配置External DNS附加组件支持DNSPod
本文最后更新于 911 天前, 如有失效请评论区留言.
比较简单直接上代码,示例域名example.com
安装
# e-dns.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-dns
rules:
- apiGroups: [""]
resources: ["services","endpoints","pods"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: external-dns
data:
tencent-cloud.json: |
{
"regionId": "ap-shanghai",
"secretId": "...自行替换...",
"secretKey": "...自行替换...",
"internetEndpoint": true
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: external-dns
template:
metadata:
labels:
app: external-dns
spec:
containers:
- args:
- --source=service
- --source=ingress
- --domain-filter=example.com # 将使 ExternalDNS 仅看到与提供的域匹配的托管区域,省略以处理所有可用的托管区域
- --provider=tencentcloud
- --policy=sync # 设置“upsert-only”将阻止 ExternalDNS 删除任何记录
- --tencent-cloud-zone-type=public # 仅管理私有托管区域。设置“public”以使用公网 DNS 服务
- --tencent-cloud-config-file=/etc/kubernetes/tencent-cloud.json
- --log-level=debug
image: ysicing/dnspod-external-dns:v1.1.0
imagePullPolicy: Always
name: external-dns
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/kubernetes
name: config-volume
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: external-dns
serviceAccountName: external-dns
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
items:
- key: tencent-cloud.json
path: tencent-cloud.json
name: external-dns
name: config-volume
生效
kubectl apply -f e-dns.yaml -n kube-system
测试
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoami
spec:
selector:
matchLabels:
app.kubernetes.io/name: whoami
replicas: 5
template:
metadata:
labels:
app.kubernetes.io/name: whoami
spec:
containers:
- image: ysicing/whoami:2022
imagePullPolicy: Always
name: whoami
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
ports:
- containerPort: 32379
---
apiVersion: v1
kind: Service
metadata:
name: whoami
spec:
ports:
- port: 80
targetPort: 32379
protocol: TCP
selector:
app.kubernetes.io/name: whoami
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whoami-01
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.name: whoami
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS": 443}]'
# alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:<根ID>:certificate/<cid>
external-dns.alpha.kubernetes.io/hostname: 02.whoami.example.com
spec:
ingressClassName: alb
rules:
- host: 02.whoami.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: whoami
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whoami-02
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.name: whoami
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS": 443}]'
external-dns.alpha.kubernetes.io/hostname: 01.whoami.example.com
# alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:<根ID>:certificate/<cid>
spec:
ingressClassName: alb
rules:
- host: 01.whoami.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: whoami
port:
number: 80
