概要

External-DNS提供了編程方式管理Kubernetes Ingress資源的DNS的功能，方便用戶從Ingress管理DNS解析記錄。而在kubernetes federation v2環境中，使用External-DNS可以快速的管理多個聯邦集群的Ingress DNS解析，降低用戶的操作成本。下面將簡單介紹在阿里云容器服務環境中，如何使用External-DNS管理聯邦集群的Ingress DNS解析。

聯邦集群準備

參考阿里云Kubernetes容器服務上體驗Federation v2?搭建兩個集群組成的聯邦集群（配置好kubeconfig，并完成兩個集群的join）。

配置RAM信息

選擇Kubernetes集群節點列表內任意一個Worker節點，打開對應的節點列表信息頁面。

找到對應的 RAM 角色，打開RAM控制臺，找到對應的角色名稱，添加【AliyunDNSFullAccess】權限。

注意：每個集群都需要配置RAM信息。

部署External-DNS

配置RBAC

執行下面yaml：

apiVersion: v1 kind: ServiceAccount metadata:name: external-dns --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata:name: external-dns rules: - apiGroups: [""]resources: ["services"]verbs: ["get","watch","list"] - apiGroups: [""]resources: ["pods"]verbs: ["get","watch","list"] - apiGroups: ["extensions"]resources: ["ingresses"]verbs: ["get","watch","list"] - apiGroups: [""]resources: ["nodes"]verbs: ["list"] - apiGroups: ["multiclusterdns.federation.k8s.io"]resources: ["dnsendpoints"]verbs: ["get", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata:name: external-dns-viewer roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: external-dns subjects: - kind: ServiceAccountname: external-dnsnamespace: default

部署External-DNS服務

執行下面yaml：

apiVersion: extensions/v1beta1 kind: Deployment metadata:name: external-dns spec:strategy:type: Recreatetemplate:metadata:labels:app: external-dnsspec:serviceAccountName: external-dnscontainers:- name: external-dnsimage: registry.cn-beijing.aliyuncs.com/acs/external-dns:v0.5.8-27args:- --source=crd- --crd-source-apiversion=multiclusterdns.federation.k8s.io/v1alpha1- --crd-source-kind=DNSEndpoint- --provider=alibabacloud- --policy=sync # enable full synchronization- --registry=txt- --txt-prefix=cname- --txt-owner-id=my-identifier- --alibaba-cloud-config-file= # enable sts tokenvolumeMounts:- mountPath: /usr/share/zoneinfoname: hostpathvolumes:- name: hostpathhostPath:path: /usr/share/zoneinfotype: Directory

部署驗證資源

創建FederatedDeployment和FederatedService：

apiVersion: v1 kind: Namespace metadata:name: test-namespace---apiVersion: types.federation.k8s.io/v1alpha1 kind: FederatedNamespace metadata:name: test-namespacenamespace: test-namespace spec:placement:clusterNames:- cluster1- cluster2---apiVersion: types.federation.k8s.io/v1alpha1 kind: FederatedDeployment metadata:name: test-deploymentnamespace: test-namespace spec:template:metadata:labels:app: nginxspec:replicas: 2selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- image: nginxname: nginxresources:limits:cpu: 500mrequests:cpu: 200mplacement:clusterNames:- cluster1- cluster2---apiVersion: types.federation.k8s.io/v1alpha1 kind: FederatedService metadata:name: test-servicenamespace: test-namespace spec:template:spec:selector:app: nginxtype: ClusterIPports:- name: httpport: 80placement:clusterNames:- cluster2- cluster1

各個集群ingress創建信息如下：

kubectl get ingress -n test-namespace --context cluster1 NAME HOSTS ADDRESS PORTS AGE test-ingress * 47.93.69.121 80 54mkubectl get ingress -n test-namespace --context cluster2 NAME HOSTS ADDRESS PORTS AGE test-ingress * 39.106.232.23 80 54m

創建FederatedIngress和IngressDNSRecord

apiVersion: types.federation.k8s.io/v1alpha1 kind: FederatedIngress metadata:name: test-ingressnamespace: test-namespace spec:template:spec:backend:serviceName: test-serviceservicePort: 80placement:clusterNames:- cluster2- cluster1 ---apiVersion: multiclusterdns.federation.k8s.io/v1alpha1 kind: IngressDNSRecord metadata:name: test-ingressnamespace: test-namespace spec:hosts:- ingress-example.example-domain.clubrecordTTL: 600

其中【ingress-example.example-domain.club】為測試阿里云托管的域名，請提前在阿里云上購買域名，并注意替換。

DNS解析驗證

dig +short @dns7.hichina.com ingress-example.example-domain.club 47.93.69.121 39.106.232.23

可以看到我們綁定的域名已經解析到了cluster1和cluster2的ingress IP上了。
訪問域名相應的服務：

curl ingress-example.sigma-host.club <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style>body {width: 35em;margin: 0 auto;font-family: Tahoma, Verdana, Arial, sans-serif;} </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p><p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p> </body> </html>

總結

通過上面介紹，可以看到使用External-DNS可以非常方便的管理federation-v2環境下的Ingress DNS解析。

原文鏈接
本文為云棲社區原創內容，未經允許不得轉載。

總結

以上是生活随笔為你收集整理的基于External-DNS的多集群Ingress DNS实践的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。