Fatal编程技术网
  • openshift/
  • OpenShift:解析到同一IP的外部主机

OpenShift:解析到同一IP的外部主机

openshift

OpenShift:解析到同一IP的外部主机,openshift,openshift-enterprise,Openshift,Openshift Enterprise,刚刚安装了OpenShift,它基本上可以正常工作。我有一个小问题,那就是外部(非集群)主机名的DNS解析解析解析到我的OCP路由器IP地址 例如: oc run --rm -i -t alpine-bash --image=bashell/alpine-bash --restart=Never '/bin/bash' If you don't see a command prompt, try pressing enter. bash-4.4# bash-4.4# ping www.googl

刚刚安装了OpenShift,它基本上可以正常工作。我有一个小问题,那就是外部(非集群)主机名的DNS解析解析解析到我的OCP路由器IP地址

例如:

oc run --rm -i -t alpine-bash --image=bashell/alpine-bash --restart=Never '/bin/bash'
If you don't see a command prompt, try pressing enter.
bash-4.4#
bash-4.4# ping www.google.com
PING www.google.com (10.222.178.30): 56 data bytes
64 bytes from 10.222.178.30: seq=0 ttl=254 time=0.342 ms
64 bytes from 10.222.178.30: seq=1 ttl=254 time=0.161 ms
^C
--- www.google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.161/0.251/0.342 ms
bash-4.4# ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2): 56 data bytes
64 bytes from 4.2.2.2: seq=0 ttl=56 time=35.461 ms
64 bytes from 4.2.2.2: seq=1 ttl=56 time=39.621 ms
^C
--- 4.2.2.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 35.461/37.541/39.621 ms
bash-4.4# ping stackoverflow.com
PING stackoverflow.com (10.222.178.30): 56 data bytes
64 bytes from 10.222.178.30: seq=0 ttl=254 time=0.362 ms
64 bytes from 10.222.178.30: seq=1 ttl=254 time=0.200 ms
^C
--- stackoverflow.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.200/0.281/0.362 ms
bash-4.4# cat /etc/resolv.conf
nameserver 10.222.178.15
search deantest.svc.cluster.local svc.cluster.local cluster.local cloud.wagerworks.com
options ndots:5
我的DNSMasq配置如下所示:

[root@ocp-node04 ~]# cat /etc/dnsmasq.d/*
no-resolv
domain-needed
no-negcache
max-cache-ttl=1
enable-dbus
dns-forward-max=10000
cache-size=10000
bind-dynamic
min-port=1024
except-interface=lo
# End of config
server=10.222.160.37
server=10.222.160.38
主机本身的DNS解析工作正常。作为参考,我正在运行ovs NetworkPolicy插件。我应用了两个策略:默认每个名称空间和允许来自同一名称空间

- apiVersion: networking.k8s.io/v1
  kind: NetworkPolicy
  metadata:
    name: allow-from-same-namespace
  spec:
    ingress:
    - from:
      - podSelector: {}
    podSelector: null
- apiVersion: networking.k8s.io/v1
  kind: NetworkPolicy
  metadata:
    name: allow-from-default-namespace
  spec:
    ingress:
    - from:
      - namespaceSelector:
          matchLabels:
            name: default
    podSelector: null