kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #39127 from Zhuzhenghao/dns-pod-service 

[zh-cn] Resync dns-pod-service.md
This commit is contained in:
Kubernetes Prow Robot 2023-01-27 21:32:32 -08:00 committed by GitHub
parent d28b5b093a cb1af5dd0d
commit 50523c8fd7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 100 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

186
content/zh-cn/docs/concepts/services-networking/dns-pod-service.md
View File

@ -7,7 +7,8 @@ description: >-
---
<!--
reviewers:
- davidopp
- jbelamaric
- bowei
- thockin
title: DNS for Services and Pods
content_type: concept
@ -29,19 +30,20 @@ Kubernetes 为 Service 和 Pod 创建 DNS 记录。
<!-- body -->
<!--
Kubernetes DNS schedules a DNS Pod and Service on the cluster, and configures
the kubelets to tell individual containers to use the DNS Service's IP to
resolve DNS names.
Kubernetes publishes information about Pods and Services which is used
to program DNS. Kubelet configures Pods' DNS so that running containers
can lookup Services by name rather than IP.
-->
Kubernetes DNS 除了在集群上调度 DNS Pod 和 Service
还配置 kubelet 以告知各个容器使用 DNS Service 的 IP 来解析 DNS 名称
Kubernetes 发布有关 Pod 和 Service 的信息,这些信息被用来对 DNS 进行编程。
Kubelet 配置 Pod 的 DNS以便运行中的容器可以通过名称而不是 IP 来查找服务
<!--
Every Service defined in the cluster (including the DNS server itself) is
assigned a DNS name. By default, a client Pod's DNS search list includes the
Pod's own namespace and the cluster's default domain.
Services defined in the cluster are assigned DNS names. By default, a
client Pod's DNS search list includes the Pod's own namespace and the
cluster's default domain.
-->
集群中定义的每个 Service (包括 DNS 服务器自身)都被赋予一个 DNS 名称。
集群中定义的 Service 被赋予 DNS 名称。
默认情况下,客户端 Pod 的 DNS 搜索列表会包含 Pod 自身的名字空间和集群的默认域。
<!--
@ -74,13 +76,14 @@ Pod 查询 `data.prod` 时则会返回预期的结果,因为查询中指定了
<!--
DNS queries may be expanded using the Pod's `/etc/resolv.conf`. Kubelet
sets this file for each Pod. For example, a query for just `data` may be
configures this file for each Pod. For example, a query for just `data` may be
expanded to `data.test.svc.cluster.local`. The values of the `search` option
are used to expand queries. To learn more about DNS queries, see
[the `resolv.conf` manual page.](https://www.man7.org/linux/man-pages/man5/resolv.conf.5.html)
-->
DNS 查询可以使用 Pod 中的 `/etc/resolv.conf` 展开。kubelet 会为每个 Pod
生成此文件。例如,对 `data` 的查询可能被展开为 `data.test.svc.cluster.local`
DNS 查询可以使用 Pod 中的 `/etc/resolv.conf` 展开。
Kubelet 为每个 Pod 配置此文件。
例如,对 `data` 的查询可能被展开为 `data.test.svc.cluster.local`
`search` 选项的取值会被用来展开查询。要进一步了解 DNS 查询,可参阅
[`resolv.conf` 手册页面](https://www.man7.org/linux/man-pages/man5/resolv.conf.5.html)。
@ -91,10 +94,10 @@ options ndots:5
```
<!--
In summary, a Pod in the `test` namespace can successfully resolve either
In summary, a Pod in the _test_ namespace can successfully resolve either
`data.prod` or `data.prod.svc.cluster.local`.
-->
概括起来,名字空间 `test` 中的 Pod 可以成功地解析 `data.prod` 或者
概括起来,名字空间 _test_ 中的 Pod 可以成功地解析 `data.prod` 或者
`data.prod.svc.cluster.local`
<!--
@ -127,15 +130,15 @@ For more up-to-date specification, see
### A/AAAA records
"Normal" (not headless) Services are assigned a DNS A or AAAA record,
depending on the IP family of the Service, for a name of the form
"Normal" (not headless) Services are assigned DNS A and/or AAAA records,
depending on the IP family or families of the Service, with a name of the form
`my-svc.my-namespace.svc.cluster-domain.example`. This resolves to the cluster IP
of the Service.
"Headless" (without a cluster IP) Services are also assigned a DNS A or AAAA record,
depending on the IP family of the Service, for a name of the form
`my-svc.my-namespace.svc.cluster-domain.example`. Unlike normal
Services, this resolves to the set of IPs of the Pods selected by the Service.
[Headless Services](/docs/concepts/services-networking/service/#headless-services)
(without a cluster IP) Services are also assigned DNS A and/or AAAA records,
with a name of the form `my-svc.my-namespace.svc.cluster-domain.example`. Unlike normal
Services, this resolves to the set of IPs of all of the Pods selected by the Service.
Clients are expected to consume the set or else use standard round-robin
selection from the set.
-->
@ -143,40 +146,39 @@ selection from the set.
#### A/AAAA 记录 {#a-aaaa-records}
“普通” Service除了无头 Service会以 `my-svc.my-namespace.svc.cluster-domain.example`
这种名字形式被分配一个 DNS A 或 AAAA 记录,取决于 Service 的 IP 协议族。
除了无头 Service 之外的 “普通” Service 会被赋予一个形如 `my-svc.my-namespace.svc.cluster-domain.example`
的 DNS A 和/或 AAAA 记录,取决于 Service 的 IP 协议族(可能有多个)设置
该名称会解析成对应 Service 的集群 IP。
“无头Headless” Service (没有集群 IP也会以
`my-svc.my-namespace.svc.cluster-domain.example` 这种名字的形式被指派一个 DNS A 或 AAAA 记录,
具体取决于 Service 的 IP 协议族。
没有集群 IP 的[无头 Service](/zh-cn/docs/concepts/services-networking/service/#headless-services)
也会被赋予一个形如 `my-svc.my-namespace.svc.cluster-domain.example` 的 DNS A 和/或 AAAA 记录。
与普通 Service 不同,这一记录会被解析成对应 Service 所选择的 Pod IP 的集合。
客户端要能够使用这组 IP或者使用标准的轮转策略从这组 IP 中进行选择。
<!--
### SRV records
SRV Records are created for named ports that are part of normal or [Headless
Services](/docs/concepts/services-networking/service/#headless-services).
For each named port, the SRV record would have the form
`_my-port-name._my-port-protocol.my-svc.my-namespace.svc.cluster-domain.example`.
SRV Records are created for named ports that are part of normal or headless
services. For each named port, the SRV record has the form
`_port-name._port-protocol.my-svc.my-namespace.svc.cluster-domain.example`.
For a regular Service, this resolves to the port number and the domain name:
`my-svc.my-namespace.svc.cluster-domain.example`.
For a headless Service, this resolves to multiple answers, one for each Pod
that is backing the Service, and contains the port number and the domain name of the Pod
of the form `auto-generated-name.my-svc.my-namespace.svc.cluster-domain.example`.
of the form `hostname.my-svc.my-namespace.svc.cluster-domain.example`.
-->
#### SRV 记录 {#srv-records}
Kubernetes 根据普通 Service 或
[Headless Service](/zh-cn/docs/concepts/services-networking/service/#headless-services)
Kubernetes 根据普通 Service 或无头 Service
中的命名端口创建 SRV 记录。每个命名端口,
SRV 记录格式为 `_my-port-name._my-port-protocol.my-svc.my-namespace.svc.cluster-domain.example`。
SRV 记录格式为 `_port-name._port-protocol.my-svc.my-namespace.svc.cluster-domain.example`。
普通 Service该记录会被解析成端口号和域名`my-svc.my-namespace.svc.cluster-domain.example`。
无头 Service该记录会被解析成多个结果及该服务的每个后端 Pod 各一个 SRV 记录,
其中包含 Pod 端口号和格式为 `auto-generated-name.my-svc.my-namespace.svc.cluster-domain.example`
其中包含 Pod 端口号和格式为 `hostname.my-svc.my-namespace.svc.cluster-domain.example`
的域名。
<!--
## Pods-->
## Pod
<!--
@ -213,33 +215,48 @@ Any Pods exposed by a Service have the following DNS resolution available:
<!--
### Pod's hostname and subdomain fields
Currently when a Pod is created, its hostname is the Pod's `metadata.name` value.
The Pod spec has an optional `hostname` field, which can be used to specify the
Pod's hostname. When specified, it takes precedence over the Pod's name to be
the hostname of the Pod. For example, given a Pod with `hostname` set to
"`my-host`", the Pod will have its hostname set to "`my-host`".
The Pod spec also has an optional `subdomain` field which can be used to specify
its subdomain. For example, a Pod with `hostname` set to "`foo`", and `subdomain`
set to "`bar`", in namespace "`my-namespace`", will have the fully qualified
domain name (FQDN) "`foo.bar.my-namespace.svc.cluster-domain.example`".
Example:
Currently when a Pod is created, its hostname (as observed from within the Pod)
is the Pod's `metadata.name` value.
-->
### Pod 的 hostname 和 subdomain 字段 {#pod-s-hostname-and-subdomain-fields}
当前,创建 Pod 时其主机名取自 Pod 的 `metadata.name` 值。
当前,创建 Pod 时其主机名(从 Pod 内部观察)取自 Pod 的 `metadata.name` 值。
Pod 规约中包含一个可选的 `hostname` 字段,可以用来指定 Pod 的主机名。
当这个字段被设置时,它将优先于 Pod 的名字成为该 Pod 的主机名。
举个例子,给定一个 `hostname` 设置为 "`my-host`" 的 Pod
该 Pod 的主机名将被设置为 "`my-host`"。
<!--
The Pod spec has an optional `hostname` field, which can be used to specify a
different hostname. When specified, it takes precedence over the Pod's name to be
the hostname of the Pod (again, as observed from within the Pod). For example,
given a Pod with `spec.hostname` set to `"my-host"`, the Pod will have its
hostname set to `"my-host"`.
-->
Pod 规约还有一个可选的 `subdomain` 字段,可以用来指定 Pod 的子域名。
举个例子,某 Pod 的 `hostname` 设置为 “`foo`”,`subdomain` 设置为 “`bar`”,
在名字空间 “`my-namespace`” 中对应的完全限定域名FQDN
“`foo.bar.my-namespace.svc.cluster-domain.example`”。
Pod 规约中包含一个可选的 `hostname` 字段,可以用来指定一个不同的主机名。
当这个字段被设置时,它将优先于 Pod 的名字成为该 Pod 的主机名(同样是从 Pod 内部观察)。
举个例子,给定一个 `spec.hostname` 设置为 `“my-host”` 的 Pod
该 Pod 的主机名将被设置为 `“my-host”`
<!--
The Pod spec also has an optional `subdomain` field which can be used to indicate
that the pod is part of sub-group of the namespace. For example, a Pod with `spec.hostname`
set to `"foo"`, and `spec.subdomain` set to `"bar"`, in namespace `"my-namespace"`, will
have its hostname set to `"foo"` and its fully qualified domain name (FQDN) set to
`"foo.bar.my-namespace.svc.cluster.local"` (once more, as observed from within
the Pod).
-->
Pod 规约还有一个可选的 `subdomain` 字段,可以用来表明该 Pod 是名字空间的子组的一部分。
举个例子,某 Pod 的 `spec.hostname` 设置为 `“foo”``spec.subdomain` 设置为 `“bar”`
在名字空间 `“my-namespace”` 中,主机名称被设置成 `“foo”` 并且对应的完全限定域名FQDN
“`foo.bar.my-namespace.svc.cluster-domain.example`”(还是从 Pod 内部观察)。
<!--
If there exists a headless Service in the same namespace as the Pod, with
the same name as the subdomain, the cluster's DNS Server also returns A and/or AAAA
records for the Pod's fully qualified hostname.
Example:
-->
如果 Pod 所在的名字空间中存在一个无头服务,其名称与子域相同,
则集群的 DNS 服务器还会为 Pod 的完全限定主机名返回 A 和/或 AAAA 记录。
示例:
@ -247,7 +264,7 @@ Pod 规约还有一个可选的 `subdomain` 字段,可以用来指定 Pod 的
apiVersion: v1
kind: Service
metadata:
name: default-subdomain
name: busybox-subdomain
spec:
selector:
name: busybox
@ -255,7 +272,6 @@ spec:
ports:
- name: foo # 实际上不需要指定端口号
port: 1234
targetPort: 1234
---
apiVersion: v1
kind: Pod
@ -265,7 +281,7 @@ metadata:
name: busybox
spec:
hostname: busybox-1
subdomain: default-subdomain
subdomain: busybox-subdomain
containers:
- image: busybox:1.28
command:
@ -281,7 +297,7 @@ metadata:
name: busybox
spec:
hostname: busybox-2
subdomain: default-subdomain
subdomain: busybox-subdomain
containers:
- image: busybox:1.28
command:
@ -291,24 +307,16 @@ spec:
```
<!--
If there exists a headless Service in the same namespace as the Pod and with
the same name as the subdomain, the cluster's DNS Server also returns an A or AAAA
record for the Pod's fully qualified hostname.
For example, given a Pod with the hostname set to "`busybox-1`" and the subdomain set to
"`default-subdomain`", and a headless Service named "`default-subdomain`" in
the same namespace, the Pod will see its own FQDN as
"`busybox-1.default-subdomain.my-namespace.svc.cluster-domain.example`". DNS serves an
A or AAAA record at that name, pointing to the Pod's IP. Both Pods "`busybox1`" and
"`busybox2`" can have their distinct A or AAAA records.
Given the above Service `"busybox-subdomain"` and the Pods which set `spec.subdomain`
to `"busybox-subdomain"`, the first Pod will see its own FQDN as
`"busybox-1.busybox-subdomain.my-namespace.svc.cluster-domain.example"`. DNS serves
A and/or AAAA records at that name, pointing to the Pod's IP. Both Pods "`busybox1`" and
"`busybox2`" will have their own address records.
-->
如果某无头 Service 与某 Pod 在同一个名字空间中,且它们具有相同的子域名,
集群的 DNS 服务器也会为该 Pod 的全限定主机名返回 A 记录或 AAAA 记录。
例如,在同一个名字空间中,给定一个主机名为 “busybox-1”、
子域名设置为 “default-subdomain” 的 Pod和一个名称为 “`default-subdomain`”
的无头 ServicePod 将看到自己的 FQDN 为
"`busybox-1.default-subdomain.my-namespace.svc.cluster-domain.example`"。
DNS 会为此名字提供一个 A 记录或 AAAA 记录,指向该 Pod 的 IP。
“`busybox1`” 和 “`busybox2`” 这两个 Pod 分别具有它们自己的 A 或 AAAA 记录。
鉴于上述服务 `“busybox-subdomain”` 和将 `spec.subdomain` 设置为 `“busybox-subdomain”` 的 Pod
第一个 Pod 将看到自己的 FQDN 为 `“busybox-1.busybox-subdomain.my-namespace.svc.cluster-domain.example”`
DNS 会为此名字提供一个 A 记录和/或 AAAA 记录,指向该 Pod 的 IP。
Pod “`busybox1`” 和 “`busybox2`” 都将有自己的地址记录。
<!--
An {{<glossary_tooltip term_id="endpoint-slice" text="EndpointSlice">}} can specify
@ -318,18 +326,18 @@ the DNS hostname for any endpoint addresses, along with its IP.
对象可以为任何端点地址及其 IP 指定 `hostname`
<!--
Because A or AAAA records are not created for Pod names, `hostname` is required for the Pod's A or AAAA
Because A and AAAA records are not created for Pod names, `hostname` is required for the Pod's A or AAAA
record to be created. A Pod with no `hostname` but with `subdomain` will only create the
A or AAAA record for the headless Service (`default-subdomain.my-namespace.svc.cluster-domain.example`),
pointing to the Pod's IP address. Also, Pod needs to become ready in order to have a
A or AAAA record for the headless Service (`busybox-subdomain.my-namespace.svc.cluster-domain.example`),
pointing to the Pods' IP addresses. Also, the Pod needs to be ready in order to have a
record unless `publishNotReadyAddresses=True` is set on the Service.
-->
{{< note >}}
由于不是为 Pod 名称创建 A 或 AAAA 记录的,因此 Pod 的 A 或 AAAA 需要 `hostname`
由于 A 和 AAAA 记录不是基于 Pod 名称创建,因此需要设置了 `hostname` 才会生成 Pod 的 A 或 AAAA 记录
没有设置 `hostname` 但设置了 `subdomain` 的 Pod 只会为
无头 Service 创建 A 或 AAAA 记录(`default-subdomain.my-namespace.svc.cluster-domain.example`
无头 Service 创建 A 或 AAAA 记录(`busybox-subdomain.my-namespace.svc.cluster-domain.example`
指向 Pod 的 IP 地址。
另外,除非在服务上设置了 `publishNotReadyAddresses=True`,否则只有 Pod 进入就绪状态
另外,除非在服务上设置了 `publishNotReadyAddresses=True`,否则只有 Pod 准备就绪
才会有与之对应的记录。
{{< /note >}}
@ -341,12 +349,16 @@ record unless `publishNotReadyAddresses=True` is set on the Service.
{{< feature-state for_k8s_version="v1.22" state="stable" >}}
<!--
When a Pod is configured to have fully qualified domain name (FQDN), its hostname is the short hostname. For example, if you have a Pod with the fully qualified domain name `busybox-1.default-subdomain.my-namespace.svc.cluster-domain.example`, then by default the `hostname` command inside that Pod returns `busybox-1` and the `hostname --fqdn` command returns the FQDN.
When a Pod is configured to have fully qualified domain name (FQDN), its
hostname is the short hostname. For example, if you have a Pod with the fully
qualified domain name `busybox-1.busybox-subdomain.my-namespace.svc.cluster-domain.example`,
then by default the `hostname` command inside that Pod returns `busybox-1` and the
`hostname --fqdn` command returns the FQDN.
When you set `setHostnameAsFQDN: true` in the Pod spec, the kubelet writes the Pod's FQDN into the hostname for that Pod's namespace. In this case, both `hostname` and `hostname --fqdn` return the Pod's FQDN.
-->
当 Pod 配置为具有全限定域名 (FQDN) 时,其主机名是短主机名。
例如,如果你有一个具有完全限定域名 `busybox-1.default-subdomain.my-namespace.svc.cluster-domain.example` 的 Pod
例如,如果你有一个具有完全限定域名 `busybox-1.busybox-subdomain.my-namespace.svc.cluster-domain.example` 的 Pod
则默认情况下,该 Pod 内的 `hostname` 命令返回 `busybox-1`,而 `hostname --fqdn` 命令返回 FQDN。
当你在 Pod 规约中设置了 `setHostnameAsFQDN: true`kubelet 会将 Pod
@ -526,7 +538,7 @@ options ndots:2 edns0
```
<!--
For IPv6 setup, search path and name server should be setup like this:
For IPv6 setup, search path and name server should be set up like this:
-->
对于 IPv6 设置,搜索路径和名称服务器应按以下方式设置: