内容简介:Kubernetes社区的生态繁荣和该领域技术的快速茁壮发展,已经是众所周知。Kubernetes领域有太多强大的、创新的技术产品,而最近引起我注意的项目是ExternalDNS。这是在近期的POC期间客户主动咨询起来的,我承诺客户会尝试一下ExternalDNS子项目,且使用后发现它真的令人印象深刻。ExternalDNS子项目(孵化器流程已被弃用)是由sig-network赞助并由Tim Hockin倡导的,旨在自动配置云DNS提供商。这很重要,因为它进一步支持基础架构自动化,用户可以在应用程序部署的
Kubernetes社区的生态繁荣和该领域技术的快速茁壮发展,已经是众所周知。Kubernetes领域有太多强大的、创新的技术产品,而最近引起我注意的项目是ExternalDNS。这是在近期的POC期间客户主动咨询起来的,我承诺客户会尝试一下ExternalDNS子项目,且使用后发现它真的令人印象深刻。
ExternalDNS子项目
ExternalDNS子项目(孵化器流程已被弃用)是由sig-network赞助并由Tim Hockin倡导的,旨在自动配置云DNS提供商。这很重要,因为它进一步支持基础架构自动化,用户可以在应用程序部署的同时直接完成DNS配置。
传统企业部署模型,通常是由多个孤立业务单元,来处理部署过程的不同部分。但带有ExternalDNS的Kubernetes不同于传统企业部署模型,它可以自动完成此过程的这一部分工作。有时候有可能会出现这种不好的情况:一部分软件已准备就绪,但它却必须等待另一个业务部门手动配置DNS。而有了ExternalDNS,这一潜在问题就被解决了。
通过ExternalDNS,组织团队可实现自动化和共同责任协作,而这将避免手动配置的错误,并使各方都能够更有效地将其产品推向市场。
AKS上的ExternalDNS配置和部署
我曾作为软件开发人员在.NET领域有过多年的工作经验。微软开发人员社区在我心中一直有一个特殊的位置,过去几年以来我参加过不少费城地区的Azure用户meetup,分享如何通过ACS(Azure Container Service)和AKS(Azure Kubernetes Service)使用Kubernetes on Azure。恰巧的是,向我咨询ExternalDNS的用户也正是在选择了Azure作为其IaaS产品。
下文是我准备的在AKS集群上启动ExternalDNS的分步说明和帮助程序代码。即使您使用的是其他公有云上的托管的Kubernetes,本教程依然适用。
先决条件
登录Azure AD,必要情况下请设置订阅。
几点注意事项
1、请注意,本文档中的外部模板文件使用了许多可选设置。
2、它也在debug级别日志中,因此您也可以自行进行troubleshooting。
在Azure AKS或Azure IaaS上设置ExternalDNS
1、创建Azure DNS记录
RESOURCE_GROUP=MC_rancher-group_c-6vkts_eastus DNS_ZONE=vanbrackel.net az network dns zone create -g $RESOURCE_GROUP -n $DNS_ZONE
2、根据您的注册商的需要委派DNS
3、创建服务主体以代表Kubernetes行事。
SUBSCRIPTION_ID="$(az account show | jq '.id')" && SUBSCRIPTION_ID=${SUBSCRIPTION_ID//\"}
TENANT_ID=$(az account show | jq '.tenantId') && TENANT_ID=${TENANT_ID//\"}
SCOPE=$(az group show --name $RESOURCE_GROUP | jq '.id') && SCOPE=${SCOPE//\"}
PRINCIPAL=$(az ad sp create-for-rbac --role="Contributor" --scopes=$SCOPE -n ExternalDnsServicePrincipal)
CLIENT_ID=$(echo $PRINCIPAL | jq '.appId') && CLIENT_ID=${CLIENT_ID//\"}
CLIENT_SECRET=$(echo $PRINCIPAL | jq '.password') && CLIENT_SECRET=${CLIENT_SECRET//\"
4、创建你的云提供商配置。
echo "{ \"tenantId\": \"$TENANT_ID\", \"subscriptionId\": \"$SUBSCRIPTION_ID\", \"aadClientId\": \"$CLIENT_ID\", \"aadClientSecret\": \"$CLIENT_SECRET\", \"resourceGroup\": \"$RESOURCE_GROUP\"}" >> azure.json
5、使用云提供商配置来创建一个Kubernetes秘钥。
> kubectl create secret generic azure-config-file --from-file=azure.json secret "azure-config-file" created
6、如果你使用的是Rancher配置的Azure IaaS Backed Clusters,从集群中删除ingress controller。
> kubectl get ns NAME STATUS AGE cattle-system Active 1d default Active 1d ingress-nginx Active 1d kube-public Active 1d kube-system Active 1d > kubectl delete ns/ingress-nginx namespace "ingress-nginx" deleted
注意:如果您是使用Rancher中的 AKS配置的集群,则不会提供ingress controller。
7、安装nginx ingress controller并为ExternalDNS配置它。创建ingress-nginx部署和服务。
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml
8、由于在基于Rancher的Kubernetes集群上默认启用了RBAC,因此可以从下面的脚本创建名为
externaldns.yaml的yaml文件,或者使用此repo中的externaldns-template.yaml文件。 apiVersion: v1 kind: ServiceAccount metadata:
name: external-dns
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata: name: external-dns
rules:
- apiGroups: [""]
resources: ["services"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata: name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: default
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: external-dns
spec:
strategy:
type: Recreate
template:
metadata:
labels:
app: external-dns
spec:
serviceAccountName: external-dns
containers:
- name: external-dns
image: registry.opensource.zalan.do/teapot/external-dns:v0.5.2
args:
- --source=service
- --source=ingress
- --domain-filter=vanbrackel.net # (optional) limit to only vanbrackel.net domains; change to match the zone created above.
- --provider=azure
- --azure-resource-group=MC_rancher-group_c-6vkts_eastus # (optional) use the DNS zones from above
volumeMounts:
- name: azure-config-file
mountPath: /etc/kubernetes
readOnly: true
volumes:
- name: azure-config-file
secret:
secretName: azure-config-file
EXTERNAL_DNS=$(cat externaldns-template.yaml)
EXTERNAL_DNS=${EXTERNAL_DNS//DOMAIN/$DOMAIN} && echo "${EXTERNAL_DNS//RESOURCE_GROUP/$RESOURCE_GROUP}" >> externaldns.yaml
kubectl create -f externaldns.yaml
验证
1、以与部署ExternalDNS相同的方式在ingress中创建nginx服务
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx
spec:
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: server.vanbrackel.net
http:
paths:
- backend:
serviceName: nginx-svc
servicePort: 80
path: /
NGINX=$(cat nginx-ingress-test-template.yaml) && echo "${NGINX//DOMAIN/$DOMAIN}" >> nginx-ingress-test.yaml
2、创建nginx-ingress controller
kubectl create -f nginx-ingress-test.yaml
3、稍等几分钟
4、检查一下是否已有record被创建出来
[jason@vblinux ~ ]$ az network dns record-set a list --resource-group $RESOURCE_GROUP --zone-name $DNS_ZONE
[
{
"arecords": [
{
"ipv4Address": "13.68.138.206"
}
],
"etag": "0fb3eaf9-7bf2-48c4-b8f8-432e05dce94a",
"fqdn": "server.vanbrackel.net.",
"id": "/subscriptions/c7e23d24-5dcd-4c7c-ae84-22f6f814dc02/resourceGroups/mc_rancher-group_c-6vkts_eastus/providers/Microsoft.Network/dnszones/vanbrackel.net/A/server",
"metadata": null,
"name": "server",
"resourceGroup": "mc_rancher-group_c-6vkts_eastus",
"ttl": 300,
"type": "Microsoft.Network/dnszones/A"
}
]
5、检查日志
kubectl logs external-dns-655df89959-7ztm2
time="2018-06-13T23:57:11Z" level=info msg="config: {Master: KubeConfig: Sources:[service ingress] Namespace: AnnotationFilter: FQDNTemplate: CombineFQDNAndAnnotation:false Compatibility: PublishInternal:false ConnectorSourceServer:localhost:8080 Provider:azure GoogleProject: DomainFilter:[vanbrackel.net] ZoneIDFilter:[] AWSZoneType: AWSAssumeRole: AzureConfigFile:/etc/kubernetes/azure.json AzureResourceGroup:MC_rancher-group_c-6vkts_eastus CloudflareProxied:false InfobloxGridHost: InfobloxWapiPort:443 InfobloxWapiUsername:admin InfobloxWapiPassword: InfobloxWapiVersion:2.3.1 InfobloxSSLVerify:true DynCustomerName: DynUsername: DynPassword: DynMinTTLSeconds:0 InMemoryZones:[] PDNSServer:http://localhost:8081 PDNSAPIKey: Policy:sync Registry:txt TXTOwnerID:default TXTPrefix: Interval:1m0s Once:false DryRun:false LogFormat:text MetricsAddress::7979 LogLevel:debug}"
time="2018-06-13T23:57:11Z" level=info msg="Connected to cluster at https://10.0.0.1:443"
...
time="2018-06-14T00:02:11Z" level=debug msg="Retrieving Azure DNS zones."
time="2018-06-14T00:02:12Z" level=debug msg="Found 1 Azure DNS zone(s)."
time="2018-06-14T00:02:12Z" level=debug msg="Retrieving Azure DNS records for zone 'vanbrackel.net'."
time="2018-06-14T00:02:12Z" level=debug msg="No endpoints could be generated from service default/kubernetes"
time="2018-06-14T00:02:12Z" level=debug msg="No endpoints could be generated from service default/nginx-svc"
time="2018-06-14T00:02:12Z" level=debug msg="No endpoints could be generated from service ingress-nginx/default-http-backend"
time="2018-06-14T00:02:12Z" level=debug msg="No endpoints could be generated from service ingress-nginx/ingress-nginx"
time="2018-06-14T00:02:12Z" level=debug msg="No endpoints could be generated from service kube-system/full-guppy-nginx-ingress-controller" time="2018-06-14T00:02:12Z" level=debug msg="No endpoints could be generated from service kube-system/full-guppy-nginx-ingress-default-backend"
time="2018-06-14T00:02:12Z" level=debug msg="No endpoints could be generated from service kube-system/heapster"
time="2018-06-14T00:02:12Z" level=debug msg="No endpoints could be generated from service kube-system/kube-dns"
time="2018-06-14T00:02:12Z" level=debug msg="No endpoints could be generated from service kube-system/kubernetes-dashboard"
time="2018-06-14T00:02:12Z" level=debug msg="No endpoints could be generated from service kube-system/tiller-deploy"
time="2018-06-14T00:02:12Z" level=debug msg="Endpoints generated from ingress: default/nginx: [server.vanbrackel.net 0 IN A 13.68.138.206]"
time="2018-06-14T00:02:12Z" level=debug msg="Retrieving Azure DNS zones."
time="2018-06-14T00:02:12Z" level=debug msg="Found 1 Azure DNS zone(s)."
time="2018-06-14T00:02:12Z" level=info msg="Updating A record named 'server' to '13.68.138.206' for Azure DNS zone 'vanbrackel.net'."
time="2018-06-14T00:02:13Z" level=info msg="Updating TXT record named 'server' to '\"heritage=external-dns,external-dns/owner=default,external-dns/resource=ingress/default/nginx\"' for Azure DNS zone 'vanbrackel.net'."
time="2018-06-14T00:03:11Z" level=debug msg="Retrieving Azure DNS zones."
time="2018-06-14T00:03:12Z" level=debug msg="Found 1 Azure DNS zone(s)."
time="2018-06-14T00:03:12Z" level=debug msg="Retrieving Azure DNS records for zone 'vanbrackel.net'."
time="2018-06-14T00:03:12Z" level=debug msg="Found A record for 'server.vanbrackel.net' with target '13.68.138.206'."
time="2018-06-14T00:03:12Z" level=debug msg="Found TXT record for 'server.vanbrackel.net' with target '\"heritage=external-dns,external-dns/owner=default,external-dns/resource=ingress/default/nginx\"'."
time="2018-06-14T00:03:12Z" level=debug msg="No endpoints could be generated from service default/kubernetes"
time="2018-06-14T00:03:12Z" level=debug msg="No endpoints could be generated from service default/nginx-svc" time="2018-06-14T00:03:12Z" level=debug msg="No endpoints could be generated from service ingress-nginx/default-http-backend"
time="2018-06-14T00:03:12Z" level=debug msg="No endpoints could be generated from service ingress-nginx/ingress-nginx"
time="2018-06-14T00:03:12Z" level=debug msg="No endpoints could be generated from service kube-system/full-guppy-nginx-ingress-controller"
time="2018-06-14T00:03:12Z" level=debug msg="No endpoints could be generated from service kube-system/full-guppy-nginx-ingress-default-backend"
time="2018-06-14T00:03:12Z" level=debug msg="No endpoints could be generated from service kube-system/heapster"
time="2018-06-14T00:03:12Z" level=debug msg="No endpoints could be generated from service kube-system/kube-dns"
time="2018-06-14T00:03:12Z" level=debug msg="No endpoints could be generated from service kube-system/kubernetes-dashboard"
time="2018-06-14T00:03:12Z" level=debug msg="No endpoints could be generated from service kube-system/tiller-deploy"
time="2018-06-14T00:03:12Z" level=debug msg="Endpoints generated from ingress: default/nginx: [server.vanbrackel.net 0 IN A 13.68.138.206]"
time="2018-06-14T00:03:12Z" level=debug msg="Retrieving Azure DNS zones."
time="2018-06-14T00:03:12Z" level=debug msg="Found 1 Azure DNS zone(s)."
您还可以在ExternalDNS的repo中了解更多信息:
https://github.com/kubernetes- ... l-dns
如希望对原文中的代码有更深入的了解,请猛戳这里:
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:
- 更新配置自动化工具
- UI自动化测试之Jenkins配置
- 使用 Docker 实现 Odoo 自动化配置
- Eclipse配置MyBatis代码自动化功能
- 苏宁海量服务器自动化配置运维
- Gulp4 前端自动化工作流配置
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Impractical Python Projects
Lee Vaughan / No Starch Press / 2018-11 / USD 29.95
Impractical Python Projects picks up where the complete beginner books leave off, expanding on existing concepts and introducing new tools that you’ll use every day. And to keep things interesting, ea......一起来看看 《Impractical Python Projects》 这本书的介绍吧!
