概述
External-DNS 提供了编程方式管理 Kubernetes Service 资源的 DNS 的功能,类似于容器服务 kubernetes federation v2 实践一:基于 External-DNS 的多集群 Ingress DNS 实践,External-DNS 会监听 LoadBalancer 类型的 Service,然后与云厂商打通,按照可用区、region 和全局三个维度生成独自的域名解析记录,便于服务间调用引导流量。本文简单介绍如何在阿里云容器平台上使用 External-DNS 管理多集群 Service DNS。
环境准备
参考容器服务 kubernetes federation v2 实践一:基于 External-DNS 的多集群 Ingress DNS 实践完成【联邦集群准备】、【配置 RAM 信息】和【部署 External-DNS】部分,并配置好 kubeConfig,如下所示:
kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* cluster1 cluster1 kubernetes-admin1
cluster2 cluster2 kubernetes-admin2
资源部署
创建 FederatedDeployment 和 FederatedService
yaml 如下,注意 FederatedService 类型为 LoadBalancer
apiVersion: v1
kind: Namespace
metadata:
name: test-namespace
---
apiVersion: types.federation.k8s.io/v1alpha1
kind: FederatedNamespace
metadata:
name: test-namespace
namespace: test-namespace
spec:
placement:
clusterNames:
- cluster1
- cluster2
---
apiVersion: types.federation.k8s.io/v1alpha1
kind: FederatedDeployment
metadata:
name: test-deployment
namespace: test-namespace
spec:
template:
metadata:
labels:
app: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
placement:
clusterNames:
- cluster1
- cluster2
---
apiVersion: types.federation.k8s.io/v1alpha1
kind: FederatedService
metadata:
name: test-service
namespace: test-namespace
spec:
template:
spec:
selector:
app: nginx
type: LoadBalancer
ports:
- name: http
port: 80
placement:
clusterNames:
- cluster2
- cluster1
查看各个集群 Service 详情:
get svc -n test-namespace --context cluster1
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
test-service LoadBalancer 172.23.5.173 39.96.243.59 80:30185/TCP 28s
get svc -n test-namespace --context cluster2
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
test-service LoadBalancer 172.21.11.44 47.95.152.65 80:30384/TCP 31s
创建 Domain 和 ServiceDNSRecord
yaml 如下,注意请将【service.example-domain.club】替换成测试域名(必须由阿里云托管的域名)。
apiVersion: multiclusterdns.federation.k8s.io/v1alpha1
kind: Domain
metadata:
name: test-domain
namespace: federation-system
domain: service.example-domain.club
---
apiVersion: multiclusterdns.federation.k8s.io/v1alpha1
kind: ServiceDNSRecord
metadata:
name: test-service
namespace: test-namespace
spec:
domainRef: test-domain
recordTTL: 600
结果分析
查看 DnsEndpoint 详情:
kubectl get dnsendpoint -n test-namespace -o yaml
apiVersion: v1
items:
- apiVersion: multiclusterdns.federation.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
creationTimestamp: 2019-05-17T08:49:31Z
generation: 2
name: service-test-service
namespace: test-namespace
resourceVersion: "742339863"
selfLink: /apis/multiclusterdns.federation.k8s.io/v1alpha1/namespaces/test-namespace/dnsendpoints/service-test-service
uid: afd3e22a-7880-11e9-9566-326dc52c25d3
spec:
endpoints:
- dnsName: test-service.test-namespace.test-domain.svc.cn-beijing-a.cn-beijing.service.example-domain.club
recordTTL: 600
recordType: A
targets:
- 47.95.152.65
- dnsName: test-service.test-namespace.test-domain.svc.cn-beijing-f.cn-beijing.service.example-domain.club
recordTTL: 600
recordType: A
targets:
- 39.96.243.59
- dnsName: test-service.test-namespace.test-domain.svc.cn-beijing.service.example-domain.club
recordTTL: 600
recordType: A
targets:
- 39.96.243.59
- 47.95.152.65
- dnsName: test-service.test-namespace.test-domain.svc.service.example-domain.club
recordTTL: 600
recordType: A
targets:
- 39.96.243.59
- 47.95.152.65
kind: List
metadata:
resourceVersion: ""selfLink:""
可以看到 External-DNS 已经自动生成了 4 条解析记录,包含北京两个可用区、北京 region 和全局四个 dns 解析记录。
dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.cn-beijing-a.cn-beijing.service.example-domain.club
47.95.152.65
dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.cn-beijing-f.cn-beijing.service.example-domain.club
39.96.243.59
dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.cn-beijing.service.example-domain.club
47.95.152.65
39.96.243.59
dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.service.example-domain.club
47.95.152.65
39.96.243.59
结论
External-DNS 在 Federation-V2 多集群联邦环境下,可以根据 Service 部署所在的可用区、region 和全局三个维度生成多条 DNS 解析记录,帮助服务灵活的引导流量。
本文作者:钧博
阅读原文
本文为云栖社区原创内容,未经允许不得转载。