이 페이지에서는 서비스 메시없이 여러 Kubernetes 클러스터에 배포된 Kubernetes Operator 구성 요소에 대한 외부 DNS를 배포하고 유효성을 검사하는 프로세스 안내합니다.
전제 조건
시작하기 전에 다음 작업을 수행합니다.
kubectl를 설치합니다.필요에 따라 업데이트하고 다음
env_variables.sh파일 에 정의된 환경 변수를 설정하다 .1 # This script builds on top of the environment configured in the setup guides. 2 # It depends (uses) the following env variables defined there to work correctly. 3 # If you don't use the setup guide to bootstrap the environment, then define them here. 4 # ${K8S_CLUSTER_0} 5 # ${K8S_CLUSTER_1} 6 # ${K8S_CLUSTER_2} 7 # ${K8S_CLUSTER_0_ZONE} 8 # ${K8S_CLUSTER_1_ZONE} 9 # ${K8S_CLUSTER_2_ZONE} 10 # ${K8S_CLUSTER_0_CONTEXT_NAME} 11 # ${K8S_CLUSTER_1_CONTEXT_NAME} 12 # ${K8S_CLUSTER_2_CONTEXT_NAME} 13 # ${MDB_GKE_PROJECT} 14 15 suffix_short="${K8S_CLUSTER_SUFFIX}" 16 # Ensure suffix_short is no longer than 19 characters to make GKE identifiers fit under 30 characters 17 if [[ -n "${suffix_short}" && ${#suffix_short} -gt 19 ]]; then 18 # Calculate positions for cutting from the middle 19 prefix_len=$(((19 - 1) / 2)) # -1 for the 'x' replacement 20 suffix_start=$((${#suffix_short} - prefix_len)) 21 # Create the truncated version with 'x' in the middle 22 suffix_short="${suffix_short:0:${prefix_len}}x${suffix_short:${suffix_start}}" 23 fi 24 25 export DNS_SA_NAME="ext-dns-sa${suffix_short}" 26 export DNS_SA_EMAIL="${DNS_SA_NAME}@${MDB_GKE_PROJECT}.iam.gserviceaccount.com" 27 28 export CUSTOM_DOMAIN="mongodb.custom" 29 export DNS_ZONE="mongodb${suffix_short}"
소스 코드
포함된 모든 소스 코드 MongoDB Kubernetes Operator 리포지토리에서 찾을 수 있습니다.
절차
1
2
3
4
5
서비스 계정 키가 포함된 Kubernetes 시크릿을 생성합니다.
create secret with service account key kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n external-dns create secret generic external-dns-sa-secret --from-file credentials.json=secrets/external-dns-sa-key.json kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n external-dns create secret generic external-dns-sa-secret --from-file credentials.json=secrets/external-dns-sa-key.json kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n external-dns create secret generic external-dns-sa-secret --from-file credentials.json=secrets/external-dns-sa-key.json
6
ExternalDNS를 설치합니다.
ExternalDNS를 사용하면 공용 DNS 서버를 통해 Kubernetes 리소스를 검색할 수 있습니다. 방금 생성한 네임스페이스 에 eternal-dns Kubernetes 배포서버 및 관련 권한 객체를 배포합니다.
kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n external-dns apply -f yamls/externaldns.yaml kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n external-dns apply -f yamls/externaldns.yaml kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n external-dns apply -f yamls/externaldns.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: external-dns labels: app.kubernetes.io/name: external-dns apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: external-dns labels: app.kubernetes.io/name: external-dns rules: - apiGroups: [""] resources: ["services","endpoints","pods","nodes"] verbs: ["get","watch","list"] - apiGroups: ["extensions","networking.k8s.io"] resources: ["ingresses"] verbs: ["get","watch","list"] apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: external-dns-viewer labels: app.kubernetes.io/name: external-dns roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: external-dns subjects: - kind: ServiceAccount name: external-dns namespace: external-dns apiVersion: apps/v1 kind: Deployment metadata: name: external-dns labels: app.kubernetes.io/name: external-dns spec: strategy: type: Recreate selector: matchLabels: app.kubernetes.io/name: external-dns template: metadata: labels: app.kubernetes.io/name: external-dns spec: serviceAccountName: external-dns containers: - name: external-dns image: registry.k8s.io/external-dns/external-dns:v0.16.1 args: - --source=service - --source=ingress - --provider=google - --log-format=json # google cloud logs parses severity of the "text" log format incorrectly - --interval=10s - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization - --registry=txt # # uncomment below if static credentials are used env: - name: GOOGLE_APPLICATION_CREDENTIALS value: /etc/secrets/service-account/credentials.json volumeMounts: - name: google-service-account mountPath: /etc/secrets/service-account/ volumes: - name: google-service-account secret: secretName: external-dns-sa-secret
7
DNS 구역 설정합니다.
이 예시 에는 비공개 DNS 구역 포함되어 있습니다. 즉, 생성된 GKE 클러스터에서만 DNS 구역 에 배포된 리소스 액세스 할 수 있습니다. GKE 클러스터 외부에서 리소스에 액세스 하려는 경우 퍼블릭 DNS 구역 사용하세요. 이렇게 하려면 등록된 도메인이 있어야 합니다.
FQ_CLUSTER_0="projects/${MDB_GKE_PROJECT}/locations/${K8S_CLUSTER_0_ZONE}/clusters/${K8S_CLUSTER_0}" FQ_CLUSTER_1="projects/${MDB_GKE_PROJECT}/locations/${K8S_CLUSTER_1_ZONE}/clusters/${K8S_CLUSTER_1}" FQ_CLUSTER_2="projects/${MDB_GKE_PROJECT}/locations/${K8S_CLUSTER_2_ZONE}/clusters/${K8S_CLUSTER_2}" gcloud dns managed-zones create "${DNS_ZONE}" \ --description="" \ --dns-name="${CUSTOM_DOMAIN}" \ --visibility="private" \ --gkeclusters="${FQ_CLUSTER_0}","${FQ_CLUSTER_1}","${FQ_CLUSTER_2}"