类似12306网站开发,做实验学编程的网站,网站建设实录,asp网站空间申请概要
External-DNS提供了编程方式管理Kubernetes Ingress资源的DNS的功能#xff0c;方便用户从Ingress管理DNS解析记录。而在kubernetes federation v2环境中#xff0c;使用External-DNS可以快速的管理多个联邦集群的Ingress DNS解析#xff0c;降低用户的操作成本。下面…概要
External-DNS提供了编程方式管理Kubernetes Ingress资源的DNS的功能方便用户从Ingress管理DNS解析记录。而在kubernetes federation v2环境中使用External-DNS可以快速的管理多个联邦集群的Ingress DNS解析降低用户的操作成本。下面将简单介绍在阿里云容器服务环境中如何使用External-DNS管理联邦集群的Ingress DNS解析。
联邦集群准备
参考阿里云Kubernetes容器服务上体验Federation v2 搭建两个集群组成的联邦集群配置好kubeconfig并完成两个集群的join。
配置RAM信息
选择Kubernetes集群节点列表内任意一个Worker节点打开对应的节点列表信息页面。 找到对应的 RAM 角色打开RAM控制台找到对应的角色名称添加【AliyunDNSFullAccess】权限。 注意每个集群都需要配置RAM信息。
部署External-DNS
配置RBAC
执行下面yaml
apiVersion: v1
kind: ServiceAccount
metadata:name: external-dns
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:name: external-dns
rules:
- apiGroups: []resources: [services]verbs: [get,watch,list]
- apiGroups: []resources: [pods]verbs: [get,watch,list]
- apiGroups: [extensions]resources: [ingresses]verbs: [get,watch,list]
- apiGroups: []resources: [nodes]verbs: [list]
- apiGroups: [multiclusterdns.federation.k8s.io]resources: [dnsendpoints]verbs: [get, watch, list]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:name: external-dns-viewer
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: external-dns
subjects:
- kind: ServiceAccountname: external-dnsnamespace: default
部署External-DNS服务
执行下面yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:name: external-dns
spec:strategy:type: Recreatetemplate:metadata:labels:app: external-dnsspec:serviceAccountName: external-dnscontainers:- name: external-dnsimage: registry.cn-beijing.aliyuncs.com/acs/external-dns:v0.5.8-27args:- --sourcecrd- --crd-source-apiversionmulticlusterdns.federation.k8s.io/v1alpha1- --crd-source-kindDNSEndpoint- --provideralibabacloud- --policysync # enable full synchronization- --registrytxt- --txt-prefixcname- --txt-owner-idmy-identifier- --alibaba-cloud-config-file # enable sts tokenvolumeMounts:- mountPath: /usr/share/zoneinfoname: hostpathvolumes:- name: hostpathhostPath:path: /usr/share/zoneinfotype: Directory
部署验证资源
创建FederatedDeployment和FederatedService
apiVersion: v1
kind: Namespace
metadata:name: test-namespace---apiVersion: types.federation.k8s.io/v1alpha1
kind: FederatedNamespace
metadata:name: test-namespacenamespace: test-namespace
spec:placement:clusterNames:- cluster1- cluster2---apiVersion: types.federation.k8s.io/v1alpha1
kind: FederatedDeployment
metadata:name: test-deploymentnamespace: test-namespace
spec:template:metadata:labels:app: nginxspec:replicas: 2selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- image: nginxname: nginxresources:limits:cpu: 500mrequests:cpu: 200mplacement:clusterNames:- cluster1- cluster2---apiVersion: types.federation.k8s.io/v1alpha1
kind: FederatedService
metadata:name: test-servicenamespace: test-namespace
spec:template:spec:selector:app: nginxtype: ClusterIPports:- name: httpport: 80placement:clusterNames:- cluster2- cluster1
各个集群ingress创建信息如下
kubectl get ingress -n test-namespace --context cluster1
NAME HOSTS ADDRESS PORTS AGE
test-ingress * 47.93.69.121 80 54mkubectl get ingress -n test-namespace --context cluster2
NAME HOSTS ADDRESS PORTS AGE
test-ingress * 39.106.232.23 80 54m
创建FederatedIngress和IngressDNSRecord
apiVersion: types.federation.k8s.io/v1alpha1
kind: FederatedIngress
metadata:name: test-ingressnamespace: test-namespace
spec:template:spec:backend:serviceName: test-serviceservicePort: 80placement:clusterNames:- cluster2- cluster1 ---apiVersion: multiclusterdns.federation.k8s.io/v1alpha1
kind: IngressDNSRecord
metadata:name: test-ingressnamespace: test-namespace
spec:hosts:- ingress-example.example-domain.clubrecordTTL: 600
其中【ingress-example.example-domain.club】为测试阿里云托管的域名请提前在阿里云上购买域名并注意替换。
DNS解析验证
dig short dns7.hichina.com ingress-example.example-domain.club
47.93.69.121
39.106.232.23
可以看到我们绑定的域名已经解析到了cluster1和cluster2的ingress IP上了。 访问域名相应的服务
curl ingress-example.sigma-host.club
!DOCTYPE html
html
head
titleWelcome to nginx!/title
stylebody {width: 35em;margin: 0 auto;font-family: Tahoma, Verdana, Arial, sans-serif;}
/style
/head
body
h1Welcome to nginx!/h1
pIf you see this page, the nginx web server is successfully installed and
working. Further configuration is required./ppFor online documentation and support please refer to
a hrefhttp://nginx.org/nginx.org/a.br/
Commercial support is available at
a hrefhttp://nginx.com/nginx.com/a./ppemThank you for using nginx./em/p
/body
/html
总结
通过上面介绍可以看到使用External-DNS可以非常方便的管理federation-v2环境下的Ingress DNS解析。
原文链接 本文为云栖社区原创内容未经允许不得转载。
