kubernetes中coredns组件的高级用法
admin
2023-04-02 13:21:48
0

通过coredns实现内外流量分离

场景

  1. 旧业务固定了域名,无法通过内部service直接访问服务
  2. 需要实现内部流量和外部流量自动拆分

实现

  1. 通过coredns的rewrite功能实现以上能力,如以下内部访问tenant.msa.chinamcloud.com域名时,会将流量转发到tenantapi.yunjiao.svc.cluster.local域名,实现内外域名访问一致。
  2. 部分版本nginx配置时候可能遇见无法访问的情况
[root@k8s-master1 ingress]# cat coredns.yaml
apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health
        rewrite name tenant.msa.chinamcloud.com tenantapi.yunjiao.svc.cluster.local
        rewrite name console.msa.chinamcloud.com console.yunjiao.svc.cluster.local
        rewrite name user.msa.chinamcloud.com userapi.yunjiao.svc.cluster.local
        rewrite name lims.msa.chinamcloud.com lims.yunjiao.svc.cluster.local
        rewrite name labapp.msa.chinamcloud.com limsapp.yunjiao.svc.cluster.local
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }
kind: ConfigMap
metadata:
  creationTimestamp: "2019-04-02T04:57:19Z"
  name: coredns
  namespace: kube-system
  resourceVersion: "197"
  selfLink: /api/v1/namespaces/kube-system/configmaps/coredns
  uid: cb686453-5503-11e9-8ea6-005056be93f5

检查

[root@k8s-master1 ingress]#  kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
If you don't see a command prompt, try pressing enter.
dnstools# ping tenant.msa.chinamcloud.com
PING tenant.msa.chinamcloud.com (10.98.220.54): 56 data bytes
^C
--- tenant.msa.chinamcloud.com ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

kubernetes内部实现hosts功能

coredns配置参考文档

场景

  1. 通过kubernetes的coredns实现子域名解析
  2. 实现kubernetes内部 hosts绑定功能

实现

创建pod时声明hosts(不推荐)

[root@k8s-master-1 coredns]# kubectl  explain  pods.spec.hostAliases
KIND:     Pod
VERSION:  v1

RESOURCE: hostAliases <[]Object>

DESCRIPTION:
     HostAliases is an optional list of hosts and IPs that will be injected into
     the pod's hosts file if specified. This is only valid for non-hostNetwork
     pods.

     HostAlias holds the mapping between IP and hostnames that will be injected
     as an entry in the pod's hosts file.

FIELDS:
   hostnames    <[]string>
     Hostnames for the above IP address.

   ip   
     IP address of the host file entry.

[root@k8s-master-1 coredns]#

coredns的hosts特性声明

hosts 字段部分指明了三个域名的解析地址

[root@k8s-master-1 coredns]# cat coredns-cm.yaml
apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health
        hosts {
            100.64.139.66 minio.chinamcloud.com
            100.64.139.66 registry.chinamcloud.com
            100.64.139.66 gitlab.chinamcloud.com
            fallthrough
        }
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system

根据域名指定上游dns服务器

sobeydemo.com 字段指明了解析该域名的dns服务器地址

[root@k8s-master-1 coredns]# cat coredns-cm.yaml
apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }
    sobeydemo.com {
        forward . 100.64.134.250:53
    }
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system

检查

[root@k8s-master-1 coredns]#  kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
If you don't see a command prompt, try pressing enter.
dnstools# host 0DJ01YUR.sobeydemo.com
0DJ01YUR.sobeydemo.com has address 100.64.148.116
0DJ01YUR.sobeydemo.com has IPv6 address 2002:6440:9474::6440:9474
dnstools# host minio.chinamcloud.com
minio.chinamcloud.com has address 100.64.139.66
Host minio.chinamcloud.com not found: 3(NXDOMAIN)
Host minio.chinamcloud.com not found: 3(NXDOMAIN)
dnstools#

上一篇:Docker的网络模式

下一篇:kubernetes高可用集群版如何安装

相关内容

热门资讯

今日重大发现“星星武汉麻将怎么... 家人们!今天小编来为大家解答星星武汉麻将透视挂怎么安装这个问题咨询软件客服徽9752949的挂在哪里...
【第一财经】“欢乐贰柒拾究竟有... 网上科普关于“欢乐贰柒拾有没有挂”话题很是火热,小编也是针对欢乐贰柒拾作*弊开挂的方法以及开挂对应的...
重磅消息“传送屋到底是不是挂?... 您好:传送屋这款游戏可以开挂,确实是有挂的,需要了解加客服微信【4282891】很多玩家在这款游戏中...
终于了解“决胜麻将是不是有挂?... 您好:决胜麻将这款游戏可以开挂,确实是有挂的,需要了解加客服微信【9752949】很多玩家在这款游戏...
终于明白“神赚棋牌怎么开挂?”... 您好:神赚棋牌这款游戏可以开挂,确实是有挂的,需要了解加客服微信【9784099】很多玩家在这款游戏...
终于明白“相约福建麻将究竟有挂... 家人们!今天小编来为大家解答相约福建麻将透视挂怎么安装这个问题咨询软件客服徽4282891的挂在哪里...
玩家分享攻略“闽游麻将开挂器?... 您好:闽游麻将这款游戏可以开挂,确实是有挂的,需要了解加客服微信【4282891】很多玩家在这款游戏...
【第一财经】“小白大作战到底有... 有 亲,根据资深记者爆料小白大作战是可以开挂的,确实有挂(咨询软件无需打...
玩家分享攻略“同城游熟人麻将有... 家人们!今天小编来为大家解答同城游熟人麻将透视挂怎么安装这个问题咨询软件客服徽9752949的挂在哪...
玩家最新攻略“云圈丰城麻将是不... 有 亲,根据资深记者爆料云圈丰城麻将是可以开挂的,确实有挂(咨询软件无需...