Kubeedge K8s Pod Dns 创建流程和查询流程

本文主要分析k8s/kubeedge在创建pod容器的时候，怎么指定dns的。

如果想指定node创建容器的dns，一般在kublet/edgecore 的配置文件中指定dns信息：

1
2
clusterDNS: 169.254.96.16
clusterDomain: cluster.local

当node接收到创建pod的消息，执行如下流程：

k8s.io/kubernetes/pkg/kubelet/kuberuntime/kuberuntime_manager.go

Compute sandbox and container changes.
Kill pod sandbox if necessary.
Kill any containers that should not be running.
Create sandbox if necessary.
Create ephemeral containers.
Create init containers.
Create normal containers.

配置dns将要启动的dns，发生在第四步。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
    // Get podSandboxConfig for containers to start.
	configPodSandboxResult := kubecontainer.NewSyncResult(kubecontainer.ConfigPodSandbox, podSandboxID)
	result.AddSyncResult(configPodSandboxResult)
	podSandboxConfig, err := m.generatePodSandboxConfig(pod, podContainerChanges.Attempt)
	if err != nil {
		message := fmt.Sprintf("GeneratePodSandboxConfig for pod %q failed: %v", format.Pod(pod), err)
		klog.ErrorS(err, "GeneratePodSandboxConfig for pod failed", "pod", klog.KObj(pod))
		configPodSandboxResult.Fail(kubecontainer.ErrConfigPodSandbox, message)
		return
	}

跟踪m.generatePodSandboxConfig(pod, podContainerChanges.Attempt):

k8s.io/kubernetes/pkg/kubelet/kuberuntime/kuberuntime_sandbox.go

1
2
3
4
dnsConfig, err := m.runtimeHelper.GetPodDNS(pod)
	if err != nil {
		return nil, err
	}

调用到kubelet代码中：

k8s.io/kubernetes/pkg/kubelet/network/dns/dns.go

1
2
3
4
5
6
7
dnsConfig, err := c.getHostDNSConfig()  // 首先读取本地dns配置文件 一般为 /etc/resolv.conf
...
dnsType, err := getPodDNSType(pod) // 判断pod的dns type, 如果出错，默认为：podDNSCluster
... 
dnsConfig.Searches = c.generateSearchesForDNSClusterFirst(dnsConfig.Searches, pod) // 更新dns search信息
...
c.formDNSConfigFitsLimits(dnsConfig, pod) // 如果dns服务器信息大于三项，取前三项，如果server信息大于六项，取前六项，防止将来创建的容器中 /etc/resolv.conf 过大，影响查询效率

/etc/resolv.conf文件中的search项作用

1
2
3
4
cat /etc/resolv.conf 
nameserver 169.254.96.16
search edgezone.svc.cluster.local svc.cluster.local cluster.local
options ndots:5

如上dns配置文件，当我们执行： telnet tcp-echo-cloud-svc 2701

dns查询流程：

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[INFO] 172.17.0.3:44574 - 2 "AAAA IN tcp-echo-cloud-svc.edgezone.svc.cluster.local. udp 63 false 512" NXDOMAIN qr,aa,rd 156 0.000615248s
[INFO] 172.17.0.3:45200 - 3 "AAAA IN tcp-echo-cloud-svc.svc.cluster.local. udp 54 false 512" NXDOMAIN qr,aa,rd 147 0.000424578s
[INFO] 172.17.0.3:59917 - 4 "AAAA IN tcp-echo-cloud-svc.cluster.local. udp 50 false 512" NXDOMAIN qr,aa,rd 143 0.000261174s
[INFO] 172.17.0.3:57148 - 5 "AAAA IN tcp-echo-cloud-svc. udp 36 false 512" SERVFAIL qr,rd,ra 36 0.004129322s
[INFO] 172.17.0.3:44422 - 6 "AAAA IN tcp-echo-cloud-svc.edgezone.svc.cluster.local. udp 63 false 512" NXDOMAIN qr,aa,rd 156 0.000156824s
[INFO] 172.17.0.3:35644 - 7 "AAAA IN tcp-echo-cloud-svc.svc.cluster.local. udp 54 false 512" NXDOMAIN qr,aa,rd 147 0.000154486s
[INFO] 172.17.0.3:51536 - 8 "AAAA IN tcp-echo-cloud-svc.cluster.local. udp 50 false 512" NXDOMAIN qr,aa,rd 143 0.000138751s
[INFO] 172.17.0.3:49727 - 9 "AAAA IN tcp-echo-cloud-svc. udp 36 false 512" SERVFAIL qr,aa,rd,ra 36 0.000209603s
[INFO] 172.17.0.3:54476 - 10 "AAAA IN tcp-echo-cloud-svc.edgezone.svc.cluster.local. udp 63 false 512" NXDOMAIN qr,aa,rd 156 0.000125377s
[INFO] 172.17.0.3:55879 - 11 "AAAA IN tcp-echo-cloud-svc.svc.cluster.local. udp 54 false 512" NXDOMAIN qr,aa,rd 147 0.000141351s
[INFO] 172.17.0.3:55681 - 12 "AAAA IN tcp-echo-cloud-svc.cluster.local. udp 50 false 512" NXDOMAIN qr,aa,rd 143 0.000124606s
[INFO] 172.17.0.3:48394 - 13 "AAAA IN tcp-echo-cloud-svc. udp 36 false 512" SERVFAIL qr,aa,rd,ra 36 0.000126711s
[INFO] 172.17.0.3:42212 - 14 "A IN tcp-echo-cloud-svc.edgezone.svc.cluster.local. udp 63 false 512" NXDOMAIN qr,aa,rd 156 0.000261496s
[INFO] 172.17.0.3:45326 - 15 "A IN tcp-echo-cloud-svc.svc.cluster.local. udp 54 false 512" NXDOMAIN qr,aa,rd 147 0.000243659s
[INFO] 172.17.0.3:57336 - 16 "A IN tcp-echo-cloud-svc.cluster.local. udp 50 false 512" NXDOMAIN qr,aa,rd 143 0.000234824s
[INFO] 172.17.0.3:58830 - 17 "A IN tcp-echo-cloud-svc. udp 36 false 512" SERVFAIL qr,rd,ra 36 0.003850904s
[INFO] 172.17.0.3:33492 - 18 "A IN tcp-echo-cloud-svc.edgezone.svc.cluster.local. udp 63 false 512" NXDOMAIN qr,aa,rd 156 0.000159994s
[INFO] 172.17.0.3:47536 - 19 "A IN tcp-echo-cloud-svc.svc.cluster.local. udp 54 false 512" NXDOMAIN qr,aa,rd 147 0.000200511s
[INFO] 172.17.0.3:47825 - 20 "A IN tcp-echo-cloud-svc.cluster.local. udp 50 false 512" NXDOMAIN qr,aa,rd 143 0.000130152s
[INFO] 172.17.0.3:37545 - 21 "A IN tcp-echo-cloud-svc. udp 36 false 512" SERVFAIL qr,aa,rd,ra 36 0.000148824s
[INFO] 172.17.0.3:60738 - 22 "A IN tcp-echo-cloud-svc.edgezone.svc.cluster.local. udp 63 false 512" NXDOMAIN qr,aa,rd 156 0.000106792s
[INFO] 172.17.0.3:39783 - 23 "A IN tcp-echo-cloud-svc.svc.cluster.local. udp 54 false 512" NXDOMAIN qr,aa,rd 147 0.000189994s
[INFO] 172.17.0.3:47708 - 24 "A IN tcp-echo-cloud-svc.cluster.local. udp 50 false 512" NXDOMAIN qr,aa,rd 143 0.000134209s
[INFO] 172.17.0.3:43808 - 25 "A IN tcp-echo-cloud-svc. udp 36 false 512" SERVFAIL qr,aa,rd,ra 36 0.000161034s

查询主机名，因为主机名后面没有点，就认为是主机名，所以先添加search里的每一项依次组成FQDN（完全合格域名）来查询，完全合格域名查询未找到，就再认为主机名是完全合格域名来查询。查询主机名，因为主机名中有点（不是末尾有点），就认为是完全合格域名，先用它来查询，查询失败就把它当成是主机名来进行，添加search里的每一项组成FQDN（完全合格域名）来查询。查询主机名，因为主机名中末尾有点，则认为是完全合格域名，只用它来查询（不会再添加search里的每一项）。查询次数会与search里项域名个数有关。

Contents