1 概述
DNS负载均衡简单来说就是通过一个域名绑定多个IP地址,当客户端访问域名时,DNS服务器将轮询返回其中一个IP,实现客户端分流的作用。
在K8s环境中CoreDNS作为容器服务的DNS服务器,那么就可以通过CoreDNS来实现DNS负载均衡,主要过程如下:
2 CoreDNS集成etcd插件
实验CoreDNS镜像版本:1.7.0
2.1 将etcd证书添加至CoreDNS容器中
一般情况下,部署的etcd集群服务都带有证书,CoreDNS Pod需要携带相关证书才能正确访问etcd集群服务,假如你的etcd集群未开启证书,可省略这一步。
生成证书configmap:
# etcd证书
kubectl create cm coredns-etcd-pem --from-file /etc/kubernetes/pki/etcd/etcd.pem -n kube-system
# etcd证书key
kubectl create cm coredns-etcd-key --from-file /etc/kubernetes/pki/etcd/etcd-key.pem -n kube-system
# etcd ca证书
kubectl create cm coredns-etcd-ca -n kube-system --from-file=/etc/kubernetes/pki/etcd/etcd-ca.pem
修改coredns.yaml,将证书configmap挂载到coredns容器内部:
# 添加证书configmap volume
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
- name: coredns-etcd-key
configMap:
name: coredns-etcd-key
- name: coredns-etcd-pem
configMap:
name: coredns-etcd-pem
- name: coredns-etcd-ca
configMap:
name: coredns-etcd-ca
# 挂载证书volume
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
- name: coredns-etcd-key
mountPath: /etc/etcd-key
readOnly: true
- name: coredns-etcd-pem
mountPath: /etc/etcd-pem
readOnly: true
- name: coredns-etcd-ca
mountPath: /etc/etcd-ca
readOnly: true
2.2 修改coredns.yaml,添加coredns-etcd插件
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
fallthrough in-addr.arpa ip6.arpa
}
#开始配置etcd插件
etcd {
stubzones
path /coredns
# etcd集群端点地址
endpoint 192.16.58.101:2379 192.16.58.102:2379 192.16.58.103:2379
upstream /etc/resolv.conf
# 配置访问etcd证书,注意顺序一定要正确(无证书删除此配置即可)
tls /etc/etcd-pem/etcd.pem /etc/etcd-key/etcd-key.pem /etc/etcd-ca/etcd-ca.pem
fallthrough
}
prometheus :9153
forward . /etc/resolv.conf {
max_concurrent 1000
}
cache 30
loop
reload
loadbalance
}
2.3 重启CoreDNS服务
kubectl delete -f coredns.yaml
kubectl create -f corends.yaml
观察CoreDNS服务日志,如果Pod RUNNING且日志未报错,代表配置成功:
# kubectl logs -f -n kube-system coredns-84c9869688-rfc88
.:53
[INFO] plugin/reload: Running configuration MD5 = da836b65e7cc004a3545c13c46b1f328
CoreDNS-1.7.0
linux/amd64, go1.14.4, f59c03d
3 添加DNS A记录
A记录意为:通过域名解析IP的规则,也称之为正向解析。
#通过rest接口向etcd中添加coredns A记录
export ETCDCTL_API=3
etcdctl put /coredns/com/test/www/ep1 '{"host":"10.10.2.123","ttl":10}'
etcdctl put /coredns/com/test/www/ep2 '{"host":"10.10.2.124","ttl":10}'
etcdctl put /coredns/com/test/www/ep3 '{"host":"10.10.2.125","ttl":10}'
其中配置了www.test.com对应了10.10.2.123~125三个IP地址
注意:
A记录添加是反向的即www.test.com要配成 /com/test/www/,后面的ep1为自定义内容,代表www.test.com对应的3个IP记录,此时访问www.test.com就可以负载均衡的访问的3个IP了。
删除A记录:
etcdctl delete /coredns/com/test/www/ep1
4 验证A记录解析
通过dig验证是否生效
1)安装dig:
yum install -y bind-utils
2)查看coredns服务地址:
# kubectl get svc -n kube-system | grep dns
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 4h17m
3)使用dig验证配置的A记录是否生效:
# dig @10.96.0.10 www.test.com +short
10.10.2.123
10.10.2.124
10.10.2.125
能够正常返回3个IP地址,即代表成功
此时域名 www.test.com 已配置好DNS负载均衡,K8s中的Pod访问 www.test.com域名,将负载均衡到3个IP上。