[Gitops--6]CoreDNS级联本地DNS
K8s环境中Pod实现以下解析。
·
CoreDNS级联本地DNS
K8s环境中Pod实现以下解析
- k8s集群内部service解析(默认coredns已经实现)
- 内网dns解析自定义intra域中服务器
- 外网域名解析
1. Dns服务器配置
1.1 named.conf
/etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
forward first;
forwarders {
114.114.114.114;
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
1.2 rfc1912.zones
修改/etc/named.rfc1912.zones追加以下配置
zone "intra.com" IN {
type master;
file "intra.zone";
allow-update { none; };
};
1.3 intra域配置
/var/named/intra.zone
$TTL 1d
@ IN SOA intra.com. admin.intra.com. (
0;
1H;
5M;
1W;
1D);
@ NS ns.intra.com.
ns A 192.168.31.17
harbor A 192.168.31.104
gitlab A 192.168.31.199
kibana A 192.168.31.212
rabbitmq A 192.168.31.211
web1 A 192.168.31.211
nacos-server A 192.168.31.211
zipkin-server A 192.168.31.211
sentinel A 192.168.31.211
skywalking-ui A 192.168.31.211
rocketmq-dashboard A 192.168.31.211
2. K8s配置
2.1 coredns配置
修改coredns配置
kubectl edit cm coredns -n kube-system
修改dns转发
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
hosts {
fallthrough
}
prometheus :9153
# 修改下面这行,改为dns地址
forward . 192.168.31.17 {
max_concurrent 1000
}
cache 30
loop
reload
loadbalance
}
kind: ConfigMap
metadata:
creationTimestamp: "2023-03-22T06:37:55Z"
name: coredns
namespace: kube-system
resourceVersion: "2805413"
uid: af46c82e-9f4e-47c2-b316-3a098d3639ed
此时可以通过coredns解析harbor地址
root@ks-node2:~# kubectl get svc coredns -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
coredns ClusterIP 10.233.0.3 <none> 53/UDP,53/TCP,9153/TCP 15d
root@ks-node2:~# dig @10.233.0.3 harbor.intra.com
; <<>> DiG 9.16.1-Ubuntu <<>> @10.233.0.3 harbor.intra.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6483
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: ffe5eb4b93cd3fd8 (echoed)
;; QUESTION SECTION:
;harbor.intra.com. IN A
;; ANSWER SECTION:
harbor.intra.com. 30 IN A 192.168.31.104
;; AUTHORITY SECTION:
intra.com. 30 IN NS ns.intra.com.
;; ADDITIONAL SECTION:
ns.intra.com. 30 IN A 192.168.31.17
;; Query time: 4 msec
;; SERVER: 10.233.0.3#53(10.233.0.3)
;; WHEN: Fri Apr 07 11:01:07 CST 2023
;; MSG SIZE rcvd: 152
2.2 测试解析
创建busybox容器,从容器中访问域名
root@ks-master:~# kubectl exec -it busybox2 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
[root@busybox2 /]# cat /etc/resolv.conf
nameserver 169.254.25.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
## 解析Dns内域名
[root@busybox2 /]# ping -c 1 harbor.intra.com
PING harbor.intra.com (192.168.31.104) 56(84) bytes of data.
64 bytes from harbor.intra.com (192.168.31.104): icmp_seq=1 ttl=63 time=0.561 ms
--- harbor.intra.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.561/0.561/0.561/0.000 ms
## 解析K8s内域名
[root@busybox2 /]# ping -c 1 prometheus-k8s.kubesphere-monitoring-system.svc.cluster.local
PING prometheus-k8s.kubesphere-monitoring-system.svc.cluster.local (10.233.12.237) 56(84) bytes of data.
64 bytes from prometheus-k8s.kubesphere-monitoring-system.svc.cluster.local (10.233.12.237): icmp_seq=1 ttl=64 time=0.108 ms
--- prometheus-k8s.kubesphere-monitoring-system.svc.cluster.local ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.108/0.108/0.108/0.000 ms
## 解析外部域名
[root@busybox2 /]# ping www.baidu.com -c 1
PING www.a.shifen.com (180.101.50.188) 56(84) bytes of data.
64 bytes from 180.101.50.188 (180.101.50.188): icmp_seq=1 ttl=127 time=8.92 ms
--- www.a.shifen.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 8.926/8.926/8.926/0.000 ms
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献47条内容
所有评论(0)