Kubernetes内部主机名解析为localhost。

huangapple go评论91阅读模式
英文:

Kubernetes internal hostname is resolved to localhost

问题

我正在尝试使用内部服务 DNS 进行服务间的 HTTP 通信。

如果我尝试从另一个部署的 Pod 中使用 curl 访问一个 Pod,它是可以工作的,但是在使用 golang 的 net/http 服务时无法使用。

当进行 API 调用时,hydra-admin.microservices.svc.cluster.local 解析为 localhost,但是如下所示,curl 是可以工作的。

/ # curl -X PUT http://hydra-admin:4445/admin/oauth2/auth/requests/login/accept?login_challenge=6f51146e49c54b739de8a37b25a72349
{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Unable to decode body because: EOF"}

我在这里漏掉了什么?

英文:

I'm trying to use internal service DNS for service-to-service HTTP communication.

If I try to curl a pod from another deployment pod it is working but unable to use it in golang net/http service

2023/01/27 15:48:37 oauth2.go:90: oauth2 url  http://hydra-admin.microservices.svc.cluster.local:4445/oauth2/auth/requests/login/accept
2023/01/27 15:48:37 oauth2.go:101: Unable to make http request  Put "http://localhost:4445/admin/oauth2/auth/requests/login/accept?login_challenge=b569006c8b834a298cf1cd72e2424953": dial tcp [::1]:4445: connect: connection refused

hydra-admin.microservices.svc.cluster.local is resolved to localhost when the API call is made

but curl works as you see below

/ # curl -X PUT http://hydra-admin:4445/admin/oauth2/auth/requests/login/accept?login_challenge=6f51146e49c54b739de8a37b25a72349
{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Unable to decode body because: EOF"}

What am I missing here?

答案1

得分: 1

根据我的评论,根据您构建go可执行文件的方式,它在k8s环境中的行为会有所不同。您是使用scratch镜像还是CGO_ENABLED=1镜像?

根据dns包的文档,有关DNS行为的一个注意事项如下:

默认情况下,使用纯Go解析器,因为阻塞的DNS请求只消耗一个goroutine,而阻塞的C调用则会消耗一个操作系统线程。当cgo可用时,在以下各种条件下将使用基于cgo的解析器:

...当/etc/resolv.conf或/etc/nsswitch.conf指定使用Go解析器未实现的功能,并且要查找的名称以.local结尾或是mDNS名称时。

因此,我建议您为k8s构建您的go可执行文件,以最大化外部和内部DNS请求的成功率,方法如下:

CGO_ENABLED=1 go build -tags netgo
英文:

Per my comment, depending on how you are building your go executable will have an effect on how it behaves within a k8s environment. Are you using a scratch image or a CGO_ENABLED=1 image?

From the dns package docs there's a caveat on DNS behavior

> By default the pure Go resolver is used, because a blocked DNS request
> consumes only a goroutine, while a blocked C call consumes an
> operating system thread. When cgo is available, the cgo-based resolver
> is used instead under a variety of conditions:

> ... when /etc/resolv.conf or /etc/nsswitch.conf specify the use of features
> that the Go resolver does not implement, and when the name being
> looked up ends in .local
or is an mDNS name.

So I would suggest - to maximized your success rate for both external & internal DNS requests - building your go executable for k8s like so:

CGO_ENABLED=1 go build -tags netgo

huangapple
  • 本文由 发表于 2023年1月29日 22:06:54
  • 转载请务必保留本文链接:https://go.coder-hub.com/75275515.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定