Esta página lo guía a través del proceso de implementación y validación de DNS externo para sus componentes de Kubernetes Operator implementados en múltiples clústeres de Kubernetes sin un malla de servicio.
Requisitos previos
Antes de comenzar, realice las siguientes tareas:
Instalar
kubectl.Actualice según sea necesario y configure las variables de entorno definidas en el siguiente archivo
env_variables.sh.1 # This script builds on top of the environment configured in the setup guides. 2 # It depends (uses) the following env variables defined there to work correctly. 3 # If you don't use the setup guide to bootstrap the environment, then define them here. 4 # ${K8S_CLUSTER_0} 5 # ${K8S_CLUSTER_1} 6 # ${K8S_CLUSTER_2} 7 # ${K8S_CLUSTER_0_ZONE} 8 # ${K8S_CLUSTER_1_ZONE} 9 # ${K8S_CLUSTER_2_ZONE} 10 # ${K8S_CLUSTER_0_CONTEXT_NAME} 11 # ${K8S_CLUSTER_1_CONTEXT_NAME} 12 # ${K8S_CLUSTER_2_CONTEXT_NAME} 13 # ${MDB_GKE_PROJECT} 14 15 suffix_short="${K8S_CLUSTER_SUFFIX}" 16 # Ensure suffix_short is no longer than 19 characters to make GKE identifiers fit under 30 characters 17 if [[ -n "${suffix_short}" && ${#suffix_short} -gt 19 ]]; then 18 # Calculate positions for cutting from the middle 19 prefix_len=$(((19 - 1) / 2)) # -1 for the 'x' replacement 20 suffix_start=$((${#suffix_short} - prefix_len)) 21 # Create the truncated version with 'x' in the middle 22 suffix_short="${suffix_short:0:${prefix_len}}x${suffix_short:${suffix_start}}" 23 fi 24 25 export DNS_SA_NAME="ext-dns-sa${suffix_short}" 26 export DNS_SA_EMAIL="${DNS_SA_NAME}@${MDB_GKE_PROJECT}.iam.gserviceaccount.com" 27 28 export CUSTOM_DOMAIN="mongodb.custom" 29 export DNS_ZONE="mongodb${suffix_short}"
Código fuente
Puede encontrar todo el código fuente incluido en el Repositorio de operadores de Kubernetes de MongoDB.
Procedimiento
1
2
3
4
5
Cree un secreto de Kubernetes que contenga la clave de la cuenta de servicio.
create secret with service account key kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n external-dns create secret generic external-dns-sa-secret --from-file credentials.json=secrets/external-dns-sa-key.json kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n external-dns create secret generic external-dns-sa-secret --from-file credentials.json=secrets/external-dns-sa-key.json kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n external-dns create secret generic external-dns-sa-secret --from-file credentials.json=secrets/external-dns-sa-key.json
6
Instalar ExternalDNS.
ExternalDNS permite que los recursos de Kubernetes sean detectables a través de servidores DNS públicos. Implemente la implementación de Kubernetes eternal-dns y los objetos de permisos relacionados en el espacio de nombres que acaba de crear.
kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n external-dns apply -f yamls/externaldns.yaml kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n external-dns apply -f yamls/externaldns.yaml kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n external-dns apply -f yamls/externaldns.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: external-dns labels: app.kubernetes.io/name: external-dns apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: external-dns labels: app.kubernetes.io/name: external-dns rules: - apiGroups: [""] resources: ["services","endpoints","pods","nodes"] verbs: ["get","watch","list"] - apiGroups: ["extensions","networking.k8s.io"] resources: ["ingresses"] verbs: ["get","watch","list"] apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: external-dns-viewer labels: app.kubernetes.io/name: external-dns roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: external-dns subjects: - kind: ServiceAccount name: external-dns namespace: external-dns apiVersion: apps/v1 kind: Deployment metadata: name: external-dns labels: app.kubernetes.io/name: external-dns spec: strategy: type: Recreate selector: matchLabels: app.kubernetes.io/name: external-dns template: metadata: labels: app.kubernetes.io/name: external-dns spec: serviceAccountName: external-dns containers: - name: external-dns image: registry.k8s.io/external-dns/external-dns:v0.16.1 args: - --source=service - --source=ingress - --provider=google - --log-format=json # google cloud logs parses severity of the "text" log format incorrectly - --interval=10s - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization - --registry=txt # # uncomment below if static credentials are used env: - name: GOOGLE_APPLICATION_CREDENTIALS value: /etc/secrets/service-account/credentials.json volumeMounts: - name: google-service-account mountPath: /etc/secrets/service-account/ volumes: - name: google-service-account secret: secretName: external-dns-sa-secret
7
Configurar la zona DNS.
Este ejemplo incluye una zona DNS privada. Esto significa que solo puede acceder a los recursos implementados en la zona DNS desde los clústeres de GKE que creamos. Si planea acceder a sus recursos desde fuera de sus clústeres de GKE, use una zona DNS pública. Para ello, debe tener un dominio registrado.
FQ_CLUSTER_0="projects/${MDB_GKE_PROJECT}/locations/${K8S_CLUSTER_0_ZONE}/clusters/${K8S_CLUSTER_0}" FQ_CLUSTER_1="projects/${MDB_GKE_PROJECT}/locations/${K8S_CLUSTER_1_ZONE}/clusters/${K8S_CLUSTER_1}" FQ_CLUSTER_2="projects/${MDB_GKE_PROJECT}/locations/${K8S_CLUSTER_2_ZONE}/clusters/${K8S_CLUSTER_2}" gcloud dns managed-zones create "${DNS_ZONE}" \ --description="" \ --dns-name="${CUSTOM_DOMAIN}" \ --visibility="private" \ --gkeclusters="${FQ_CLUSTER_0}","${FQ_CLUSTER_1}","${FQ_CLUSTER_2}"