coredns 的 Wildcards 功能能够让我们通过一个简单的 SRV 查询就可以获取到整个 kubernetes 集群内的所有 service 信息。
获取 service 和对应的 service ip 和端口信息(其中 * 可以替换为 any ):
$ dig srv *.*.svc.cluster.local ; <<>> DiG 9.16.20 <<>> srv *.*.svc.cluster.local ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41570 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 54380f3a1b0cb590 (echoed) ;; QUESTION SECTION: ;*.*.svc.cluster.local. IN SRV ;; ANSWER SECTION: *.*.svc.cluster.local. 30 IN SRV 0 20 443 kubernetes.default.svc.cluster.local. *.*.svc.cluster.local. 30 IN SRV 0 20 53 kube-dns.kube-system.svc.cluster.local. *.*.svc.cluster.local. 30 IN SRV 0 20 9153 kube-dns.kube-system.svc.cluster.local. *.*.svc.cluster.local. 30 IN SRV 0 20 80 my-service.ns-1.svc.cluster.local. ;; ADDITIONAL SECTION: my-service.ns-1.svc.cluster.local. 30 IN A 10.96.146.96 kube-dns.kube-system.svc.cluster.local. 30 IN A 10.96.0.10 kubernetes.default.svc.cluster.local. 30 IN A 10.96.0.1 ;; Query time: 2 msec ;; SERVER: 10.96.0.10#53(10.96.0.10) ;; WHEN: Sun Nov 14 07:08:27 UTC 2021 ;; MSG SIZE rcvd: 526
上面的 0 20 53 kube-dns.kube-system.svc.cluster.local. 记录中, 53 是端口信息, kube-dns.kube-system.svc.cluster.local 是 service 的域名其中包含了 service 名称、namspace 等信息:
$ kubectl -n kube-system get svc kube-dns NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 92m
获取 service 以及对应的 endpoints 信息:
$ dig srv *.*.*.svc.cluster.local ; <<>> DiG 9.16.20 <<>> srv *.*.*.svc.cluster.local ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55650 ;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 4 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 8d5836f2b43e3675 (echoed) ;; QUESTION SECTION: ;*.*.*.svc.cluster.local. IN SRV ;; ANSWER SECTION: *.*.*.svc.cluster.local. 30 IN SRV 0 14 6443 172-18-0-3.kubernetes.default.svc.cluster.local. *.*.*.svc.cluster.local. 30 IN SRV 0 14 53 10-244-0-3.kube-dns.kube-system.svc.cluster.local. *.*.*.svc.cluster.local. 30 IN SRV 0 14 9153 10-244-0-3.kube-dns.kube-system.svc.cluster.local. *.*.*.svc.cluster.local. 30 IN SRV 0 14 53 10-244-0-4.kube-dns.kube-system.svc.cluster.local. *.*.*.svc.cluster.local. 30 IN SRV 0 14 9153 10-244-0-4.kube-dns.kube-system.svc.cluster.local. ;; ADDITIONAL SECTION: 10-244-0-4.kube-dns.kube-system.svc.cluster.local. 30 IN A 10.244.0.4 10-244-0-3.kube-dns.kube-system.svc.cluster.local. 30 IN A 10.244.0.3 172-18-0-3.kubernetes.default.svc.cluster.local. 30 IN A 172.18.0.3 ;; Query time: 2 msec ;; SERVER: 10.96.0.10#53(10.96.0.10) ;; WHEN: Sun Nov 14 07:09:38 UTC 2021 ;; MSG SIZE rcvd: 715
上面的 0 14 53 10-244-0-3.kube-dns.kube-system.svc.cluster.local. 记录中 53 是其中一个 endpoint 的端口信息, 10-244-0-3 是 endpoint 的 ip 地址:
$ kubectl -n kube-system describe svc kube-dns Name: kube-dns Namespace: kube-system ... IP: 10.96.0.10 Port: dns 53/UDP TargetPort: 53/UDP Endpoints: 10.244.0.3:53,10.244.0.4:53 Port: dns-tcp 53/TCP TargetPort: 53/TCP Endpoints: 10.244.0.3:53,10.244.0.4:53 Port: metrics 9153/TCP TargetPort: 9153/TCP Endpoints: 10.244.0.3:9153,10.244.0.4:9153 ...
Comments