Kubernetes服务发现机制与CoreDNS实践

张

张建站

2026/5/18 23:02:03

10分钟阅读

Kubernetes服务发现机制与CoreDNS实践引言服务发现是Kubernetes的核心功能之一它允许Pod自动发现和通信。本文将深入探讨Kubernetes服务发现机制和CoreDNS配置实践。一、服务发现架构1.1 服务发现层次┌─────────────────────────────────────────────────────────────────────┐ │ 服务发现架构 │ ├─────────────────────────────────────────────────────────────────────┤ │ │ │ ┌─────────────────────────────────────────────────────────────┐ │ │ │ Pod层 │ │ │ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ │ │ │ │ Pod 1 │ │ Pod 2 │ │ Pod 3 │ │ Pod N │ │ │ │ │ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘ │ │ │ │ │ │ │ │ │ │ │ └───────┼────────────┼────────────┼────────────┼──────────────┘ │ │ │ │ │ │ │ │ ▼ ▼ ▼ ▼ │ │ ┌─────────────────────────────────────────────────────────────┐ │ │ │ Service层 │ │ │ │ ┌─────────────────────────────────────────────────────┐ │ │ │ │ │ Kubernetes Service │ │ │ │ │ │ ClusterIP · NodePort · LoadBalancer · ExternalName│ │ │ │ │ └───────────────────────────┬─────────────────────────┘ │ │ │ └─────────────────────────────┼──────────────────────────────┘ │ │ │ │ │ ▼ │ │ ┌─────────────────────────────────────────────────────────────┐ │ │ │ DNS层 │ │ │ │ ┌─────────────────────────────────────────────────────┐ │ │ │ │ │ CoreDNS │ │ │ │ │ │ Service Discovery · Load Balancing · Health Check │ │ │ │ │ └─────────────────────────────────────────────────────┘ │ │ │ └─────────────────────────────────────────────────────────────┘ │ │ │ └─────────────────────────────────────────────────────────────────────┘1.2 Service类型对比类型说明适用场景ClusterIP集群内部IP集群内服务通信NodePort节点端口暴露外部访问LoadBalancer云负载均衡器生产环境外部访问ExternalName外部服务映射访问外部服务二、CoreDNS配置2.1 CoreDNS部署apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system data: Corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance }2.2 CoreDNS ServiceapiVersion: v1 kind: Service metadata: name: kube-dns namespace: kube-system annotations: prometheus.io/port: 9153 prometheus.io/scrape: true spec: selector: k8s-app: kube-dns clusterIP: 10.96.0.10 ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53 protocol: TCP - name: metrics port: 9153 protocol: TCP三、服务发现配置3.1 Service配置apiVersion: v1 kind: Service metadata: name: my-service namespace: default spec: selector: app: my-app ports: - name: http port: 80 targetPort: 8080 protocol: TCP type: ClusterIP3.2 Headless ServiceapiVersion: v1 kind: Service metadata: name: headless-service namespace: default spec: clusterIP: None selector: app: stateful-app ports: - name: http port: 80 targetPort: 80803.3 ExternalName ServiceapiVersion: v1 kind: Service metadata: name: external-service namespace: default spec: type: ExternalName externalName: api.example.com四、Endpoint配置4.1 手动EndpointapiVersion: v1 kind: Endpoints metadata: name: my-service namespace: default subsets: - addresses: - ip: 10.0.0.1 nodeName: node-1 - ip: 10.0.0.2 nodeName: node-2 ports: - name: http port: 8080 protocol: TCP4.2 EndpointSliceapiVersion: discovery.k8s.io/v1 kind: EndpointSlice metadata: name: my-service namespace: default labels: kubernetes.io/service-name: my-service addressType: IPv4 ports: - name: http port: 8080 protocol: TCP endpoints: - addresses: - 10.0.0.1 conditions: ready: true hostname: pod-1 - addresses: - 10.0.0.2 conditions: ready: true hostname: pod-2五、DNS解析配置5.1 Pod DNS配置apiVersion: v1 kind: Pod metadata: name: dns-pod namespace: default spec: containers: - name: app image: my-app:latest dnsPolicy: ClusterFirst dnsConfig: nameservers: - 10.96.0.10 searches: - default.svc.cluster.local - svc.cluster.local - cluster.local options: - name: ndots value: 55.2 DNS查询示例# 集群内部DNS查询 nslookup my-service.default.svc.cluster.local # 简化DNS查询 nslookup my-service.default # 查询Headless服务 nslookup headless-service.default.svc.cluster.local六、服务发现最佳实践6.1 服务命名规范类型命名规则示例Serviceapp-name-serviceuser-serviceHeadlessapp-name-headlessmysql-headlessExternalexternal-name-extredis-cache-ext6.2 健康检查配置apiVersion: v1 kind: Service metadata: name: health-service spec: selector: app: my-app ports: - name: http port: 80 targetPort: 8080 type: ClusterIP --- apiVersion: v1 kind: Pod metadata: name: health-pod spec: containers: - name: app image: my-app:latest ports: - containerPort: 8080 livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 10 periodSeconds: 5 readinessProbe: httpGet: path: /ready port: 8080 initialDelaySeconds: 5 periodSeconds: 3七、CoreDNS优化7.1 性能优化配置apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system data: Corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa ttl 30 } prometheus :9153 forward . 8.8.8.8 1.1.1.1 { max_concurrent 1000 } cache 60 loop reload loadbalance }7.2 缓存配置apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system data: Corefile: | .:53 { cache 60 { success 9984 30 denial 9984 5 } ... }八、服务发现监控8.1 CoreDNS监控apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: coredns-monitor namespace: monitoring spec: selector: matchLabels: k8s-app: kube-dns endpoints: - port: metrics path: /metrics interval: 15s8.2 DNS性能指标groups: - name: coredns.rules rules: - alert: CoreDNSDown expr: up{jobcoredns} 0 for: 5m labels: severity: critical annotations: summary: CoreDNS is down description: CoreDNS instance {{ $labels.instance }} is not responding九、故障排查9.1 DNS解析失败问题分析CoreDNS Pod未运行网络策略阻止DNS流量DNS配置错误解决方案# 检查CoreDNS状态 kubectl get pods -n kube-system -l k8s-appkube-dns # 检查DNS配置 kubectl exec -it pod-name -- cat /etc/resolv.conf # 测试DNS解析 kubectl exec -it pod-name -- nslookup kubernetes.default9.2 服务无法访问问题分析Service选择器不匹配Endpoint未就绪网络策略阻止解决方案# 检查Service配置 kubectl describe service my-service # 检查Endpoint状态 kubectl get endpoints my-service # 检查Pod标签 kubectl get pods -l appmy-app十、高级配置10.1 自定义DNS域apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system data: Corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } hosts /etc/coredns/custom-hosts { 10.0.0.100 myapp.example.com fallthrough } forward . /etc/resolv.conf cache 30 }10.2 多集群DNSapiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system data: Corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa ip6.arpa kubernetes other-cluster.local in-addr.arpa ip6.arpa { endpoint https://other-cluster-api.example.com tls-server-name api.other-cluster.local } forward . /etc/resolv.conf cache 30 }结论服务发现是Kubernetes集群内部通信的基础。通过合理配置CoreDNS、Service和Endpoint可以实现高效、可靠的服务发现机制。结合监控和故障排查工具可以确保服务发现的稳定性和可观测性。