kubernetes中coredns组件的高级用法-创新互联
通过coredns实现内外流量分离
场景
- 旧业务固定了域名,无法通过内部service直接访问服务
- 需要实现内部流量和外部流量自动拆分
实现
- 通过coredns的rewrite功能实现以上能力,如以下内部访问
tenant.msa.chinamcloud.com
域名时,会将流量转发到tenantapi.yunjiao.svc.cluster.local
域名,实现内外域名访问一致。 - 部分版本nginx配置时候可能遇见无法访问的情况
[root@k8s-master1 ingress]# cat coredns.yaml
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health
rewrite name tenant.msa.chinamcloud.com tenantapi.yunjiao.svc.cluster.local
rewrite name console.msa.chinamcloud.com console.yunjiao.svc.cluster.local
rewrite name user.msa.chinamcloud.com userapi.yunjiao.svc.cluster.local
rewrite name lims.msa.chinamcloud.com lims.yunjiao.svc.cluster.local
rewrite name labapp.msa.chinamcloud.com limsapp.yunjiao.svc.cluster.local
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
kind: ConfigMap
metadata:
creationTimestamp: "2019-04-02T04:57:19Z"
name: coredns
namespace: kube-system
resourceVersion: "197"
selfLink: /api/v1/namespaces/kube-system/configmaps/coredns
uid: cb686453-5503-11e9-8ea6-005056be93f5
检查
[root@k8s-master1 ingress]# kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
If you don't see a command prompt, try pressing enter.
dnstools# ping tenant.msa.chinamcloud.com
PING tenant.msa.chinamcloud.com (10.98.220.54): 56 data bytes
^C
--- tenant.msa.chinamcloud.com ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
kubernetes内部实现hosts功能
coredns配置参考文档
10年积累的成都网站制作、成都网站建设、外贸营销网站建设经验,可以快速应对客户对网站的新想法和需求。提供各种问题对应的解决方案。让选择我们的客户得到更好、更有力的网络服务。我虽然不认识你,你也不认识我。但先制作网站后付款的网站建设流程,更有郸城免费网站建设让你可以放心的选择与我们合作。场景
- 通过kubernetes的coredns实现子域名解析
- 实现kubernetes内部 hosts绑定功能
实现
创建pod时声明hosts(不推荐)
[root@k8s-master-1 coredns]# kubectl explain pods.spec.hostAliases
KIND: Pod
VERSION: v1
RESOURCE: hostAliases <[]Object>
DESCRIPTION:
HostAliases is an optional list of hosts and IPs that will be injected into
the pod's hosts file if specified. This is only valid for non-hostNetwork
pods.
HostAlias holds the mapping between IP and hostnames that will be injected
as an entry in the pod's hosts file.
FIELDS:
hostnames <[]string>
Hostnames for the above IP address.
ip
IP address of the host file entry.
[root@k8s-master-1 coredns]#
coredns的hosts特性声明
hosts 字段部分指明了三个域名的解析地址
[root@k8s-master-1 coredns]# cat coredns-cm.yaml
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health
hosts {
100.64.139.66 minio.chinamcloud.com
100.64.139.66 registry.chinamcloud.com
100.64.139.66 gitlab.chinamcloud.com
fallthrough
}
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
根据域名指定上游dns服务器
sobeydemo.com 字段指明了解析该域名的dns服务器地址
[root@k8s-master-1 coredns]# cat coredns-cm.yaml
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
sobeydemo.com {
forward . 100.64.134.250:53
}
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
检查
[root@k8s-master-1 coredns]# kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
If you don't see a command prompt, try pressing enter.
dnstools# host 0DJ01YUR.sobeydemo.com
0DJ01YUR.sobeydemo.com has address 100.64.148.116
0DJ01YUR.sobeydemo.com has IPv6 address 2002:6440:9474::6440:9474
dnstools# host minio.chinamcloud.com
minio.chinamcloud.com has address 100.64.139.66
Host minio.chinamcloud.com not found: 3(NXDOMAIN)
Host minio.chinamcloud.com not found: 3(NXDOMAIN)
dnstools#
另外有需要云服务器可以了解下创新互联cdcxhl.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
新闻名称:kubernetes中coredns组件的高级用法-创新互联
新闻来源:http://cdiso.cn/article/edhei.html