kubernetes skydnsがリクエストを転送できない

Question

私は1つのマスター2ノードkubernetesのクラスタを作成しています。私は、次のように基づいてskydnsを作成しようとしています：

しかし

apiVersion: v1 
kind: ReplicationController 
metadata: 
    name: kube-dns-v11 
    namespace: kube-system 
    labels: 
    k8s-app: kube-dns 
    version: v11 
    kubernetes.io/cluster-service: "true" 
spec: 
    replicas: 1 
    selector: 
    k8s-app: kube-dns 
    version: v11 
    template: 
    metadata: 
     labels: 
     k8s-app: kube-dns 
     version: v11 
     kubernetes.io/cluster-service: "true" 
    spec: 
     containers: 
     - name: etcd 
     image: gcr.io/google_containers/etcd-amd64:2.2.1 
     # resources: 
     # # TODO: Set memory limits when we've profiled the container for large 
     # # clusters, then set request = limit to keep this container in 
     # # guaranteed class. Currently, this container falls into the 
     # # "burstable" category so the kubelet doesn't backoff from restarting it. 
     # limits: 
     #  cpu: 100m 
     #  memory: 500Mi 
     # requests: 
     #  cpu: 100m 
     #  memory: 50Mi 
     command: 
     - /usr/local/bin/etcd 
     - -data-dir 
     - /var/etcd/data 
     - -listen-client-urls 
     - http://127.0.0.1:2379,http://127.0.0.1:4001 
     - -advertise-client-urls 
     - http://127.0.0.1:2379,http://127.0.0.1:4001 
     - -initial-cluster-token 
     - skydns-etcd 
     volumeMounts: 
     - name: etcd-storage 
      mountPath: /var/etcd/data 
     - name: kube2sky 
     image: gcr.io/google_containers/kube2sky:1.14 
     # resources: 
     # # TODO: Set memory limits when we've profiled the container for large 
     # # clusters, then set request = limit to keep this container in 
     # # guaranteed class. Currently, this container falls into the 
     # # "burstable" category so the kubelet doesn't backoff from restarting it. 
     # limits: 
     #  cpu: 100m 
     #  # Kube2sky watches all pods. 
     #  memory: 200Mi 
     # requests: 
     #  cpu: 100m 
     #  memory: 50Mi 
     livenessProbe: 
      httpGet: 
      path: /healthz 
      port: 8080 
      scheme: HTTP 
      initialDelaySeconds: 60 
      timeoutSeconds: 5 
      # successThreshold: 1 
      # failureThreshold: 5 
     readinessProbe: 
      httpGet: 
      path: /readiness 
      port: 8081 
      scheme: HTTP 
      # we poll on pod startup for the Kubernetes master service and 
      # only setup the /readiness HTTP server once that's available. 
      initialDelaySeconds: 30 
      timeoutSeconds: 5 
     args: 
     # command = "/kube2sky" 
     - --domain=cluster.local 
     - name: skydns 
     image: gcr.io/google_containers/skydns:2015-10-13-8c72f8c 
     resources: 
      # TODO: Set memory limits when we've profiled the container for large 
      # clusters, then set request = limit to keep this container in 
      # guaranteed class. Currently, this container falls into the 
      # "burstable" category so the kubelet doesn't backoff from restarting it. 
      limits: 
      cpu: 100m 
      memory: 200Mi 
      requests: 
      cpu: 100m 
      memory: 50Mi 
     args: 
     # command = "/skydns" 
     - -machines=http://127.0.0.1:4001 
     - -addr=0.0.0.0:53 
     - -ns-rotate=false 
     - -domain=cluster.local 
     ports: 
     - containerPort: 53 
      name: dns 
      protocol: UDP 
     - containerPort: 53 
      name: dns-tcp 
      protocol: TCP 
     - name: healthz 
     image: gcr.io/google_containers/exechealthz:1.0 
     # resources: 
     # # keep request = limit to keep this container in guaranteed class 
     # limits: 
     #  cpu: 10m 
     #  memory: 20Mi 
     # requests: 
     #  cpu: 10m 
     #  memory: 20Mi 
     args: 
     - -cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1 >/dev/null 
     - -port=8080 
     ports: 
     - containerPort: 8080 
      protocol: TCP 
     volumes: 
     - name: etcd-storage 
     emptyDir: {} 
     dnsPolicy: Default # Don't use cluster DNS. 

、skydnsを吐き、次のとおりです。

> $kubectl logs kube-dns-v11-k07j9 --namespace=kube-system skydns 
> 2016/04/18 12:47:05 skydns: falling back to default configuration, 
> could not read from etcd: 100: Key not found (/skydns) [1] 2016/04/18 
> 12:47:05 skydns: ready for queries on cluster.local. for 
> tcp://0.0.0.0:53 [rcache 0] 2016/04/18 12:47:05 skydns: ready for 
> queries on cluster.local. for udp://0.0.0.0:53 [rcache 0] 2016/04/18 
> 12:47:11 skydns: failure to forward request "read udp 
>  192.168.122.1:53: i/o timeout" 2016/04/18 12:47:15 skydns: failure to forward request "read udp 192.168.122.1:53: i/o timeout" 2016/04/18 
> 12:47:19 skydns: failure to forward request "read udp 
>  192.168.122.1:53: i/o timeout" 2016/04/18 12:47:23 skydns: failure to forward request "read udp 192.168.122.1:53: i/o timeout" 2016/04/18 
> 12:47:27 skydns: failure to forward request "read udp 
>  192.168.122.1:53: i/o timeout" 2016/04/18 12:47:31 skydns: failure to forward request "read udp 192.168.122.1:53: i/o timeout" 2016/04/18 
> 12:47:35 skydns: failure to forward request "read udp 
>  192.168.122.1:53: i/o timeout" 2016/04/18 12:47:39 skydns: failure to forward request "read udp 192.168.122.1:53: i/o timeout" 2016/04/18 
> 12:47:43 skydns: failure to forward request "read udp 
>  192.168.122.1:53: i/o timeout" 2016/04/18 12:47:47 skydns: failure to forward request "read udp 192.168.122.1:53: i/o timeout" 2016/04/18 
> 12:47:51 skydns: failure to forward request "read udp 
>  192.168.122.1:53: i/o timeout" 2016/04/18 12:47:55 skydns: failure to forward request "read udp 192.168.122.1:53: i/o timeout" 2016/04/18 
> 12:47:59 skydns: failure to forward request "read udp 
>  192.168.122.1:53: i/o timeout" 2016/04/18 12:48:03 skydns: failure to forward request "read udp 192.168.122.1:53: i/o timeout" 

さらに見た後、私はちょうど192.168.122.1で何が実現しますか？ kvmの仮想スイッチです。 skydnsが仮想マシンの仮想スイッチまたはDNSサーバーにヒットしようとしているのはなぜですか？

Answer 1

SkyDNSのデフォルトの転送ネームサーバは/etc/resolv.confです。 SkyDNSはkube-dnsポッドをクラスタアドオンとして実行するので、kube-dns docで説明されているように、そのホストから/etc/resolv.confを継承します。

あなたの質問から、あなたのホストの/etc/resolv.confは、ネームサーバとして192.168.122.1を使用するように設定されているため、SkyDNS設定の転送サーバになります。私は192.168.122.1があなたのKubernetesクラスタからルーティング可能ではないと信じています。そのため、kube-dnsログに「要求を転送できません」というエラーが表示されています。

この問題の最も簡単な解決策は、RC設定のSkyDNSのフラグとして到達可能なDNSサーバーを提供することです。ここでの例では、（それはちょうどあなたのRCの設定だが、SkyDNSコンテナ仕様に-nameserversフラグを追加します）です：

apiVersion: v1 
kind: ReplicationController 
metadata: 
    name: kube-dns-v11 
    namespace: kube-system 
    labels: 
    k8s-app: kube-dns 
    version: v11 
    kubernetes.io/cluster-service: "true" 
spec: 
    replicas: 1 
    selector: 
    k8s-app: kube-dns 
    version: v11 
    template: 
    metadata: 
     labels: 
     k8s-app: kube-dns 
     version: v11 
     kubernetes.io/cluster-service: "true" 
    spec: 
     containers: 
     - name: etcd 
     image: gcr.io/google_containers/etcd-amd64:2.2.1 
     # resources: 
     # # TODO: Set memory limits when we've profiled the container for large 
     # # clusters, then set request = limit to keep this container in 
     # # guaranteed class. Currently, this container falls into the 
     # # "burstable" category so the kubelet doesn't backoff from restarting it. 
     # limits: 
     #  cpu: 100m 
     #  memory: 500Mi 
     # requests: 
     #  cpu: 100m 
     #  memory: 50Mi 
     command: 
     - /usr/local/bin/etcd 
     - -data-dir 
     - /var/etcd/data 
     - -listen-client-urls 
     - http://127.0.0.1:2379,http://127.0.0.1:4001 
     - -advertise-client-urls 
     - http://127.0.0.1:2379,http://127.0.0.1:4001 
     - -initial-cluster-token 
     - skydns-etcd 
     volumeMounts: 
     - name: etcd-storage 
      mountPath: /var/etcd/data 
     - name: kube2sky 
     image: gcr.io/google_containers/kube2sky:1.14 
     # resources: 
     # # TODO: Set memory limits when we've profiled the container for large 
     # # clusters, then set request = limit to keep this container in 
     # # guaranteed class. Currently, this container falls into the 
     # # "burstable" category so the kubelet doesn't backoff from restarting it. 
     # limits: 
     #  cpu: 100m 
     #  # Kube2sky watches all pods. 
     #  memory: 200Mi 
     # requests: 
     #  cpu: 100m 
     #  memory: 50Mi 
     livenessProbe: 
      httpGet: 
      path: /healthz 
      port: 8080 
      scheme: HTTP 
      initialDelaySeconds: 60 
      timeoutSeconds: 5 
      # successThreshold: 1 
      # failureThreshold: 5 
     readinessProbe: 
      httpGet: 
      path: /readiness 
      port: 8081 
      scheme: HTTP 
      # we poll on pod startup for the Kubernetes master service and 
      # only setup the /readiness HTTP server once that's available. 
      initialDelaySeconds: 30 
      timeoutSeconds: 5 
     args: 
     # command = "/kube2sky" 
     - --domain=cluster.local 
     - name: skydns 
     image: gcr.io/google_containers/skydns:2015-10-13-8c72f8c 
     resources: 
      # TODO: Set memory limits when we've profiled the container for large 
      # clusters, then set request = limit to keep this container in 
      # guaranteed class. Currently, this container falls into the 
      # "burstable" category so the kubelet doesn't backoff from restarting it. 
      limits: 
      cpu: 100m 
      memory: 200Mi 
      requests: 
      cpu: 100m 
      memory: 50Mi 
     args: 
     # command = "/skydns" 
     - -machines=http://127.0.0.1:4001 
     - -addr=0.0.0.0:53 
     - -ns-rotate=false 
     - -domain=cluster.local 
     - -nameservers=8.8.8.8:53,8.8.4.4:53 # Adding this flag. Dont use double quotes. 
     ports: 
     - containerPort: 53 
      name: dns 
      protocol: UDP 
     - containerPort: 53 
      name: dns-tcp 
      protocol: TCP 
     - name: healthz 
     image: gcr.io/google_containers/exechealthz:1.0 
     # resources: 
     # # keep request = limit to keep this container in guaranteed class 
     # limits: 
     #  cpu: 10m 
     #  memory: 20Mi 
     # requests: 
     #  cpu: 10m 
     #  memory: 20Mi 
     args: 
     - -cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1 >/dev/null 
     - -port=8080 
     ports: 
     - containerPort: 8080 
      protocol: TCP 
     volumes: 
     - name: etcd-storage 
     emptyDir: {} 
     dnsPolicy: Default # Don't use cluster DNS.