基于External-DNS的多集群Service DNS实践

概述

External-DNS提供了编程方式管理Kubernetes Service资源的DNS的功能，类似于容器服务kubernetes federation v2实践一：基于External-DNS的多集群Ingress DNS实践，External-DNS会监听LoadBalancer类型的Service，然后与云厂商打通，按照可用区、region和全局三个维度生成独自的域名解析记录，便于服务间调用引导流量。本文简单介绍如何在阿里云容器平台上使用External-DNS管理多集群Service DNS。

环境准备

参考容器服务kubernetes federation v2实践一：基于External-DNS的多集群Ingress DNS实践完成【联邦集群准备】、【配置RAM信息】和【部署External-DNS】部分，并配置好kubeConfig，如下所示：

kubectl config get-contexts
CURRENT   NAME       CLUSTER    AUTHINFO            NAMESPACE
*         cluster1   cluster1   kubernetes-admin1
          cluster2   cluster2   kubernetes-admin2

资源部署

创建FederatedDeployment和FederatedService

yaml如下，注意FederatedService类型为LoadBalancer

apiVersion: v1
kind: Namespace
metadata:
  name: test-namespace

---

apiVersion: types.federation.k8s.io/v1alpha1
kind: FederatedNamespace
metadata:
  name: test-namespace
  namespace: test-namespace
spec:
  placement:
    clusterNames:
    - cluster1
    - cluster2

---

apiVersion: types.federation.k8s.io/v1alpha1
kind: FederatedDeployment
metadata:
  name: test-deployment
  namespace: test-namespace
spec:
  template:
    metadata:
      labels:
        app: nginx
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: nginx
      template:
        metadata:
          labels:
            app: nginx
        spec:
          containers:
          - image: nginx
            name: nginx
  placement:
    clusterNames:
    - cluster1
    - cluster2

---

apiVersion: types.federation.k8s.io/v1alpha1
kind: FederatedService
metadata:
  name: test-service
  namespace: test-namespace
spec:
  template:
    spec:
      selector:
        app: nginx
      type: LoadBalancer
      ports:
        - name: http
          port: 80
  placement:
    clusterNames:
    - cluster2
    - cluster1

查看各个集群Service详情：

get svc -n test-namespace --context cluster1
NAME           TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)        AGE
test-service   LoadBalancer   172.23.5.173   39.96.243.59   80:30185/TCP   28s

get svc -n test-namespace --context cluster2
NAME           TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)        AGE
test-service   LoadBalancer   172.21.11.44   47.95.152.65   80:30384/TCP   31s

创建Domain和ServiceDNSRecord

yaml如下，注意请将【service.example-domain.club】替换成测试域名（必须由阿里云托管的域名）。

apiVersion: multiclusterdns.federation.k8s.io/v1alpha1
kind: Domain
metadata:
  name: test-domain
  namespace: federation-system
domain: service.example-domain.club
---
apiVersion: multiclusterdns.federation.k8s.io/v1alpha1
kind: ServiceDNSRecord
metadata:
  name: test-service
  namespace: test-namespace
spec:
  domainRef: test-domain
  recordTTL: 600

结果分析

查看DnsEndpoint详情：

kubectl get dnsendpoint -n test-namespace -o yaml
apiVersion: v1
items:
- apiVersion: multiclusterdns.federation.k8s.io/v1alpha1
  kind: DNSEndpoint
  metadata:
    creationTimestamp: 2019-05-17T08:49:31Z
    generation: 2
    name: service-test-service
    namespace: test-namespace
    resourceVersion: "742339863"
    selfLink: /apis/multiclusterdns.federation.k8s.io/v1alpha1/namespaces/test-namespace/dnsendpoints/service-test-service
    uid: afd3e22a-7880-11e9-9566-326dc52c25d3
  spec:
    endpoints:
    - dnsName: test-service.test-namespace.test-domain.svc.cn-beijing-a.cn-beijing.service.example-domain.club
      recordTTL: 600
      recordType: A
      targets:
      - 47.95.152.65
    - dnsName: test-service.test-namespace.test-domain.svc.cn-beijing-f.cn-beijing.service.example-domain.club
      recordTTL: 600
      recordType: A
      targets:
      - 39.96.243.59
    - dnsName: test-service.test-namespace.test-domain.svc.cn-beijing.service.example-domain.club
      recordTTL: 600
      recordType: A
      targets:
      - 39.96.243.59
      - 47.95.152.65
    - dnsName: test-service.test-namespace.test-domain.svc.service.example-domain.club
      recordTTL: 600
      recordType: A
      targets:
      - 39.96.243.59
      - 47.95.152.65
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

可以看到External-DNS已经自动生成了4条解析记录，包含北京两个可用区、北京region和全局四个dns解析记录。

dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.cn-beijing-a.cn-beijing.service.example-domain.club
47.95.152.65

dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.cn-beijing-f.cn-beijing.service.example-domain.club
39.96.243.59

dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.cn-beijing.service.example-domain.club
47.95.152.65
39.96.243.59

dig +short @dns7.hichina.com test-service.test-namespace.test-domain.svc.service.example-domain.club
47.95.152.65
39.96.243.59

结论

External-DNS在Federation-V2多集群联邦环境下，可以根据Service部署所在的可用区、region和全局三个维度生成多条DNS解析记录，帮助服务灵活的引导流量。

---

本文作者：钧博

阅读原文

本文为云栖社区原创内容，未经允许不得转载。