxx
ports:
- containerPort: 3000
我可以通过端口 3000 上的负载均衡器端点访问服务,但是当我在路由 53 中为负载均衡器创建 dns 名称时,我无法通过 DNS 名称访问服务。
配置的 CNAME a301877583cad11e8b74b0ab1dd411bf-51616161.us-east-2.elb.amazonaws.com 不存在:
$ dig widgetdock.yupl.us
; <<>> DiG 9.10.6 <<>> widgetdock.yupl.us
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42278
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;widgetdock.yupl.us. IN A
;; ANSWER SECTION:
widgetdock.yupl.us. 300 IN CNAME a301877583cad11e8b74b0ab1dd411bf-51616161.us-east-2.elb.amazonaws.com.
;; AUTHORITY SECTION:
us-east-2.elb.amazonaws.com. 60 IN SOA ns-1076.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 60
;; Query time: 73 msec
;; SERVER: 172.31.254.1#53(172.31.254.1)
;; WHEN: Thu Apr 26 15:22:30 CEST 2018
;; MSG SIZE rcvd: 212
看到 status: NXDOMAIN 表示此域不存在。
我解决了这个问题,问题出在负载均衡器的安全组规则上。允许安全组规则后,它工作正常
我在 aws 云上的 k8s 集群中创建了一个服务
apiVersion: v1
kind: Service
metadata:
name: widget-svc
labels:
app: widget-test
spec:
type: LoadBalancer
ports:
- port: 3000
nodePort: 30003
protocol: TCP
selector:
app: widget-test
我的deployment.yml:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: widget-deploy
spec:
replicas: 10
template:
metadata:
labels:
app: widget-test
spec:
containers:
- name: widget-pod
image: xxxxx/xxx:xxx
ports:
- containerPort: 3000
我可以通过端口 3000 上的负载均衡器端点访问服务,但是当我在路由 53 中为负载均衡器创建 dns 名称时,我无法通过 DNS 名称访问服务。
配置的 CNAME a301877583cad11e8b74b0ab1dd411bf-51616161.us-east-2.elb.amazonaws.com 不存在:
$ dig widgetdock.yupl.us
; <<>> DiG 9.10.6 <<>> widgetdock.yupl.us
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42278
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;widgetdock.yupl.us. IN A
;; ANSWER SECTION:
widgetdock.yupl.us. 300 IN CNAME a301877583cad11e8b74b0ab1dd411bf-51616161.us-east-2.elb.amazonaws.com.
;; AUTHORITY SECTION:
us-east-2.elb.amazonaws.com. 60 IN SOA ns-1076.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 60
;; Query time: 73 msec
;; SERVER: 172.31.254.1#53(172.31.254.1)
;; WHEN: Thu Apr 26 15:22:30 CEST 2018
;; MSG SIZE rcvd: 212
看到 status: NXDOMAIN 表示此域不存在。
我解决了这个问题,问题出在负载均衡器的安全组规则上。允许安全组规则后,它工作正常