Alibaba Cloud k8s services occasionally fail to obtain dns resolution and install ACK NodeLocal DNSCache

Enterprise 2023-09-20 19:32:15 views: null

1. Background
feign.RetryableException: No route to host (Host unreachable) executing POST http://osale-thirdparty/empty/detect
The service will suddenly be interrupted. When the developer looks at the log, the host will not be found. Alibaba Cloud The technology recommends installing the dns caching component. Adding this component will solve this problem. This problem usually occurs due to network fluctuations. Please refer to the document https://help.aliyun.com/zh/ack/ack-managed-and-ack-dedicated/user-guide/configure-nodelocal-dnscache?spm=a2c4g .11186623.0.0.210c10baNQdY3T

2. Operation steps
Method 1: Configure DNSConfig to automatically inject
DNSConfig. The dynamic injection controller can be used to automatically inject DNSConfig into newly created Pods, avoiding the need for you to manually configure Pod YAML for injection. By default, this application will listen to requests for new Pods in the namespace containing the node-local-dns-injection=enabled label. You can label the namespace with the following command.

kubectl label namespace default node-local-dns-injection=enabled
kubectl label namespace yxyw node-local-dns-injection=enabled
kubectl label namespace yxyw-uat node-local-dns-injection=enabled
kubectl get ns --show-labels
kubectl get pods -o yaml osale-open-api-69f856757f-ngqgb -n yxyw-uat

Note:
The above command will only enable automatic injection of the default namespace. If you need to enable automatic injection for other namespaces, you need to replace default with the name of the target namespace.

When the namespace DNSConfig automatic injection is turned on, if you need to exempt some Pods (that is, do not inject), you can adjust the Labels field in the Pod Template and add the node-local-dns-injection=disabled label.

ECI does not support NodeLocal DNSCache. When a Deployment is dynamically and elastically expanded to an ECI node, the Pod on the ECI will cause domain name resolution timeout due to the inability to connect to the NodeLocal DNSCache. At this time, the entire Deployment must be injected with an exemption. You can adjust the Labels label field in its Pod Template and add node-local- dns-injection=disabled.
After turning on automatic injection, the following fields will be added to the Pod you create. In order to ensure the high availability of business DNS requests to the greatest extent, the Cluster IP address of kube-dns will be added to the nameservers as a backup DNS server.

dnsConfig:
    nameservers:
    - 169.254.20.10
    - 172.21.0.10
    options:
    - name: ndots
      value: "3"
    - name: attempts
      value: "2"
    - name: timeout
      value: "1"
    searches:
    - default.svc.cluster.local
    - svc.cluster.local
    - cluster.local
  dnsPolicy: None

Pod will be automatically injected into the DNS cache when the following conditions are met at the same time. If your Pod container is not injecting the IP address of the DNS cache server, check whether the Pod does not meet the following conditions.

The new Pod is not located in the kube-system and kube-public namespaces.

The Labels label of the namespace where the new Pod is located contains node-local-dns-injection=enabled.

Labels in the namespace where the new Pod is located do not contain ECI Pod related labels, such as virtual-node-affinity-injection, eci, alibabacloud.com/eci, etc.

The newly created Pod is not labeled with ECI-related labels such as eci, alibabacloud.com/eci, etc., or is labeled with the node-local-dns-injection=disabled label to disable DNS injection.

The network of the newly created Pod is hostNetwork and DNSPolicy is ClusterFirstWithHostNet, or the Pod is non-hostNetwork and DNSPolicy is ClusterFirst.
Note that verifying whether the injection is successful depends on the pod's yaml, because dnsconfig is directly injected into the pod.
3. If some services have special dns configuration requirements, they will be overwritten, so you need to set them up, disable dns cache configuration, and mark disable DNS. Inject node-local-dns-injection=disabled tag

apiVersion: apps/v1
kind: Deployment  
metadata:  
  name: @APP_NAME@
  labels:  
    app: @APP_NAME@
spec:  
  replicas: @REPLICAS@
  revisionHistoryLimit: 10
  selector:  
    matchLabels:  
      app: @APP_NAME@
  template:  
    metadata:  
      labels:  
        app: @APP_NAME@
        armsPilotAutoEnable: "on"
        armsPilotCreateAppName: @APP_NAME@
        one-agent.jdk.version: "OpenJDK11"
        node-local-dns-injection: "disabled"

Guess you like

Origin blog.csdn.net/jialiu111111/article/details/132823833
Recommended
This is the episode that Linus can't stand the most - Unreal Engine code specifications prohibit the use of swear words, slave, and master
Ranking
The use of __CSVRead of Jmeter's common functions
uni-app location-related notes/get the timestamps at zero o'clock and 12 o'clock on the day
Duplicate entry ‘dongdong123‘ for key ‘tab_user.AK_nq_username‘
Sinking to a county-level city, will the Red Star Macalline be "unacceptable"?
Memcached statistics items command
nodejs start live-server problem
What should I do if the algorithm overhead cannot meet the customer's requirements?
Task explore cancellation (2)
Hyperledger Fabric-sdk-java
Koa.js builds a simple server and connects to the database
Daily
More
2024-05-25(3)
2024-05-24(12)
2024-05-23(35)
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)

Code World

© 2018 codetd.com