概述
External-DNS提供了编程方式管理Kubernetes Service资源的DNS的功能,类似于容器服务kubernetes federation v2实践一:基于External-DNS的多集群Ingress DNS实践,External-DNS会监听LoadBalancer类型的Service,然后与云厂商打通,按照可用区、region和全局三个维度生成独自的域名解析记录,便于服务间调用引导流量。本文简单介绍如何在阿里云容器平台上使用External-DNS管理多集群Service DNS。
环境准备
参考容器服务kubernetes federation v2实践一:基于External-DNS的多集群Ingress DNS实践完成【联邦集群准备】、【配置RAM信息】和【部署External-DNS】部分,并配置好kubeConfig,如下所示:
kubectl config get-contextsCURRENT NAME CLUSTER AUTHINFO NAMESPACE* cluster1 cluster1 kubernetes-admin1 cluster2 cluster2 kubernetes-admin2资源部署
创建FederatedDeployment和FederatedService
yaml如下,注意FederatedService类型为LoadBalancer
apiVersion: v1kind: Namespacemetadata: name: test-namespace---apiVersion: types.federation.k8s.io/v1alpha1kind: FederatedNamespacemetadata: name: test-namespace namespace: test-namespacespec: placement: clusterNames: - cluster1 - cluster2---apiVersion: types.federation.k8s.io/v1alpha1kind: FederatedDeploymentmetadata: name: test-deployment namespace: test-namespacespec: template: metadata: labels: app: nginx spec: replicas: 2 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - image: nginx name: nginx placement: clusterNames: - cluster1 - cluster2---apiVersion: types.federation.k8s.io/v1alpha1kind: FederatedServicemetadata: name: test-service namespace: test-namespacespec: template: spec: selector: app: nginx type: LoadBalancer ports: - name: http port: 80 placement: clusterNames: - cluster2 - cluster1查看各个集群Service详情:
get svc -n test-namespace --context cluster1NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEtest-service LoadBalancer 172.23.5.173 39.96.243.59 80:30185/TCP 28sget svc -n test-namespace --context cluster2NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEtest-service LoadBalancer 172.21.11.44 47.95.152.65 80:30384/TCP 31s创建Domain和ServiceDNSRecord
yaml如下,注意请将【service.example-domain.club】替换成测试域名(必须由阿里云托管的域名)。
apiVersion: multiclusterdns.federation.k8s.io/v1alpha1kind: Domainmetadata: name: test-domain namespace: federation-systemdomain: service.example-domain.club---apiVersion: multiclusterdns.federation.k8s.io/v1alpha1kind: ServiceDNSRecordmetadata: name: test-service namespace: test-namespacespec: domainRef: test-domain recordTTL: 600结果分析
查看DnsEndpoint详情:
kubectl get dnsendpoint -n test-namespace -o yamlapiVersion: v1items:- apiVersion: multiclusterdns.federation.k8s.io/v1alpha1 kind: DNSEndpoint metadata: creationTimestamp: 2019-05-17T08:49:31Z generation: 2 name: service-test-service namespace: test-namespace resourceVersion: "742339863" selfLink: /apis/multiclusterdns.federation.k8s.io/v1alpha1/namespaces/test-namespace/dnsendpoints/service-test-service uid: afd3e22a-7880-11e9-9566-326dc52c25d3 spec: endpoints: - dnsName: test-service.test-namespace.test-domain.svc.cn-beijing-a.cn-beijing.service.example-domain.club recordTTL: 600 recordType: A targets: - 47.95.152.65 - dnsName: test-service.test-namespace.test-domain.svc.cn-beijing-f.cn-beijing.service.example-domain.club recordTTL: 600 recordType: A targets: - 39.96.243.59 - dnsName: test-service.test-namespace.test-domain.svc.cn-beijing.service.example-domain.club recordTTL: 600 recordType: A targets: - 39.96.243.59 - 47.95.152.65 - dnsName: test-service.test-namespace.test-domain.svc.service.example-domain.club recordTTL: 600 recordType: A targets: - 39.96.243.59 - 47.95.152.65kind: Listmetadata: resourceVersion: "" selfLink: ""可以看到External-DNS已经自动生成了4条解析记录,包含北京两个可用区、北京region和全局四个dns解析记录。
dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.cn-beijing-a.cn-beijing.service.example-domain.club47.95.152.65dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.cn-beijing-f.cn-beijing.service.example-domain.club39.96.243.59dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.cn-beijing.service.example-domain.club47.95.152.6539.96.243.59dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.service.example-domain.club47.95.152.6539.96.243.59结论
External-DNS在Federation-V2多集群联邦环境下,可以根据Service部署所在的可用区、region和全局三个维度生成多条DNS解析记录,帮助服务灵活的引导流量。
本文作者:钧博
阅读原文
本文为云栖社区原创内容,未经允许不得转载。