kubernetes中coredns组件的高级用法
发布时间:2024-09-27 点击:84
云计算
通过coredns实现内外流量分离
场景
旧业务固定了域名,无法通过内部service直接访问服务
需要实现内部流量和外部流量自动拆分
实现
通过coredns的rewrite功能实现以上能力,如以下内部访问tenant.msa.chinamcloud.com域名时,会将流量转发到tenantapi.yunjiao.svc.cluster.local域名,实现内外域名访问一致。
部分版本nginx配置时候可能遇见无法访问的情况
[root@k8s-master1 ingress]# cat coredns.yamlapiversion: v1data: corefile: | .:53 { errors health rewrite name tenant.msa.chinamcloud.com tenantapi.yunjiao.svc.cluster.local rewrite name console.msa.chinamcloud.com console.yunjiao.svc.cluster.local rewrite name user.msa.chinamcloud.com userapi.yunjiao.svc.cluster.local rewrite name lims.msa.chinamcloud.com lims.yunjiao.svc.cluster.local rewrite name labapp.msa.chinamcloud.com limsapp.yunjiao.svc.cluster.local kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure upstream fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance }kind: configmapmetadata: creationtimestamp: 2019-04-02t04:57:19z name: coredns namespace: kube-system resourceversion: 197 selflink: /api/v1/namespaces/kube-system/configmaps/coredns uid: cb686453-5503-11e9-8ea6-005056be93f5检查
[root@k8s-master1 ingress]# kubectl run -it --rm --restart=never --image=infoblox/dnstools:latest dnstoolsif you don\\\'t see a command prompt, try pressing enter.dnstools# ping tenant.msa.chinamcloud.comping tenant.msa.chinamcloud.com (10.98.220.54): 56 data bytes^c--- tenant.msa.chinamcloud.com ping statistics ---4 packets transmitted, 0 packets received, 100% packet losskubernetes内部实现hosts功能
coredns配置参考文档
场景
通过kubernetes的coredns实现子域名解析
实现kubernetes内部 hosts绑定功能
实现
创建pod时声明hosts(不推荐)
[root@k8s-master-1 coredns]# kubectl explain pods.spec.hostaliaseskind: podversion: v1resource: hostaliases <[]object>description: hostaliases is an optional list of hosts and ips that will be injected into the pod\\\'s hosts file if specified. this is only valid for non-hostnetwork pods. hostalias holds the mapping between ip and hostnames that will be injected as an entry in the pod\\\'s hosts file.fields: hostnames <[]string> hostnames for the above ip address. ip <string> ip address of the host file entry.[root@k8s-master-1 coredns]#coredns的hosts特性声明
hosts 字段部分指明了三个域名的解析地址
[root@k8s-master-1 coredns]# cat coredns-cm.yamlapiversion: v1data: corefile: | .:53 { errors health hosts { 100.64.139.66 minio.chinamcloud.com 100.64.139.66 registry.chinamcloud.com 100.64.139.66 gitlab.chinamcloud.com fallthrough } kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure upstream fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance }kind: configmapmetadata: name: coredns namespace: kube-system根据域名指定上游dns服务器
sobeydemo.com 字段指明了解析该域名的dns服务器地址
[root@k8s-master-1 coredns]# cat coredns-cm.yamlapiversion: v1data: corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure upstream fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance } sobeydemo.com { forward . 100.64.134.250:53 }kind: configmapmetadata: name: coredns namespace: kube-system检查
[root@k8s-master-1 coredns]# kubectl run -it --rm --restart=never --image=infoblox/dnstools:latest dnstoolsif you don\\\'t see a command prompt, try pressing enter.dnstools# host 0dj01yur.sobeydemo.com0dj01yur.sobeydemo.com has address 100.64.148.1160dj01yur.sobeydemo.com has ipv6 address 2002:6440:9474::6440:9474dnstool
阿里云服务器挂淘客软件
密保问题忘记-域名及账户问题
阿里云服务器企业备案
企业注册域名需要多个吗?一般多少域名合适?
云服务器怎么使用云硬盘吗
共享型云服务器怎么部署是什么
怎么拥有自己的云服务器数据库
提示此证件号已有备案但是我查询备案上周被注销了
通过coredns实现内外流量分离
场景
旧业务固定了域名,无法通过内部service直接访问服务
需要实现内部流量和外部流量自动拆分
实现
通过coredns的rewrite功能实现以上能力,如以下内部访问tenant.msa.chinamcloud.com域名时,会将流量转发到tenantapi.yunjiao.svc.cluster.local域名,实现内外域名访问一致。
部分版本nginx配置时候可能遇见无法访问的情况
[root@k8s-master1 ingress]# cat coredns.yamlapiversion: v1data: corefile: | .:53 { errors health rewrite name tenant.msa.chinamcloud.com tenantapi.yunjiao.svc.cluster.local rewrite name console.msa.chinamcloud.com console.yunjiao.svc.cluster.local rewrite name user.msa.chinamcloud.com userapi.yunjiao.svc.cluster.local rewrite name lims.msa.chinamcloud.com lims.yunjiao.svc.cluster.local rewrite name labapp.msa.chinamcloud.com limsapp.yunjiao.svc.cluster.local kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure upstream fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance }kind: configmapmetadata: creationtimestamp: 2019-04-02t04:57:19z name: coredns namespace: kube-system resourceversion: 197 selflink: /api/v1/namespaces/kube-system/configmaps/coredns uid: cb686453-5503-11e9-8ea6-005056be93f5检查
[root@k8s-master1 ingress]# kubectl run -it --rm --restart=never --image=infoblox/dnstools:latest dnstoolsif you don\\\'t see a command prompt, try pressing enter.dnstools# ping tenant.msa.chinamcloud.comping tenant.msa.chinamcloud.com (10.98.220.54): 56 data bytes^c--- tenant.msa.chinamcloud.com ping statistics ---4 packets transmitted, 0 packets received, 100% packet losskubernetes内部实现hosts功能
coredns配置参考文档
场景
通过kubernetes的coredns实现子域名解析
实现kubernetes内部 hosts绑定功能
实现
创建pod时声明hosts(不推荐)
[root@k8s-master-1 coredns]# kubectl explain pods.spec.hostaliaseskind: podversion: v1resource: hostaliases <[]object>description: hostaliases is an optional list of hosts and ips that will be injected into the pod\\\'s hosts file if specified. this is only valid for non-hostnetwork pods. hostalias holds the mapping between ip and hostnames that will be injected as an entry in the pod\\\'s hosts file.fields: hostnames <[]string> hostnames for the above ip address. ip <string> ip address of the host file entry.[root@k8s-master-1 coredns]#coredns的hosts特性声明
hosts 字段部分指明了三个域名的解析地址
[root@k8s-master-1 coredns]# cat coredns-cm.yamlapiversion: v1data: corefile: | .:53 { errors health hosts { 100.64.139.66 minio.chinamcloud.com 100.64.139.66 registry.chinamcloud.com 100.64.139.66 gitlab.chinamcloud.com fallthrough } kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure upstream fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance }kind: configmapmetadata: name: coredns namespace: kube-system根据域名指定上游dns服务器
sobeydemo.com 字段指明了解析该域名的dns服务器地址
[root@k8s-master-1 coredns]# cat coredns-cm.yamlapiversion: v1data: corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure upstream fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance } sobeydemo.com { forward . 100.64.134.250:53 }kind: configmapmetadata: name: coredns namespace: kube-system检查
[root@k8s-master-1 coredns]# kubectl run -it --rm --restart=never --image=infoblox/dnstools:latest dnstoolsif you don\\\'t see a command prompt, try pressing enter.dnstools# host 0dj01yur.sobeydemo.com0dj01yur.sobeydemo.com has address 100.64.148.1160dj01yur.sobeydemo.com has ipv6 address 2002:6440:9474::6440:9474dnstool
阿里云服务器挂淘客软件
密保问题忘记-域名及账户问题
阿里云服务器企业备案
企业注册域名需要多个吗?一般多少域名合适?
云服务器怎么使用云硬盘吗
共享型云服务器怎么部署是什么
怎么拥有自己的云服务器数据库
提示此证件号已有备案但是我查询备案上周被注销了