Kubernetes DNS拓展
Kubernetes DNS在内部服务与外部服务交互,内部服务与内部服务,内部服务与云托管服务交互的工具,拓展DNS可以在内部服务访问集群外服务时像访问集群内服务一样,通过DNS映射将统一风格的域名映射到可访问的IP,而不需要影响内部服务的运行,这里介绍如何使用Consul来拓展DNS。
自定义域名解析
拓展DNS的方法就是为特定规则的域名指定DNS服务器,在ConfigMap中设置指定域名相对的dns server,如consul.local结尾的域名使用10.150.0.1来解析。
1 | apiVersion: v1 |
自定义规则不对dnsPolicy为Default或None的Pod起作用,只有当ClusterFirst时,域名解析会按照stubDomains和upstreamNameservers来解析。
无自定义配置: 任何不匹配集群域名后缀的请求,被转发给节点的dns.
自定义: 如果stub和upstream配置,按照如下顺序
- 带集群后缀的,请求转发给kube-dns
- stub后缀的,转发给指定的dns
- 其它的转发给upstream dns
Consul as a DNS
Consul是Golang实现的服务发现工具,同时支持DNS解析,通过HTTP API动态添加服务发现节点实现动态DNS解析。
注册Redis1到redis
dns.json 1
2
3
4
5
6
7
8
9
10
11
12
13
14{
"ID": "redis1",
"Name": "redis",
"Tags": [
"primary",
"v1"
],
"Address": "127.0.0.1",
"Port": 8000,
"Meta": {
"redis_version": "4.0"
},
"EnableTagOverride": false
}1
$ curl -XPUT http://localhost:8500/v1/agent/service/register -d @dns.json
使用DNS查询
dig redis service 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20$ dig @127.0.0.1 -p 8600 redis.service.consul SRV
; <<>> DiG 9.10.6 <<>> @127.0.0.1 -p 8600 redis.service.consul SRV
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6823
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;redis.service.consul. IN SRV
;; ANSWER SECTION:
redis.service.consul. 0 IN SRV 1 1 8000 srjiangs-MacBook-Pro.local.node.dc1.consul.
;; ADDITIONAL SECTION:
srjiangs-MacBook-Pro.local.node.dc1.consul. 0 IN A 127.0.0.1
srjiangs-MacBook-Pro.local.node.dc1.consul. 0 IN TXT "consul-network-segment="注册多个Redis
dns.json 1
2
3
4
5
6
7
8
9
10
11
12
13
14{
"ID": "redis2",
"Name": "redis",
"Tags": [
"primary",
"v1"
],
"Address": "127.0.0.1",
"Port": 8000,
"Meta": {
"redis_version": "4.0"
},
"EnableTagOverride": false
}register 1
$ curl -XPUT http://localhost:8500/v1/agent/service/register -d @dns.json
DNS查询
dig 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29$ dig @127.0.0.1 -p 8600 redis.service.consul SRV
; <<>> DiG 9.10.6 <<>> @127.0.0.1 -p 8600 redis.service.consul SRV
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11920
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 5
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;redis.service.consul. IN SRV
;; ANSWER SECTION:
redis.service.consul. 0 IN SRV 1 1 9000 srjiangs-MacBook-Pro.local.node.dc1.consul.
redis.service.consul. 0 IN SRV 1 1 8000 srjiangs-MacBook-Pro.local.node.dc1.consul.
;; ADDITIONAL SECTION:
srjiangs-MacBook-Pro.local.node.dc1.consul. 0 IN A 127.0.0.1
srjiangs-MacBook-Pro.local.node.dc1.consul. 0 IN TXT "consul-network-segment="
srjiangs-MacBook-Pro.local.node.dc1.consul. 0 IN A 127.0.0.1
srjiangs-MacBook-Pro.local.node.dc1.consul. 0 IN TXT "consul-network-segment="
;; Query time: 0 msec
;; SERVER: 127.0.0.1#8600(127.0.0.1)
;; WHEN: Thu Aug 16 16:47:43 CST 2018
;; MSG SIZE rcvd: 277Consul Service
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29$ curl http://localhost:8500/v1/agent/services
{
"redis1": {
"ID": "redis1",
"Service": "redis",
"Tags": [
"primary",
"v1"
],
"Address": "127.0.0.1",
"Port": 8000,
"EnableTagOverride": false,
"CreateIndex": 0,
"ModifyIndex": 0
},
"redis2": {
"ID": "redis2",
"Service": "redis",
"Tags": [
"primary",
"v1"
],
"Address": "127.0.0.1",
"Port": 9000,
"EnableTagOverride": false,
"CreateIndex": 0,
"ModifyIndex": 0
}
}
更多细节
- 根据集群DC返回该数据中心能访问到的DNS
- 动态添加域名和IP映射