brunch

You can make anything
by writing

C.S.Lewis

by Master Seo Jul 04. 2021

쿠버1탄-18. 쿠버네티스 - DNS


다음은 쿠버네티스 스터디 자료를 참고해  정리한 내용입니다.



<1>  모니터링 설정

<2>  core dns 확인

<3>  core dns  테스트

<4> 서비스 디스커버리 기능 확인

<5> 외부  DNS 질의 ExternamName 확인

<6> 삭제

<7> 정리

<8> 다음 과정



<1>  모니터링 설정


1

로그인

ssh -i ~/.ssh/id_rsa ubuntu@api.seo.cndk.k8s

ssh -i ~/.ssh/id_rsa ubuntu@api.seo31.cndk.k8s



2

모니터링

watch -d 'kubectl get pod,svc,ep -n kube-system -l k8s-app=kube-dns -o wide'

or

watch -d 'kubectl get pods,svc,ep -o wide;echo ; kubectl get pod,svc,ep -n kube-system -l k8s-app=kube-dns -o wide'


                                                                          

NAME   READY   STATUS    RESTARTS   AGE    IP   NODE      NOMINATED NODE   READINESS GATES

pod/coredns-5489b75945-qf4hl   1/1     Running   0          2d1h   100.108.82.193   ip-172-20-43-172.ap-northeast-1.compute.internal   <none>           <none>

pod/coredns-5489b75945-rljmw   1/1     Running   0          2d1h   100.111.183.1    ip-172-20-46-12.ap-northeast-1.compute.internal    <none>           <none>


NAME               TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                  AGE    SELECTOR

service/kube-dns   ClusterIP   100.64.0.10   <none>        53/UDP,53/TCP,9153/TCP   2d1h   k8s-app=kube-dns


NAME                 ENDPOINTS                                                          AGE

endpoints/kube-dns   100.108.82.193:53,100.111.183.1:53,100.108.82.193:53 + 3 more...   2d1h



<2>  core dns 확인


0

질의 순서 2단계

내부에서 질의하여 확인

내부에서 레코드가 없으면?   

호스트 노드에  resolv.conf  에  dns 로  질의 한다.

예를들어 100.64.0.10에게 도메인 질의한다.

클러스터에 질의를 하는 것이다.

service/kube-dns   ClusterIP   100.64.0.10 


요약

pod는 coredns에 질의를 보내고 응답받음.

codedns cluser ip에 질의를 보냄 =  resolv.conf  에  dns 로  질의 한다.


Core DNS 는 DNS 서비스를 제공한다.

디플로이먼트로 배포 되어 있다.

core dns pod 가 존재한다.

서비스로 연결 되어 있다.

엔드포인트가 있다.



1

디플로이먼트 확인 ?


kubectl get deployments.apps -n kube-system

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE

calico-kube-controllers   1/1     1            1           31h

coredns                   2/2     2            2           31h

coredns-autoscaler        1/1     1            1           31h

dns-controller            1/1     1            1           31h


2

core dns 확인?

pod  2개가 있다.


kubectl get pod -n kube-system -o wide -l k8s-app=kube-dns

NAME   READY   STATUS    RESTARTS   AGE   IP   NODE      NOMINATED NODE   READINESS GATES

coredns-5489b75945-6ddkd   1/1     Running   0          30h   100.99.79.130   ip-172-20-45-22.ap-northeast-1.compute.internal   <none>           <none>

coredns-5489b75945-wnt9n   1/1     Running   0          31h   100.97.177.65   ip-172-20-49-16.ap-northeast-1.compute.internal   <none>           <none>



3

dns 클러스터 iP 확인 ?

클러스터  IP가 있다.


kubectl get svc -n kube-system kube-dns

NAME       TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                  AGE

kube-dns   ClusterIP   100.64.0.10   <none>        53/UDP,53/TCP,9153/TCP   31h

// tcp 53, udp 53 , 프로메테우스 모니터링  tcp 9153



4

configmap 확인 ?


kubectl get svc -n kube-system kube-dns

NAME       TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                  AGE

kube-dns   ClusterIP   100.64.0.10   <none>        53/UDP,53/TCP,9153/TCP   33h


5

컨피그 맵을 보자 ~

서비스 도메인으로 접근 된다!!!


kubectl describe configmaps -n kube-system coredns

Name:         coredns

Namespace:    kube-system

Labels:       addonmanager.kubernetes.io/mode=EnsureExists

Annotations:  <none>


Data

====

Corefile:

----

.:53 {

    errors

    health {

      lameduck 5s

    }

    kubernetes cluster.local. in-addr.arpa ip6.arpa {       // 서비스 도메인으로 접근 가능하다.

      pods insecure

      fallthrough in-addr.arpa ip6.arpa

      ttl 30              

    }

    prometheus :9153

    forward . /etc/resolv.conf {                          //  없으면  resolv.conf   에  DNS  에 질의한다.

      max_concurrent 1000

    }

    loop

    cache 30                //  메모리 캐쉬 30초

    loadbalance

    reload

}

Events:  <none>


https://coredns.io/plugins/kubernetes/


동작 확인 ?

내부에서 질의하여 확인

내부에서 레코드가 없으면?   호스트 노드에  resolv.conf  에  dns 로  질의 한다.




<3>  core dns  테스트


https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


1

Pod 를 만들어 dns   질의해 확인해보자.


2

codedns pod 를  1개로 줄여서 테스트하자


현재  수 확인?

kubectl get pod -n kube-system -l k8s-app=kube-dns

ubuntu@ip-172-20-46-120:~$ kubectl get pod -n kube-system -l k8s-app=kube-dns

NAME                       READY   STATUS    RESTARTS   AGE

coredns-5489b75945-6ddkd   1/1     Running   0          33h

coredns-5489b75945-wnt9n   1/1     Running   0          


3

테스트를 위해  dns 를 1개로 만들자

kubectl scale deployment -n kube-system coredns --replicas=1

// 안줄어 드네?


kubectl get pod -n kube-system -l k8s-app=kube-dns


4

test할  netshoot  pod 생성?

kubectl run -it --rm netdebug --image=nicolaka/netshoot --restart=Never -- zsh


3

pod에서 dns 확인 ?


cat /etc/resolv.conf


 netdebug #  cat /etc/resolv.conf

search default.svc.cluster.local svc.cluster.local cluster.local ap-northeast-1.compute.internal

nameserver 100.64.0.10

options ndots:5


100.64.0.10에게 도메인 질의한다.

클러스터에 질의를 하는 것이다.

service/kube-dns   ClusterIP   100.64.0.10 


4

woker 노드서버에 로그인 해서  coredns 확인 ?


웹 콘솔에서  worker node ip  확인과 접속?

scp -i ~/.ssh/id_rsa ~/.kube/config ubuntu@18.183.238.226:/tmp/

ssh -i ~/.ssh/id_rsa ubuntu@18.183.238.226


ps -ef | grep coredns

lsns -t net

ip -c link

tcpdump -i calib95733cf86c -nn udp port 53



ps -ef  | grep coredns

ubuntu     76223   40895  0 11:16 pts/0    00:00:00 grep --color=auto coredns


lsns -t net

        NS TYPE NPROCS   PID USER      NETNSID NSFS COMMAND

4026531992 net      10  1206 ubuntu unassigned      /lib/systemd/systemd --user


ip -c link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP mode DEFAULT group default qlen 1000

    link/ether 06:c6:58:34:2f:b7 brd ff:ff:ff:ff:ff:ff

3: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 8981 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000

    link/ipip 0.0.0.0 brd 0.0.0.0

6: calic7855f47df3@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 8981 qdisc noqueue state UP mode DEFAULT group default

    link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netns cni-804ee416-8410-6af1-a982-50d9df6ead1d



5

nslookup -type=A google.com -debug | grep QUESTIONS -A1


 netdebug  ~  nslookup -type=A google.com -debug | grep QUESTIONS -A1

    QUESTIONS:

        google.com.default.svc.cluster.local, type = A, class = IN

--

    QUESTIONS:

        google.com.svc.cluster.local, type = A, class = IN

--

    QUESTIONS:

        google.com.cluster.local, type = A, class = IN

--

    QUESTIONS:

        google.com.ap-northeast-1.compute.internal, type = A, class = IN

--

    QUESTIONS:

        google.com, type = A, class = IN


exit

// resolv.conf 의 search 와  option 수만큼 질의한다.


6

nslookup -type=A google.com. -debug | grep QUESTIONS -A1


// google.com.  (점을 찍으면 1번만 질의한다.)

ubuntu@ip-172-20-46-120:~$ nslookup -type=A google.com. -debug | grep QUESTIONS -A1

    QUESTIONS:

        google.com, type = A, class = IN



7

동작 순서

pod -> host node -> pod   resolv.conf 참고해서  외부 dns 로 질의 한다.





<4> 서비스 디스커버리 기능 확인


Service Discovery

CoreDNS 는 서비스에 대해  A레코더를 생성한다.

서비스를 도메인으로 어떻게 접근하는지 확인해 보자.

 

1

clear


cat << EOF > svc-pod.yaml

apiVersion: apps/v1

kind: Deployment

metadata:

  name: deploy-cndk

spec:

  replicas: 3

  selector:

    matchLabels:

      app: deploy-websrv

  template:

    metadata:

      labels:

        app: deploy-websrv

    spec:

      containers:

      - name: cndk-websrv

        image: gcr.io/google-samples/kubernetes-bootcamp:v1

        ports:

        - containerPort: 8080

---

apiVersion: v1

kind: Service

metadata:

  name: svc-clusterip

spec:

  ports:

    - name: svc-webport

      port: 9000

      targetPort: 8080

  selector:

    app: deploy-websrv

  type: ClusterIP

EOF



2

kubectl apply -f svc-pod.yaml


3

kubectl get svc

NAME            TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE

kubernetes      ClusterIP   100.64.0.1     <none>        443/TCP    17m

svc-clusterip   ClusterIP   100.67.79.88   <none>        9000/TCP   3s



4

kubectl get endpoints

NAME            ENDPOINTS                                                              AGE

kubernetes      172.20.46.120:443                                                      18m

svc-clusterip   100.97.177.85:8080,100.97.177.86:8080,100.97.177.87:8080 + 3 more...   27s




5

test pod 생성

kubectl run -it --rm netdebug --image=nicolaka/netshoot --restart=Never -- zsh


6

도메인을 svc-clusterip  질의하면  ip가 나온다 !!!

netdebug# 

#                                                                                                                                                                                                                                                                                          netdebug# nslookup svc-clusterip

Server:         100.64.0.10

Address:        100.64.0.10#53

Name:   svc-clusterip.default.svc.cluster.local

Address: 100.67.79.88


질의 해보자.

nslookup svc-clusterip

nslookup svc-clusterip.default

nslookup svc-clusterip.default.svc

nslookup svc-clusterip.default.svc.cluster.local


7

접속?

curl -s svc-clusterip:9000

curl -s svc-clusterip.default:9000

curl -s svc-clusterip.default.svc:9000

curl -s svc-clusterip.default.svc.cluster.local:9000


 netdebug # curl -s svc-clusterip:9000

Hello Kubernetes bootcamp! | Running on: deploy-cndk-6cbc8c75db-82nk5 | v=1


 netdebug # curl -s svc-clusterip.default:9000

Hello Kubernetes bootcamp! | Running on: deploy-cndk-6cbc8c75db-tkgbk | v=1



8

질의가  많으므로  환경 변수에 기본으로 들어와 있다!!!


env | grep SVC_CLUSTERIP

SVC_CLUSTERIP_SERVICE_PORT=9000

SVC_CLUSTERIP_PORT_9000_TCP=tcp://10.102.93.98:9000

SVC_CLUSTERIP_PORT_9000_TCP_PORT=9000

SVC_CLUSTERIP_SERVICE_PORT_SVC_WEBPORT=9000

SVC_CLUSTERIP_PORT=tcp://10.102.93.98:9000

SVC_CLUSTERIP_PORT_9000_TCP_PROTO=tcp

SVC_CLUSTERIP_SERVICE_HOST=10.102.93.98

SVC_CLUSTERIP_PORT_9000_TCP_ADDR=10.102.93.98


9

curl -s $SVC_CLUSTERIP_SERVICE_HOST:$SVC_CLUSTERIP_SERVICE_PORT

Hostname: deploy-echo-56f947c867-ln79g

Pod Information:

        -no pod information available-

Server values:

        server_version=nginx: 1.13.0 - lua: 10008

Request Information:

        client_address=100.97.177.88

        method=GET

        real path=/

        query=

        request_version=1.1

        request_uri=http://100.67.79.88:8080/

Request Headers:

        accept=*/*

        host=100.67.79.88:9000

        user-agent=curl/7.77.0

Request Body:

        -no body in request-



netdebug# exit



10

삭제

kubectl delete -f svc-pod.yaml





<5> 외부  DNS 질의 ExternamName 확인


cname으로 외부 dns가 변경되더라도 유지하도록 해주는 기능.



1

cat <<EOT> svc-ext-cndk.yaml

apiVersion: v1

kind: Service

metadata:

  name: dkos-ext

spec:

  type: ExternalName

  externalName: test.seo.link

EOT


2

kubectl apply -f svc-ext-cndk.yaml


3

test pod 생성

kubectl run -it --rm netdebug --image=nicolaka/netshoot --restart=Never -- zsh


4

nslookup dkos-ext


 netdebug 

nslookup dkos-ext

Server:         100.64.0.10

Address:        100.64.0.10#53

dkos-ext.default.svc.cluster.local      canonical name = test.seo.link.

test.seo.link   canonical name = pixie.porkbun.com.

Name:   pixie.porkbun.com

Address: 44.227.65.245

Name:   pixie.porkbun.com

Address: 44.227.76.166



5

http dkos-ext -b




<6> 삭제


서비스 삭제

kubectl delete -f svc-ext-cndk.yaml


kubectl delete deploy,svc --all





<7> 정리


1

core dns 동작 확인


2

외부  DNS 질의 ExternamName 확인





<8> 다음 과정


https://brunch.co.kr/@topasvga/1707



감사합니다.







브런치는 최신 브라우저에 최적화 되어있습니다. IE chrome safari