通過(guò)coreDNS實(shí)現(xiàn)內(nèi)外流量分離

場(chǎng)景

1. 舊業(yè)務(wù)固定了域名，無(wú)法通過(guò)內(nèi)部service直接訪問(wèn)服務(wù)
2. 需要實(shí)現(xiàn)內(nèi)部流量和外部流量自動(dòng)拆分

實(shí)現(xiàn)

1. 通過(guò)coredns的rewrite功能實(shí)現(xiàn)以上能力,如以下內(nèi)部訪問(wèn)tenant.msa.chinamcloud.com域名時(shí)，會(huì)將流量轉(zhuǎn)發(fā)到tenantapi.yunjiao.svc.cluster.local域名，實(shí)現(xiàn)內(nèi)外域名訪問(wèn)一致。
2. 部分版本nginx配置時(shí)候可能遇見無(wú)法訪問(wèn)的情況

[root@k8s-master1 ingress]# cat coredns.yaml
apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health
        rewrite name tenant.msa.chinamcloud.com tenantapi.yunjiao.svc.cluster.local
        rewrite name console.msa.chinamcloud.com console.yunjiao.svc.cluster.local
        rewrite name user.msa.chinamcloud.com userapi.yunjiao.svc.cluster.local
        rewrite name lims.msa.chinamcloud.com lims.yunjiao.svc.cluster.local
        rewrite name labapp.msa.chinamcloud.com limsapp.yunjiao.svc.cluster.local
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }
kind: ConfigMap
metadata:
  creationTimestamp: "2019-04-02T04:57:19Z"
  name: coredns
  namespace: kube-system
  resourceVersion: "197"
  selfLink: /api/v1/namespaces/kube-system/configmaps/coredns
  uid: cb686453-5503-11e9-8ea6-005056be93f5

檢查

[root@k8s-master1 ingress]#  kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
If you don't see a command prompt, try pressing enter.
dnstools# ping tenant.msa.chinamcloud.com
PING tenant.msa.chinamcloud.com (10.98.220.54): 56 data bytes
^C
--- tenant.msa.chinamcloud.com ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

kubernetes內(nèi)部實(shí)現(xiàn)hosts功能

coredns配置參考文檔

成都創(chuàng)新互聯(lián)公司專注于龍里企業(yè)網(wǎng)站建設(shè),響應(yīng)式網(wǎng)站建設(shè),商城網(wǎng)站建設(shè)。龍里網(wǎng)站建設(shè)公司,為龍里等地區(qū)提供建站服務(wù)。全流程按需網(wǎng)站設(shè)計(jì)，專業(yè)設(shè)計(jì)，全程項(xiàng)目跟蹤，成都創(chuàng)新互聯(lián)公司專業(yè)和態(tài)度為您提供的服務(wù)

場(chǎng)景

1. 通過(guò)kubernetes的coredns實(shí)現(xiàn)子域名解析
2. 實(shí)現(xiàn)kubernetes內(nèi)部 hosts綁定功能

實(shí)現(xiàn)

創(chuàng)建pod時(shí)聲明hosts(不推薦)

[root@k8s-master-1 coredns]# kubectl  explain  pods.spec.hostAliases
KIND:     Pod
VERSION:  v1

RESOURCE: hostAliases <[]Object>

DESCRIPTION:
     HostAliases is an optional list of hosts and IPs that will be injected into
     the pod's hosts file if specified. This is only valid for non-hostNetwork
     pods.

     HostAlias holds the mapping between IP and hostnames that will be injected
     as an entry in the pod's hosts file.

FIELDS:
   hostnames    <[]string>
     Hostnames for the above IP address.

   ip   <string>
     IP address of the host file entry.

[root@k8s-master-1 coredns]#

coredns的hosts特性聲明

hosts 字段部分指明了三個(gè)域名的解析地址

[root@k8s-master-1 coredns]# cat coredns-cm.yaml
apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health
        hosts {
            100.64.139.66 minio.chinamcloud.com
            100.64.139.66 registry.chinamcloud.com
            100.64.139.66 gitlab.chinamcloud.com
            fallthrough
        }
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system

根據(jù)域名指定上游dns服務(wù)器

sobeydemo.com 字段指明了解析該域名的dns服務(wù)器地址

[root@k8s-master-1 coredns]# cat coredns-cm.yaml
apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }
    sobeydemo.com {
        forward . 100.64.134.250:53
    }
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system

檢查

[root@k8s-master-1 coredns]#  kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
If you don't see a command prompt, try pressing enter.
dnstools# host 0DJ01YUR.sobeydemo.com
0DJ01YUR.sobeydemo.com has address 100.64.148.116
0DJ01YUR.sobeydemo.com has IPv6 address 2002:6440:9474::6440:9474
dnstools# host minio.chinamcloud.com
minio.chinamcloud.com has address 100.64.139.66
Host minio.chinamcloud.com not found: 3(NXDOMAIN)
Host minio.chinamcloud.com not found: 3(NXDOMAIN)
dnstools#

名稱欄目：kubernetes中coredns組件的高級(jí)用法
標(biāo)題網(wǎng)址：http://www.rwnh.cn/article8/jdciip.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供營(yíng)銷型網(wǎng)站建設(shè)、響應(yīng)式網(wǎng)站、定制網(wǎng)站、App設(shè)計(jì)、移動(dòng)網(wǎng)站建設(shè)、企業(yè)建站

廣告

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請(qǐng)盡快告知，我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng)，如需處理請(qǐng)聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時(shí)需注明來(lái)源： 創(chuàng)新互聯(lián)