kubernetes配置自定义域名记录

问题背景

客户业务pod运行在内网，无法访问外网，对于一些应用，需要访问企业微信，淘宝等外部api接口时，采用代理的方式，即配置pod要访问的外部域名解析为内部代理服务器的ip，如配置api.weixin.qq.com,pod请求访问此域名时，dns解析为内部代理服务器ip-10.xxx.xx.xx,即需要自定义域名解析，经调研，有如下方式：

1.客户存在内网dns，且该内网dns可以解析用户需要的域名。这种情况只需要确保coredns所在的宿主机的/etc/resolv.conf中配了该dns即可。

2.使用kubernetes原生的hostalias功能，对于每个pod额外配置dns记录（https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/）

apiVersion: v1

kind: Pod

metadata:

name: hostaliases-pod

spec:

restartPolicy: Never

hostAliases:

- ip: "127.0.0.1"

hostnames:

- "foo.local"

- "bar.local"

- ip: "10.1.2.3"

hostnames:

- "foo.remote"

- "bar.remote"

containers:

- name: cat-hosts

image: busybox

command:

- cat

args:

- "/etc/hosts"

3使用coredns来做集群内全局的记录增加

3.1用file插件（单独配置a记录用，也可以做转发但配置不直观，这里不写了）

首先修改coredns的configmap，kubectl -n kube-system edit cm coredns
默认情况下如下

apiVersion: v1

data:

Corefile: |

.:53 {

errors

health

kubernetes cluster.local in-addr.arpa ip6.arpa {

pods insecure

upstream

fallthrough in-addr.arpa ip6.arpa

}

prometheus :9153

proxy . /etc/resolv.conf

cache 30

loop

reload

loadbalance

}

kind: ConfigMap

metadata:

creationTimestamp: "2019-06-18T08:10:05Z"

name: coredns

namespace: kube-system

resourceVersion: "181"

selfLink: /api/v1/namespaces/kube-system/configmaps/coredns

uid: 7abf504f-91a0-11e9-8570-52540089b1e0

我们将其修改为

apiVersion: v1

data:

Corefile: |

.:53 {

errors

health

kubernetes cluster.local in-addr.arpa ip6.arpa {

pods insecure

upstream

fallthrough in-addr.arpa ip6.arpa

}

prometheus :9153

file /etc/coredns/example.db example.org //使用中将example.org换为根域名

proxy . /etc/resolv.conf

cache 30

loop

reload

loadbalance

}

example.db: |

example.org. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2019062541 7200 3600 1209600 3600 // 修改example.org.换为对应的，不要漏了.

xxx.example.org. IN A 1.1.1.1 // 对应a记录在这里添加,用户想加几个域名就仿照这行格式在下面增加

kind: ConfigMap

metadata:

creationTimestamp: "2019-06-18T08:10:05Z"

name: coredns

namespace: kube-system

resourceVersion: "181"

selfLink: /api/v1/namespaces/kube-system/configmaps/coredns

uid: 7abf504f-91a0-11e9-8570-52540089b1e0

修改后保存即可。
之后修改coredns的deployment，将example.db挂载进去 kubectl -n kube-system edit deploy coredns
找到volumes

volumes:

- configMap:

defaultMode: 420

items:

- key: Corefile

path: Corefile

name: coredns

name: config-volume

将其改为

volumes:

- name: config-volume

configMap:

name: coredns

items:

- key: Corefile

path: Corefile

- key: example.db

path: example.db

然后保存退出即可。

3.2用hosts插件(单独配置a记录用）https://coredns.io/plugins/hosts/

首先修改coredns的configmap，kubectl -n kube-system edit cm coredns
默认情况下如下

apiVersion: v1

data:

Corefile: |

.:53 {

errors

health

kubernetes cluster.local in-addr.arpa ip6.arpa {

pods insecure

upstream

fallthrough in-addr.arpa ip6.arpa

}

prometheus :9153

proxy . /etc/resolv.conf

cache 30

loop

reload

loadbalance

}

kind: ConfigMap

metadata:

creationTimestamp: "2019-06-18T08:10:05Z"

name: coredns

namespace: kube-system

resourceVersion: "181"

selfLink: /api/v1/namespaces/kube-system/configmaps/coredns

uid: 7abf504f-91a0-11e9-8570-52540089b1e0

我们将其修改为

apiVersion: v1

data:

Corefile: |

.:53 {

errors

health

kubernetes cluster.local in-addr.arpa ip6.arpa {

pods insecure

upstream

fallthrough in-addr.arpa ip6.arpa

}

prometheus :9153

hosts example.org { //修改这里，example.org为根域名

10.0.0.1 bbb.example.org //这里就跟本地配host格式一样

fallthrough

}

// 这里如果宿主机配了hosts，也可以直接写hosts，不用上面的写法

proxy . /etc/resolv.conf

cache 30

loop

reload

loadbalance

}

kind: ConfigMap

metadata:

creationTimestamp: "2019-06-18T08:10:05Z"

name: coredns

namespace: kube-system

resourceVersion: "181"

selfLink: /api/v1/namespaces/kube-system/configmaps/coredns

uid: 7abf504f-91a0-11e9-8570-52540089b1e0

修改后保存即可。然后重建下coredns的pod就行

3.3用fowrad插件（做解析转发用）https://coredns.io/plugins/forward/

首先修改coredns的configmap，kubectl -n kube-system edit cm coredns
默认情况下如下

apiVersion: v1

data:

Corefile: |

.:53 {

errors

health

kubernetes cluster.local in-addr.arpa ip6.arpa {

pods insecure

upstream

fallthrough in-addr.arpa ip6.arpa

}

prometheus :9153

proxy . /etc/resolv.conf

cache 30

loop

reload

loadbalance

}

kind: ConfigMap

metadata:

creationTimestamp: "2019-06-18T08:10:05Z"

name: coredns

namespace: kube-system

resourceVersion: "181"

selfLink: /api/v1/namespaces/kube-system/configmaps/coredns

uid: 7abf504f-91a0-11e9-8570-52540089b1e0

我们将其修改为

apiVersion: v1

data:

Corefile: |

.:53 {

errors

health

kubernetes cluster.local in-addr.arpa ip6.arpa {

pods insecure

upstream

fallthrough in-addr.arpa ip6.arpa

}

prometheus :9153

forward example.org. 127.0.0.1:9005 127.0.0.1:9006 // 这里example.org.是根域名，后面是客户的dns服务器地址，可以写多个

proxy . /etc/resolv.conf

cache 30

loop

reload

loadbalance

}

kind: ConfigMap

metadata:

creationTimestamp: "2019-06-18T08:10:05Z"

name: coredns

namespace: kube-system

resourceVersion: "181"

selfLink: /api/v1/namespaces/kube-system/configmaps/coredns

uid: 7abf504f-91a0-11e9-8570-52540089b1e0

修改后保存即可。然后重建下coredns的pod就行

posted @ 2019-09-28 14:47 360linux 阅读(1302) 评论(0) 编辑收藏举报

刷新页面返回顶部

kubernetes配置自定义域名记录

问题背景

1.客户存在内网dns，且该内网dns可以解析用户需要的域名。这种情况只需要确保coredns所在的宿主机的/etc/resolv.conf中配了该dns即可。

2.使用kubernetes原生的hostalias功能，对于每个pod额外配置dns记录（https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/）

3使用coredns来做集群内全局的记录增加

3.1用file插件（单独配置a记录用，也可以做转发但配置不直观，这里不写了）

3.2用hosts插件(单独配置a记录用）https://coredns.io/plugins/hosts/

3.3用fowrad插件（做解析转发用）https://coredns.io/plugins/forward/

公告