k8s基于etcd的CoreDNS动态域名解析

土小帽 · 发表于 2023-11-3 21:53:22

下载coredns yaml部署脚本
注意：如果已经部署coredns可忽略

wget https://github.com/coredns/deployment/raw/master/kubernetes/coredns.yaml.sed
wget https://github.com/coredns/deployment/raw/master/kubernetes/deploy.sh
chmod +x deploy.sh

复制代码

重新打coredns镜像
想将dns记录存在etcd中，如果内部https，etcd必须打证书，应此coredns必须带证书，将k8s相关证书打入coredns

mkdir /root/coredns
docker pull coredns/coredns:1.3.1
cp /etc/kubernetes/ssl/kubernetes .
cp /etc/kubernetes/ssl/k8s-root-ca.pem .

复制代码

Dockerfile

FROM coredns/coredns:1.3.1
ADD ./*.pem /

复制代码

Makefile

VERSION=1.3.1-etcd
REGISTRY=hub.linuxeye.com
NAME=coredns
build-image:
docker build -f Dockerfile -t $(REGISTRY)/library/$(NAME):$(VERSION) .
docker push $(REGISTRY)/library/$(NAME):$(VERSION)

复制代码

build、推送镜像

make build-image

复制代码

替换image地址
vi coredns.yaml.sed

修改image镜像：hub.linuxeye.com/library/coredns:1.3.1-etcd

如果之前已经部署了coredns，修改coredns yaml镜像地址

kube-dns替换为coredns
注意：如果已经部署coredns可忽略

在k8s master节点执行，其中：172.22.0.2为 dns server ip

./deploy.sh -i 172.22.0.2 | kubectl apply -f -

复制代码

etcd存入hosts记录
注意：如果coredns是1.2.0以前版本，使用的是etcdv2 API版本，1.2.0及之后版本，使用etcdv3 API版本etcd V2:

#设置key
etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11 '{"Host":"10.50.1.11"}'
etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12 '{"Host":"10.50.1.12"}'
etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13 '{"Host":"10.50.1.13"}'
#验证获取key
etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11
etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12
etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13

复制代码

etcd V3

#设置key
ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka11 '{"Host":"10.50.1.11"}'
ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka12 '{"Host":"10.50.1.12"}'
ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka13 '{"Host":"10.50.1.13"}'
#验证获取key
ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11
ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12
ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13

复制代码

修改配置字典
命名空间kube-system coredns：

.:53 {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
cache 30
reload
proxy . /etc/resolv.conf {
except kafka11 kafka12 kafka13
}
etcd kafka11 kafka12 kafka13 {
stubzones
path /mydomain
endpoint https://10.1.1.6:2379 https://10.1.1.7:2379 https://10.1.1.8:2379
tls /kubernetes.pem /kubernetes-key.pem /k8s-root-ca.pem
}
}

复制代码

		自动登录	找回密码
密码			注册