Advanced usage of coredns component in kubernetes

Keywords: Linux Kubernetes DNS Nginx GitLab

Separation of internal and external traffic by coredns

scene

  1. The domain name of the old service is fixed, and the service cannot be accessed directly through the internal service.
  2. Need to split internal and external traffic automatically

Realization

  1. Through the rewrite function of coredns, the above capabilities can be realized. For example, when the following internal access tenant.msa.chinamcloud.com domain name, the traffic will be forwarded to the tenant api.yunjian.svc.cluster.local domain name to achieve consistent access between the internal and external domain names.
  2. Some versions of nginx may encounter inaccessible situations during configuration
[root@k8s-master1 ingress]# cat coredns.yaml
apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health
        rewrite name tenant.msa.chinamcloud.com tenantapi.yunjiao.svc.cluster.local
        rewrite name console.msa.chinamcloud.com console.yunjiao.svc.cluster.local
        rewrite name user.msa.chinamcloud.com userapi.yunjiao.svc.cluster.local
        rewrite name lims.msa.chinamcloud.com lims.yunjiao.svc.cluster.local
        rewrite name labapp.msa.chinamcloud.com limsapp.yunjiao.svc.cluster.local
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }
kind: ConfigMap
metadata:
  creationTimestamp: "2019-04-02T04:57:19Z"
  name: coredns
  namespace: kube-system
  resourceVersion: "197"
  selfLink: /api/v1/namespaces/kube-system/configmaps/coredns
  uid: cb686453-5503-11e9-8ea6-005056be93f5

inspect

[root@k8s-master1 ingress]#  kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
If you don't see a command prompt, try pressing enter.
dnstools# ping tenant.msa.chinamcloud.com
PING tenant.msa.chinamcloud.com (10.98.220.54): 56 data bytes
^C
--- tenant.msa.chinamcloud.com ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

kubernetes implements the hosts function internally

coredns configuration reference document

scene

  1. Subdomain resolution through coredns of kubernetes
  2. Implementation of kubernetes internal hosts binding function

Realization

Declare hosts when creating pod (not recommended)

[root@k8s-master-1 coredns]# kubectl  explain  pods.spec.hostAliases
KIND:     Pod
VERSION:  v1

RESOURCE: hostAliases <[]Object>

DESCRIPTION:
     HostAliases is an optional list of hosts and IPs that will be injected into
     the pod's hosts file if specified. This is only valid for non-hostNetwork
     pods.

     HostAlias holds the mapping between IP and hostnames that will be injected
     as an entry in the pod's hosts file.

FIELDS:
   hostnames    <[]string>
     Hostnames for the above IP address.

   ip   <string>
     IP address of the host file entry.

[root@k8s-master-1 coredns]#

hosts feature declaration of coredns

The hosts field indicates the resolution addresses of the three domain names.

[root@k8s-master-1 coredns]# cat coredns-cm.yaml
apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health
        hosts {
            100.64.139.66 minio.chinamcloud.com
            100.64.139.66 registry.chinamcloud.com
            100.64.139.66 gitlab.chinamcloud.com
            fallthrough
        }
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system

Specify the upstream dns server according to the domain name

The sobeydemo.com field indicates the dns server address to resolve the domain name

[root@k8s-master-1 coredns]# cat coredns-cm.yaml
apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }
    sobeydemo.com {
        forward . 100.64.134.250:53
    }
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system

inspect

[root@k8s-master-1 coredns]#  kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
If you don't see a command prompt, try pressing enter.
dnstools# host 0DJ01YUR.sobeydemo.com
0DJ01YUR.sobeydemo.com has address 100.64.148.116
0DJ01YUR.sobeydemo.com has IPv6 address 2002:6440:9474::6440:9474
dnstools# host minio.chinamcloud.com
minio.chinamcloud.com has address 100.64.139.66
Host minio.chinamcloud.com not found: 3(NXDOMAIN)
Host minio.chinamcloud.com not found: 3(NXDOMAIN)
dnstools#

Posted by Robert Elsdon on Sat, 26 Oct 2019 13:17:13 -0700

Hot Keywords

©2024 Programmer Group