Kubernetes DNS在内部服务与外部服务交互,内部服务与内部服务,内部服务与云托管服务交互的工具,拓展DNS可以在内部服务访问集群外服务时像访问集群内服务一样,通过DNS映射将统一风格的域名映射到可访问的IP,而不需要影响内部服务的运行。
自定义域名解析
拓展DNS的方法就是为特定规则的域名指定DNS服务器,在ConfigMap中设置指定域名相对的dns server,如consul.local结尾的域名使用10.150.0.1来解析。
apiVersion: v1
kind: ConfigMap
metadata:
name: kube-dns
namespace: kube-system
data:
stubDomains: |
{"consul.local": ["10.150.0.1"]}
upstreamNameservers: |
["172.16.0.1"]
自定义规则不对dnsPolicy为Default或None的Pod起作用,只有当ClusterFirst时,域名解析会按照stubDomains和upstreamNameservers来解析。
无自定义配置: 任何不匹配集群域名后缀的请求,被转发给节点的dns.
自定义: 如果stub和upstream配置,按照如下顺序
- 带集群后缀的,请求转发给kube-dns
- stub后缀的,转发给指定的dns
- 其它的转发给upstream dns
Consul as a DNS
Consul是Golang实现的服务发现工具,同时支持DNS解析,通过HTTP API动态添加服务发现节点实现动态DNS解析。
-
注册Redis1到redis
{ "ID": "redis1", "Name": "redis", "Tags": [ "primary", "v1" ], "Address": "127.0.0.1", "Port": 8000, "Meta": { "redis_version": "4.0" }, "EnableTagOverride": false }$ curl -XPUT http://localhost:8500/v1/agent/service/register -d @dns.json -
使用DNS查询
$ dig @127.0.0.1 -p 8600 redis.service.consul SRV ; <<>> DiG 9.10.6 <<>> @127.0.0.1 -p 8600 redis.service.consul SRV ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6823 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;redis.service.consul. IN SRV ;; ANSWER SECTION: redis.service.consul. 0 IN SRV 1 1 8000 srjiangs-MacBook-Pro.local.node.dc1.consul. ;; ADDITIONAL SECTION: srjiangs-MacBook-Pro.local.node.dc1.consul. 0 IN A 127.0.0.1 srjiangs-MacBook-Pro.local.node.dc1.consul. 0 IN TXT "consul-network-segment=" -
注册多个Redis
{ "ID": "redis2", "Name": "redis", "Tags": [ "primary", "v1" ], "Address": "127.0.0.1", "Port": 8000, "Meta": { "redis_version": "4.0" }, "EnableTagOverride": false }$ curl -XPUT http://localhost:8500/v1/agent/service/register -d @dns.json -
DNS查询
$ dig @127.0.0.1 -p 8600 redis.service.consul SRV ; <<>> DiG 9.10.6 <<>> @127.0.0.1 -p 8600 redis.service.consul SRV ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11920 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 5 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;redis.service.consul. IN SRV ;; ANSWER SECTION: redis.service.consul. 0 IN SRV 1 1 9000 srjiangs-MacBook-Pro.local.node.dc1.consul. redis.service.consul. 0 IN SRV 1 1 8000 srjiangs-MacBook-Pro.local.node.dc1.consul. ;; ADDITIONAL SECTION: srjiangs-MacBook-Pro.local.node.dc1.consul. 0 IN A 127.0.0.1 srjiangs-MacBook-Pro.local.node.dc1.consul. 0 IN TXT "consul-network-segment=" srjiangs-MacBook-Pro.local.node.dc1.consul. 0 IN A 127.0.0.1 srjiangs-MacBook-Pro.local.node.dc1.consul. 0 IN TXT "consul-network-segment=" ;; Query time: 0 msec ;; SERVER: 127.0.0.1#8600(127.0.0.1) ;; WHEN: Thu Aug 16 16:47:43 CST 2018 ;; MSG SIZE rcvd: 277 -
Consul Service
$ curl http://localhost:8500/v1/agent/services{ "redis1": { "ID": "redis1", "Service": "redis", "Tags": [ "primary", "v1" ], "Address": "127.0.0.1", "Port": 8000, "EnableTagOverride": false, "CreateIndex": 0, "ModifyIndex": 0 }, "redis2": { "ID": "redis2", "Service": "redis", "Tags": [ "primary", "v1" ], "Address": "127.0.0.1", "Port": 9000, "EnableTagOverride": false, "CreateIndex": 0, "ModifyIndex": 0 } }
更多细节
- 根据集群DC返回该数据中心能访问到的DNS
- 动态添加域名和IP映射
引用
Customizing DNS Service - Kubernetes
GitHub - skynetservices/skydns: DNS service discovery for etcd
Adding entries to Pod /etc/hosts with HostAliases - Kubernetes
