概述
External-DNS提供了编程方式管理Kubernetes Service资源的DNS的功能,类似于容器服务kubernetes federation v2实践一:基于External-DNS的多集群Ingress DNS实践,External-DNS会监听LoadBalancer类型的Service,然后与云厂商打通,按照可用区、region和全局三个维度生成独自的域名解析记录,便于服务间调用引导流量。本文简单介绍如何在阿里云容器平台上使用External-DNS管理多集群Service DNS。
环境准备
参考容器服务kubernetes federation v2实践一:基于External-DNS的多集群Ingress DNS实践完成【联邦集群准备】、【配置RAM信息】和【部署External-DNS】部分,并配置好kubeConfig,如下所示:
kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* cluster1 cluster1 kubernetes-admin1cluster2 cluster2 kubernetes-admin2资源部署
创建FederatedDeployment和FederatedService
yaml如下,注意FederatedService类型为LoadBalancer
apiVersion: v1
kind: Namespace
metadata:name: test-namespace---apiVersion: types.federation.k8s.io/v1alpha1
kind: FederatedNamespace
metadata:name: test-namespacenamespace: test-namespace
spec:placement:clusterNames:- cluster1- cluster2---apiVersion: types.federation.k8s.io/v1alpha1
kind: FederatedDeployment
metadata:name: test-deploymentnamespace: test-namespace
spec:template:metadata:labels:app: nginxspec:replicas: 2selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- image: nginxname: nginxplacement:clusterNames:- cluster1- cluster2---apiVersion: types.federation.k8s.io/v1alpha1
kind: FederatedService
metadata:name: test-servicenamespace: test-namespace
spec:template:spec:selector:app: nginxtype: LoadBalancerports:- name: httpport: 80placement:clusterNames:- cluster2- cluster1查看各个集群Service详情:
get svc -n test-namespace --context cluster1
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
test-service LoadBalancer 172.23.5.173 39.96.243.59 80:30185/TCP 28sget svc -n test-namespace --context cluster2
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
test-service LoadBalancer 172.21.11.44 47.95.152.65 80:30384/TCP 31s创建Domain和ServiceDNSRecord
yaml如下,注意请将【service.example-domain.club】替换成测试域名(必须由阿里云托管的域名)。
apiVersion: multiclusterdns.federation.k8s.io/v1alpha1
kind: Domain
metadata:name: test-domainnamespace: federation-system
domain: service.example-domain.club
---
apiVersion: multiclusterdns.federation.k8s.io/v1alpha1
kind: ServiceDNSRecord
metadata:name: test-servicenamespace: test-namespace
spec:domainRef: test-domainrecordTTL: 600结果分析
查看DnsEndpoint详情:
kubectl get dnsendpoint -n test-namespace -o yaml
apiVersion: v1
items:
- apiVersion: multiclusterdns.federation.k8s.io/v1alpha1kind: DNSEndpointmetadata:creationTimestamp: 2019-05-17T08:49:31Zgeneration: 2name: service-test-servicenamespace: test-namespaceresourceVersion: "742339863"selfLink: /apis/multiclusterdns.federation.k8s.io/v1alpha1/namespaces/test-namespace/dnsendpoints/service-test-serviceuid: afd3e22a-7880-11e9-9566-326dc52c25d3spec:endpoints:- dnsName: test-service.test-namespace.test-domain.svc.cn-beijing-a.cn-beijing.service.example-domain.clubrecordTTL: 600recordType: Atargets:- 47.95.152.65- dnsName: test-service.test-namespace.test-domain.svc.cn-beijing-f.cn-beijing.service.example-domain.clubrecordTTL: 600recordType: Atargets:- 39.96.243.59- dnsName: test-service.test-namespace.test-domain.svc.cn-beijing.service.example-domain.clubrecordTTL: 600recordType: Atargets:- 39.96.243.59- 47.95.152.65- dnsName: test-service.test-namespace.test-domain.svc.service.example-domain.clubrecordTTL: 600recordType: Atargets:- 39.96.243.59- 47.95.152.65
kind: List
metadata:resourceVersion: ""selfLink: ""可以看到External-DNS已经自动生成了4条解析记录,包含北京两个可用区、北京region和全局四个dns解析记录。
dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.cn-beijing-a.cn-beijing.service.example-domain.club
47.95.152.65dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.cn-beijing-f.cn-beijing.service.example-domain.club
39.96.243.59dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.cn-beijing.service.example-domain.club
47.95.152.65
39.96.243.59dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.service.example-domain.club
47.95.152.65
39.96.243.59结论
External-DNS在Federation-V2多集群联邦环境下,可以根据Service部署所在的可用区、region和全局三个维度生成多条DNS解析记录,帮助服务灵活的引导流量。
原文链接
本文为云栖社区原创内容,未经允许不得转载。
)
