Pod作为集群中提供具体服务的实体,也可以像Service一样设置DNS域名。另外,系统为客户端应用Pod提供需要使用的DNS策略提供多种选择。

Pod 域名

对Pod来说,Kubernetes会为其设置一个<pod-ip>.<namespace>.pod.<cluster-domain>格式的DNS域名,其中Pod IP部分需要用"-“替换”."符号,例如:

[root@master1 data]# kubectl get pod -o wide
NAME                      READY   STATUS    RESTARTS   AGE   IP             NODE    NOMINATED NODE   READINESS GATES
busybox                   1/1     Running   1          81m   10.0.104.22    node2   <none>           <none>
webapp-5bc8768bd6-4skln   1/1     Running   0          47m   10.0.104.26    node2   <none>           <none>
webapp-5bc8768bd6-mh6v8   1/1     Running   0          47m   10.0.104.25    node2   <none>           <none>
webapp-5bc8768bd6-v4dll   1/1     Running   0          47m   10.0.166.151   node1   <none>           <none>
[root@master1 data]# 
[root@master1 data]# kubectl exec -it busybox -- nslookup 10-0-104-25.default.pod.cluster.local
Server:    172.16.0.254
Address 1: 172.16.0.254 kube-dns.kube-system.svc.cluster.local

Name:      10-0-104-25.default.pod.cluster.local
Address 1: 10.0.104.25 10-0-104-25.webapp.default.svc.cluster.local

这里的CoreDNS中,Corefile里的kubernetes插件需要配置pods模式。比如:

        kubernetes cluster.local in-addr.arpa ip6.arpa {
            pods insecure
            fallthrough in-addr.arpa ip6.arpa
            ttl 30
        }

coredns.io里提到:

pods POD-MODE sets the mode for handling IP-based pod A records, e.g. 1-2-3-4.ns.pod.cluster.local. in A 1.2.3.4. This option is provided to facilitate use of SSL certs when connecting directly to pods. Valid values for POD-MODE:

  • disabled: Default. Do not process pod requests, always returning NXDOMAIN
  • insecure: Always return an A record with IP from request (without checking k8s). This option is vulnerable to abuse if used maliciously in conjunction with wildcard SSL certs. This option is provided for backward compatibility with kube-dns.
  • verified: Return an A record if there exists a pod in same namespace with matching IP. This option requires substantially more memory than in insecure mode, since it will maintain a watch on all pods.

pods POD-MODE 设置处理基于IP的pod A记录的模式,例如1-2-3-4.ns.pod.cluster.local.在A 1.2.3.4

Service 域名

对于以 Deployment 或 Daemonset 类型创建的 Pod,kubernetes 会为每个 Pod 都以其 IP 地址和控制器名称设置一个 DNS 域名,格式为<pod-ip>.<deployment/daemonset-name>.<namespace>.svc.<cluster-doamin>,其中 Pod IP 地址段字符串需要用-替换.符号,例如下面的 IP 地址为:10.0.104.25。
系统为这个 Pod 设置的 DNS 域名为 10-0-104-25.webapp.default.svc.cluster.local,用 nslookup 进行验证:

[root@master1 data]# kubectl get deployments -o wide
NAME     READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES                    SELECTOR
webapp   3/3     3            3           51m   webapp       kubeguide/tomcat-app:v1   app=webapp
[root@master1 data]# 
[root@master1 data]# kubectl get svc webapp 
NAME     TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
webapp   ClusterIP   172.16.154.183   <none>        8080/TCP   6m26s
[root@master1 data]# 
[root@master1 data]# kubectl exec -it busybox -- nslookup 10-0-104-25.webapp.default.svc.cluster.local
Server:    172.16.0.254
Address 1: 172.16.0.254 kube-dns.kube-system.svc.cluster.local

Name:      10-0-104-25.webapp.default.svc.cluster.local
Address 1: 10.0.104.25 10-0-104-25.webapp.default.svc.cluster.local

这里需要注意的是要有一个service IP,才能使用svc域名查询,否则会查询不成功。