舊業(yè)務(wù)固定了域名,無法通過內(nèi)部service直接訪問服務(wù)
需要實現(xiàn)內(nèi)部流量和外部流量自動拆分
實現(xiàn)
通過coredns的rewrite功能實現(xiàn)以上能力,如以下內(nèi)部訪問tenant.msa.chinamcloud.com域名時,會將流量轉(zhuǎn)發(fā)到tenantapi.yunjiao.svc.cluster.local域名,實現(xiàn)內(nèi)外域名訪問一致。
部分版本nginx配置時候可能遇見無法訪問的情況
[root@k8s-master1 ingress]# cat coredns.yaml
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health
rewrite name tenant.msa.chinamcloud.com tenantapi.yunjiao.svc.cluster.local
rewrite name console.msa.chinamcloud.com console.yunjiao.svc.cluster.local
rewrite name user.msa.chinamcloud.com userapi.yunjiao.svc.cluster.local
rewrite name lims.msa.chinamcloud.com lims.yunjiao.svc.cluster.local
rewrite name labapp.msa.chinamcloud.com limsapp.yunjiao.svc.cluster.local
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
kind: ConfigMap
metadata:
creationTimestamp: 2019-04-02T04:57:19Z
name: coredns
namespace: kube-system
resourceVersion: 197
selfLink: /api/v1/namespaces/kube-system/configmaps/coredns
uid: cb686453-5503-11e9-8ea6-005056be93f5檢查
[root@k8s-master1 ingress]# kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
If you don\\\'t see a command prompt, try pressing enter.
dnstools# ping tenant.msa.chinamcloud.com
PING tenant.msa.chinamcloud.com (10.98.220.54): 56 data bytes
^C
--- tenant.msa.chinamcloud.com ping statistics ---
4 packets transmitted, 0 packets received, 100% packet losskubernetes內(nèi)部實現(xiàn)hosts功能
coredns配置參考文檔
場景
通過kubernetes的coredns實現(xiàn)子域名解析
實現(xiàn)kubernetes內(nèi)部 hosts綁定功能
實現(xiàn)
創(chuàng)建pod時聲明hosts(不推薦)
[root@k8s-master-1 coredns]# kubectl explain pods.spec.hostAliases
KIND: Pod
VERSION: v1
RESOURCE: hostAliases <[]Object>
DESCRIPTION:
HostAliases is an optional list of hosts and IPs that will be injected into
the pod\\\'s hosts file if specified. This is only valid for non-hostNetwork
pods.
HostAlias holds the mapping between IP and hostnames that will be injected
as an entry in the pod\\\'s hosts file.
FIELDS:
hostnames <[]string>
Hostnames for the above IP address.
ip <string>
IP address of the host file entry.
[root@k8s-master-1 coredns]#coredns的hosts特性聲明
hosts 字段部分指明了三個域名的解析地址
[root@k8s-master-1 coredns]# cat coredns-cm.yaml
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health
hosts {
100.64.139.66 minio.chinamcloud.com
100.64.139.66 registry.chinamcloud.com
100.64.139.66 gitlab.chinamcloud.com
fallthrough
}
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system根據(jù)域名指定上游dns服務(wù)器
sobeydemo.com 字段指明了解析該域名的dns服務(wù)器地址
[root@k8s-master-1 coredns]# cat coredns-cm.yaml
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
sobeydemo.com {
forward . 100.64.134.250:53
}
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system檢查
[root@k8s-master-1 coredns]# kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
If you don\\\'t see a command prompt, try pressing enter.
dnstools# host 0DJ01YUR.sobeydemo.com
0DJ01YUR.sobeydemo.com has address 100.64.148.116
0DJ01YUR.sobeydemo.com has IPv6 address 2002:6440:9474::6440:9474
dnstools# host minio.chinamcloud.com
minio.chinamcloud.com has address 100.64.139.66
Host minio.chinamcloud.com not found: 3(NXDOMAIN)
Host minio.chinamcloud.com not found: 3(NXDOMAIN)
dnstools#更多關(guān)于云服務(wù)器,域名注冊,虛擬主機的問題,請訪問三五互聯(lián)官網(wǎng):m.shinetop.cn