skydns

Useful link:

https://github.com/kubernetes/kubernetes.github.io/blob/master/docs/admin/dns.md

  

Kube-dns服务后端启动多个POD时的注意事项：

1. 开启kube2sky和skydns的livenessProbe
2. 为skydns添加--no-rec启动参数
3. 在一个skydns pod无法正常提供dns解析服务时，health check机制会重启相应的pod，但是在pod完全重启成功之前，部分服务的dns解析请求有可能会失败，失败的概率与后端skydns pod的个数有关

下面是部署skydns用到的yaml文件：

apiVersion: v1

kind: ReplicationController

metadata:

  name: kube-dns-v8

  namespace: kube-system

  labels:

    k8s-app: kube-dns

    version: v8

    kubernetes.io/cluster-service: "true"

spec:

  replicas: 3

  selector:

    k8s-app: kube-dns

    version: v8

  template:

    metadata:

      labels:

        k8s-app: kube-dns

        version: v8

        kubernetes.io/cluster-service: "true"

    spec:

      containers:

      - name: etcd

        image: 192.168.0.76:5000/etcd:2.2.1

        imagePullPolicy: IfNotPresent

        resources:

          limits:

            cpu: 50m

            memory: 1000Mi

        command:

        - /usr/local/bin/etcd

        - -data-dir

        - /var/etcd/data

        - -listen-client-urls

        - http://127.0.0.1:2379,http://127.0.0.1:4001

        - -advertise-client-urls

        - http://127.0.0.1:2379,http://127.0.0.1:4001

        - -initial-cluster-token

        - skydns-etcd

        #volumeMounts:

        #- name: etcd-storage

         # mountPath: /var/etcd/data

      - name: kube2sky

        #image: 192.168.0.76:5000/kube2sky:1.12

        image: 192.168.0.76:5000/kube2sky:1.12

        imagePullPolicy: IfNotPresent

        livenessProbe:

          httpGet:

            path: /healthz

            port: 8080

            scheme: HTTP

          initialDelaySeconds: 60

          timeoutSeconds: 5

          successThreshold: 1

          failureThreshold: 5

        resources:

          limits:

            cpu: 50m

            memory: 1000Mi

        args:

        # command = "/kube2sky"

        - --kube_master_url=http://192.168.0.75:8080

        - --domain=cluster.local

      - name: skydns

        image: 192.168.0.76:5000/longlong:2017

        imagePullPolicy: IfNotPresent

        livenessProbe:

          httpGet:

            path: /healthz

            port: 8080

            scheme: HTTP

          initialDelaySeconds: 60

          timeoutSeconds: 5

          successThreshold: 1

          failureThreshold: 5

        resources:

          limits:

            cpu: 50m

            memory: 1000Mi

        args:

        # command = "/skydns"

        - -machines=http://localhost:4001

        - -addr=0.0.0.0:53

        - -domain=cluster.local

        - -no-rec

        - -rcache=1000

        ports:

        - containerPort: 53

          name: dns

          protocol: UDP

        - containerPort: 53

          name: dns-tcp

          protocol: TCP

      - name: healthz

        image: 192.168.0.76:5000/exechealthz:1.1

        resources:

          limits:

            cpu: 10m

            memory: 20Mi

          requests:

            cpu: 10m

            memory: 20Mi

        args:

        - -cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1 >/dev/null

        - -port=8080

        ports:

        - containerPort: 8080

          protocol: TCP

      volumes:

      - name: etcd-storage

        emptyDir: {}

      dnsPolicy: Default  # Don't use cluster DNS.

  

musl库的DNS：

Traditional resolvers, including glibc's, make use of multiple nameserver lines in resolv.conf by trying each one in sequence and falling to the next after one times out. musl's resolver queries them all in parallel and accepts whichever response arrives first. This can increase network load (this is mitigated by only supporting up to three nameservers, and can be mitigated further at the configuration level by only configuring one nameserver) but drastically improves performance and reliability of DNS lookups, especially if diverse nameservers are used.