K
Q

why CoreDNS server's port close with some Pods

2/13/2020

This is my kubernetes(v1.15.2) cluster CoreDNS(1.3.1) config:

.:53 {
    errors
    health
    kubernetes cluster.local in-addr.arpa ip6.arpa {
        pods insecure
        upstream
        fallthrough in-addr.arpa ip6.arpa
        ttl 30
    }
    prometheus :9153
    forward . /etc/resolv.conf
    cache 30
    loop
    reload
    loadbalance
}

when I am scan from host,the result is:

enter image description here

the port 53 is avaliable, when I scan from pods:

enter image description here

the port 53 is unavaliable, how to explain this?what could I do to make it avaliable in pods?

-- Dolphin
kubernetes

Similar Questions

Delete AKS deployment's running pod on regular basis (Job)
how do i add firewall rules to allow nodeports accessed over virtual ip in kubernetes
Jenkinsfile pipeline stage error in gcloud
What is the best way to handle automated builds using k8s.io/klog? (cannot convert klog.V(9) (type klog.Verbose) to type bool)

1 Answer

2/14/2020

You can scan CoreDNS port 53 in some pods,it shows your CoreDNS expose port is ok.The problem may be some pod in some host could not recieve CoreDNS response,check the kube-proxy log using this command to make sure the kube-proxy have no error and works fine:

journalctl -l -u kube-proxy|tail -n 120

kube-proxy is make sure your kubernetes cluster server forward to each backend pod,and refresh rule when pod ip changed.

-- Dolphin
Source: StackOverflow