概要

External-DNS提供了編程方式管理Kubernetes Ingress資源的DNS的功能，方便用戶從Ingress管理DNS解析記錄。而在kubernetes federation v2環(huán)境中，使用External-DNS可以快速的管理多個(gè)聯(lián)邦集群的Ingress DNS解析，降低用戶的操作成本。下面將簡(jiǎn)單介紹在阿里云容器服務(wù)環(huán)境中，如何使用External-DNS管理聯(lián)邦集群的Ingress DNS解析。

聯(lián)邦集群準(zhǔn)備

參考阿里云Kubernetes容器服務(wù)上體驗(yàn)Federation v2?搭建兩個(gè)集群組成的聯(lián)邦集群（配置好kubeconfig，并完成兩個(gè)集群的join）。

配置RAM信息

選擇Kubernetes集群節(jié)點(diǎn)列表內(nèi)任意一個(gè)Worker節(jié)點(diǎn)，打開對(duì)應(yīng)的節(jié)點(diǎn)列表信息頁(yè)面。

找到對(duì)應(yīng)的 RAM 角色，打開RAM控制臺(tái)，找到對(duì)應(yīng)的角色名稱，添加【AliyunDNSFullAccess】權(quán)限。

注意：每個(gè)集群都需要配置RAM信息。

部署External-DNS

配置RBAC

執(zhí)行下面yaml：

apiVersion: v1 kind: ServiceAccount metadata:name: external-dns --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata:name: external-dns rules: - apiGroups: [""]resources: ["services"]verbs: ["get","watch","list"] - apiGroups: [""]resources: ["pods"]verbs: ["get","watch","list"] - apiGroups: ["extensions"]resources: ["ingresses"]verbs: ["get","watch","list"] - apiGroups: [""]resources: ["nodes"]verbs: ["list"] - apiGroups: ["multiclusterdns.federation.k8s.io"]resources: ["dnsendpoints"]verbs: ["get", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata:name: external-dns-viewer roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: external-dns subjects: - kind: ServiceAccountname: external-dnsnamespace: default

部署External-DNS服務(wù)

執(zhí)行下面yaml：

apiVersion: extensions/v1beta1 kind: Deployment metadata:name: external-dns spec:strategy:type: Recreatetemplate:metadata:labels:app: external-dnsspec:serviceAccountName: external-dnscontainers:- name: external-dnsimage: registry.cn-beijing.aliyuncs.com/acs/external-dns:v0.5.8-27args:- --source=crd- --crd-source-apiversion=multiclusterdns.federation.k8s.io/v1alpha1- --crd-source-kind=DNSEndpoint- --provider=alibabacloud- --policy=sync # enable full synchronization- --registry=txt- --txt-prefix=cname- --txt-owner-id=my-identifier- --alibaba-cloud-config-file= # enable sts tokenvolumeMounts:- mountPath: /usr/share/zoneinfoname: hostpathvolumes:- name: hostpathhostPath:path: /usr/share/zoneinfotype: Directory

部署驗(yàn)證資源

創(chuàng)建FederatedDeployment和FederatedService：

apiVersion: v1 kind: Namespace metadata:name: test-namespace---apiVersion: types.federation.k8s.io/v1alpha1 kind: FederatedNamespace metadata:name: test-namespacenamespace: test-namespace spec:placement:clusterNames:- cluster1- cluster2---apiVersion: types.federation.k8s.io/v1alpha1 kind: FederatedDeployment metadata:name: test-deploymentnamespace: test-namespace spec:template:metadata:labels:app: nginxspec:replicas: 2selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- image: nginxname: nginxresources:limits:cpu: 500mrequests:cpu: 200mplacement:clusterNames:- cluster1- cluster2---apiVersion: types.federation.k8s.io/v1alpha1 kind: FederatedService metadata:name: test-servicenamespace: test-namespace spec:template:spec:selector:app: nginxtype: ClusterIPports:- name: httpport: 80placement:clusterNames:- cluster2- cluster1

各個(gè)集群ingress創(chuàng)建信息如下：

kubectl get ingress -n test-namespace --context cluster1 NAME HOSTS ADDRESS PORTS AGE test-ingress * 47.93.69.121 80 54mkubectl get ingress -n test-namespace --context cluster2 NAME HOSTS ADDRESS PORTS AGE test-ingress * 39.106.232.23 80 54m

創(chuàng)建FederatedIngress和IngressDNSRecord

apiVersion: types.federation.k8s.io/v1alpha1 kind: FederatedIngress metadata:name: test-ingressnamespace: test-namespace spec:template:spec:backend:serviceName: test-serviceservicePort: 80placement:clusterNames:- cluster2- cluster1 ---apiVersion: multiclusterdns.federation.k8s.io/v1alpha1 kind: IngressDNSRecord metadata:name: test-ingressnamespace: test-namespace spec:hosts:- ingress-example.example-domain.clubrecordTTL: 600

其中【ingress-example.example-domain.club】為測(cè)試阿里云托管的域名，請(qǐng)?zhí)崆霸诎⒗镌粕腺?gòu)買域名，并注意替換。

DNS解析驗(yàn)證

dig +short @dns7.hichina.com ingress-example.example-domain.club 47.93.69.121 39.106.232.23

可以看到我們綁定的域名已經(jīng)解析到了cluster1和cluster2的ingress IP上了。
訪問(wèn)域名相應(yīng)的服務(wù)：

curl ingress-example.sigma-host.club <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style>body {width: 35em;margin: 0 auto;font-family: Tahoma, Verdana, Arial, sans-serif;} </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p><p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p> </body> </html>

總結(jié)

通過(guò)上面介紹，可以看到使用External-DNS可以非常方便的管理federation-v2環(huán)境下的Ingress DNS解析。

原文鏈接
本文為云棲社區(qū)原創(chuàng)內(nèi)容，未經(jīng)允許不得轉(zhuǎn)載。

總結(jié)

以上是生活随笔為你收集整理的基于External-DNS的多集群Ingress DNS实践的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。