立即注册  找回密码
 立即注册
CeraNetworksBGVM服务器主机交流会员请立即修改密码Sharktech防护
查看: 121|回复: 0

k8s基于etcd的CoreDNS动态域名解析

[复制链接]

k8s基于etcd的CoreDNS动态域名解析

[复制链接]

81

主题

8

回帖

711

积分

高级会员

积分
711
土小帽

81

主题

8

回帖

711

积分

高级会员

积分
711
2023-11-3 21:53:22 | 显示全部楼层 |阅读模式
下载coredns yaml部署脚本
注意:如果已经部署coredns可忽略[ol]
  • wget https://github.com/coredns/deployment/raw/master/kubernetes/coredns.yaml.sed
  • wget https://github.com/coredns/deployment/raw/master/kubernetes/deploy.sh
  • chmod +x deploy.sh[/ol]复制代码
    重新打coredns镜像
    想将dns记录存在etcd中,如果内部https,etcd必须打证书,应此coredns必须带证书,将k8s相关证书打入coredns[ol]
  • mkdir /root/coredns
  • docker pull coredns/coredns:1.3.1
  • cp /etc/kubernetes/ssl/kubernetes .
  • cp /etc/kubernetes/ssl/k8s-root-ca.pem .[/ol]复制代码
    Dockerfile[ol]
  • FROM coredns/coredns:1.3.1
  • ADD ./*.pem /[/ol]复制代码
    Makefile
    [ol]
  • VERSION=1.3.1-etcd
  • REGISTRY=hub.linuxeye.com
  • NAME=coredns
  • build-image:
  •         docker build -f Dockerfile -t $(REGISTRY)/library/$(NAME):$(VERSION) .
  •         docker push $(REGISTRY)/library/$(NAME):$(VERSION)[/ol]复制代码
    build、推送镜像[ol]
  • make build-image[/ol]复制代码
    替换image地址
    vi coredns.yaml.sed

    修改image镜像:hub.linuxeye.com/library/coredns:1.3.1-etcd

    如果之前已经部署了coredns,修改coredns yaml镜像地址

    kube-dns替换为coredns
    注意:如果已经部署coredns可忽略

    在k8s master节点执行,其中:172.22.0.2为 dns server ip[ol]
  • ./deploy.sh -i 172.22.0.2 | kubectl apply -f -[/ol]复制代码
    etcd存入hosts记录
    注意:如果coredns是1.2.0以前版本,使用的是etcdv2 API版本,1.2.0及之后版本,使用etcdv3 API版本etcd V2:
    [ol]
  • #设置key
  • etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11 '{"Host":"10.50.1.11"}'
  • etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12 '{"Host":"10.50.1.12"}'
  • etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13 '{"Host":"10.50.1.13"}'
  • #验证获取key
  • etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11
  • etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12
  • etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13[/ol]复制代码
    etcd V3[ol]
  • #设置key
  • ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka11 '{"Host":"10.50.1.11"}'
  • ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka12 '{"Host":"10.50.1.12"}'
  • ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka13 '{"Host":"10.50.1.13"}'
  • #验证获取key
  • ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11
  • ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12
  • ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13[/ol]复制代码
    修改配置字典
    命名空间kube-system coredns:[ol]
  • .:53 {
  •     errors
  •     health
  •     kubernetes cluster.local in-addr.arpa ip6.arpa {
  •       pods insecure
  •       upstream
  •       fallthrough in-addr.arpa ip6.arpa
  •     }
  •     prometheus :9153
  •     cache 30
  •     reload
  •     proxy . /etc/resolv.conf {
  •       except kafka11 kafka12 kafka13
  •     }
  •     etcd kafka11 kafka12 kafka13 {
  •       stubzones
  •       path /mydomain
  •       endpoint https://10.1.1.6:2379 https://10.1.1.7:2379 https://10.1.1.8:2379
  •       tls /kubernetes.pem /kubernetes-key.pem /k8s-root-ca.pem
  •     }
  • }
  • [/ol]复制代码
  • 回复

    使用道具 举报

    您需要登录后才可以回帖 登录 | 立即注册

    本版积分规则

    Archiver|小黑屋|HS2V主机综合交流论坛

    GMT+8, 2025-1-25 01:35 , Processed in 0.013063 second(s), 2 queries , Gzip On, Redis On.

    Powered by Discuz! X3.5

    © 2001-2024 Discuz! Team.

    快速回复 返回顶部 返回列表