[Gitops--6]CoreDNS级联本地DNS

news/2024/4/26 5:47:12/文章来源:https://blog.csdn.net/qq_29974229/article/details/130378439

CoreDNS级联本地DNS

K8s环境中Pod实现以下解析

k8s集群内部service解析(默认coredns已经实现)
内网dns解析自定义intra域中服务器
外网域名解析

1. Dns服务器配置

1.1 named.conf

/etc/named.conf

options {listen-on port 53 { any; };directory   "/var/named";dump-file   "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file  "/var/named/data/named.recursing";secroots-file   "/var/named/data/named.secroots";allow-query     { any; };recursion yes;dnssec-enable no;dnssec-validation no;pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";forward first;forwarders {114.114.114.114;};
};
logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

1.2 rfc1912.zones

修改/etc/named.rfc1912.zones追加以下配置

zone "intra.com" IN {type master;file "intra.zone";allow-update { none; };
};

1.3 intra域配置

/var/named/intra.zone

$TTL 1d
@       IN      SOA     intra.com. admin.intra.com. (0;1H;5M;1W;1D);
@ NS ns.intra.com.
ns A 192.168.31.17
harbor A 192.168.31.104
gitlab A 192.168.31.199
kibana A 192.168.31.212
rabbitmq A 192.168.31.211
web1 A 192.168.31.211
nacos-server A 192.168.31.211
zipkin-server A 192.168.31.211
sentinel A 192.168.31.211
skywalking-ui A 192.168.31.211
rocketmq-dashboard A 192.168.31.211

2. K8s配置

2.1 coredns配置

修改coredns配置

kubectl edit cm coredns -n kube-system

修改dns转发

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:Corefile: |.:53 {errorshealth {lameduck 5s}readykubernetes cluster.local in-addr.arpa ip6.arpa {pods insecurefallthrough in-addr.arpa ip6.arpattl 30}hosts {fallthrough}prometheus :9153# 修改下面这行,改为dns地址forward . 192.168.31.17 {max_concurrent 1000}cache 30loopreloadloadbalance}
kind: ConfigMap
metadata:creationTimestamp: "2023-03-22T06:37:55Z"name: corednsnamespace: kube-systemresourceVersion: "2805413"uid: af46c82e-9f4e-47c2-b316-3a098d3639ed

此时可以通过coredns解析harbor地址

root@ks-node2:~# kubectl get svc coredns -n kube-system
NAME      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
coredns   ClusterIP   10.233.0.3   <none>        53/UDP,53/TCP,9153/TCP   15d
root@ks-node2:~# dig @10.233.0.3 harbor.intra.com; <<>> DiG 9.16.1-Ubuntu <<>> @10.233.0.3 harbor.intra.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6483
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: ffe5eb4b93cd3fd8 (echoed)
;; QUESTION SECTION:
;harbor.intra.com.              IN      A;; ANSWER SECTION:
harbor.intra.com.       30      IN      A       192.168.31.104;; AUTHORITY SECTION:
intra.com.              30      IN      NS      ns.intra.com.;; ADDITIONAL SECTION:
ns.intra.com.           30      IN      A       192.168.31.17;; Query time: 4 msec
;; SERVER: 10.233.0.3#53(10.233.0.3)
;; WHEN: Fri Apr 07 11:01:07 CST 2023
;; MSG SIZE  rcvd: 152

2.2 测试解析

创建busybox容器,从容器中访问域名

root@ks-master:~# kubectl exec -it busybox2 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
[root@busybox2 /]# cat /etc/resolv.conf
nameserver 169.254.25.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
## 解析Dns内域名
[root@busybox2 /]# ping -c 1 harbor.intra.com
PING harbor.intra.com (192.168.31.104) 56(84) bytes of data.
64 bytes from harbor.intra.com (192.168.31.104): icmp_seq=1 ttl=63 time=0.561 ms--- harbor.intra.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.561/0.561/0.561/0.000 ms
## 解析K8s内域名
[root@busybox2 /]# ping -c 1 prometheus-k8s.kubesphere-monitoring-system.svc.cluster.local
PING prometheus-k8s.kubesphere-monitoring-system.svc.cluster.local (10.233.12.237) 56(84) bytes of data.
64 bytes from prometheus-k8s.kubesphere-monitoring-system.svc.cluster.local (10.233.12.237): icmp_seq=1 ttl=64 time=0.108 ms--- prometheus-k8s.kubesphere-monitoring-system.svc.cluster.local ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.108/0.108/0.108/0.000 ms
## 解析外部域名
[root@busybox2 /]# ping www.baidu.com -c 1
PING www.a.shifen.com (180.101.50.188) 56(84) bytes of data.
64 bytes from 180.101.50.188 (180.101.50.188): icmp_seq=1 ttl=127 time=8.92 ms--- www.a.shifen.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 8.926/8.926/8.926/0.000 ms