search

polarismesh / polaris

Service Discovery and Governance Platform for Microservice and Distributed Architecture
https://polarismesh.cn
Other
2.4k stars 397 forks source link

所有dns请求结果都返回10.4.4.4 #1369

Closed wangjianwen closed 3 months ago

wangjianwen commented 3 months ago

使用k8s 安装为polaris,polaris-controller后,采用Envoy 网格接入,发现所有的域名解析的ip都是 10.4.4.4,使用nsenter进入容器命名空间

[root@chuangyiyuan-10-17-8-76 polaris-controller]# nslookup template-server2.basic-service.svc.cluster.local 10.96.0.10 Server: 10.96.0.10 Address: 10.96.0.10#53

Name: template-server2.basic-service Address: 10.4.4.4

[root@chuangyiyuan-10-17-8-76 polaris-controller]# nslookup template-server1.basic-service.svc.cluster.local 10.96.0.10 Server: 10.96.0.10 Address: 10.96.0.10#53

Name: template-server1.basic-service Address: 10.4.4.4

其中 10.96.0.10 是 core-dns svc的ClusterIP

直接在宿主机上查询是ok的 [jianwenwang@chuangyiyuan-10-17-8-76 polaris-controller]$ nslookup template-server1.basic-service.svc.cluster.local 10.96.0.10 Server: 10.96.0.10 Address: 10.96.0.10#53

Name: template-server1.basic-service.svc.cluster.local Address: 10.97.150.64

[jianwenwang@chuangyiyuan-10-17-8-76 polaris-controller]$ nslookup template-server2.basic-service.svc.cluster.local 10.96.0.10 Server: 10.96.0.10 Address: 10.96.0.10#53

Name: template-server2.basic-service.svc.cluster.local Address: 10.99.161.35

wangjianwen commented 3 months ago

其中容器中 iptabes规则为:

-P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -N POLARIS_INBOUND -N POLARIS_IN_REDIRECT -N POLARIS_OUTPUT -N POLARIS_REDIRECT -A PREROUTING -p tcp -j POLARIS_INBOUND -A OUTPUT -p tcp -j POLARIS_OUTPUT -A OUTPUT -p udp -m udp --dport 53 -m owner --uid-owner 1337 -j RETURN -A OUTPUT -p udp -m udp --dport 53 -m owner --gid-owner 1337 -j RETURN -A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports 15053 -A POLARIS_INBOUND -p tcp -m tcp --dport 15008 -j RETURN -A POLARIS_INBOUND -p tcp -m tcp --dport 15985 -j RETURN -A POLARIS_INBOUND -p tcp -m tcp --dport 50000 -j RETURN -A POLARIS_INBOUND -p tcp -m tcp --dport 15053 -j RETURN -A POLARIS_INBOUND -p tcp -j POLARIS_IN_REDIRECT -A POLARIS_IN_REDIRECT -p tcp -j REDIRECT --to-ports 15006 -A POLARIS_OUTPUT -s 127.0.0.6/32 -o lo -j RETURN -A POLARIS_OUTPUT ! -d 127.0.0.1/32 -o lo -p tcp -m tcp ! --dport 53 -m owner --uid-owner 1337 -j POLARIS_IN_REDIRECT -A POLARIS_OUTPUT -o lo -p tcp -m tcp ! --dport 53 -m owner ! --uid-owner 1337 -j RETURN -A POLARIS_OUTPUT -m owner --uid-owner 1337 -j RETURN -A POLARIS_OUTPUT ! -d 127.0.0.1/32 -o lo -m owner --gid-owner 1337 -j POLARIS_IN_REDIRECT -A POLARIS_OUTPUT -o lo -p tcp -m tcp ! --dport 53 -m owner ! --gid-owner 1337 -j RETURN -A POLARIS_OUTPUT -m owner --gid-owner 1337 -j RETURN -A POLARIS_OUTPUT -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 15053 -A POLARIS_OUTPUT -d 127.0.0.1/32 -j RETURN -A POLARIS_OUTPUT -d 10.4.4.4/32 -j POLARIS_REDIRECT -A POLARIS_OUTPUT -j RETURN -A POLARIS_REDIRECT -p tcp -j REDIRECT --to-ports 15001

wangjianwen commented 3 months ago

返回 10.4.4.4 是正常的