本主题提供了 ExternalDNS 软件包的参考信息。

关于 ExternalDNS

ExternalDNS 会将公开的 Kubernetes 服务和 Ingress 与 DNS 提供程序同步。

请参阅以下主题,在 TKG 集群上安装 ExternalDNS。

ExternalDNS 组件

ExternalDNS 软件包将安装下表中列出的容器。此软件包将从软件包存储库中指定的公共注册表中提取容器。
容器 资源类型 副本 描述
ExternalDNS DaemonSet 6 为 DNS 查找公开 Kubernetes 服务

ExternalDNS 数据值

ExternalDNS 数据值文件用于将 ExternalDNS 组件与受支持的 DNS 提供程序连接。ExternalDNS 软件包已使用以下 DNS 提供程序进行了验证:AWS (Route 53)、Azure DNS 和符合 RFC2136 的 DNS 服务器(如 BIND)。

以下示例可用于符合 RFC2136 的 DNS 提供程序(如 BIND)。 
---
# Namespace in which to deploy ExternalDNS pods
namespace: tanzu-system-service-discovery
# Deployment-related configuration
deployment:
args:
   - --registry=txt
   - --txt-owner-id=k8s
   - --txt-prefix=external-dns- #! Disambiguates TXT records from CNAME records
   - --provider=rfc2136
   - --rfc2136-host=IP-ADDRESS #! Replace with IP of RFC2136-compatible DNS server, such as 192.168.0.1
   - --rfc2136-port=53
   - --rfc2136-zone=DNS-ZONE #! Replace with zone where services are deployed, such as my-zone.example.org 
   - --rfc2136-tsig-secret=TSIG-SECRET #! Replace with TSIG key secret authorized to update DNS server
   - --rfc2136-tsig-secret-alg=hmac-sha256
   - --rfc2136-tsig-keyname=TSIG-KEY-NAME #! Replace with TSIG key name, such as externaldns-key
   - --rfc2136-tsig-axfr
   - --source=service
   - --source=ingress
   - --source=contour-httpproxy #! Enables Contour HTTPProxy object support
   - --domain-filter=DOMAIN #! Zone where services are deployed, such as my-zone.example.org
以下示例可用于 AWS DNS 提供程序 (Route 53)。 
---
    namespace: service-discovery
    dns:
      pspNames: "vmware-system-restricted"
      deployment:
        args:
        - --source=service
        - --source=ingress
        - --source=contour-httpproxy #! read Contour HTTPProxy resources
        - --domain-filter=my-zone.example.org #! zone where services are deployed
        - --provider=aws
        - --policy=upsert-only #! prevent deleting any records, omit to enable full synchronization
        - --aws-zone-type=public #! only look at public hosted zones (public, private, no value for both)
        - --aws-prefer-cname
        - --registry=txt
        - --txt-owner-id=HOSTED_ZONE_ID #! Route53 hosted zone identifier for my-zone.example.org
        - --txt-prefix=txt #! disambiguates TXT records from CNAME records
        env:
          - name: AWS_ACCESS_KEY_ID
            valueFrom:
              secretKeyRef:
                name: route53-credentials #! Kubernetes secret for route53 credentials
                key: aws_access_key_id
          - name: AWS_SECRET_ACCESS_KEY
            valueFrom:
              secretKeyRef:
                name: route53-credentials #! Kubernetes secret for route53 credentials
                key: aws_secret_access_key
以下示例可用于 Azure DNS 提供程序。 
---
    namespace: service-discovery
    dns:
      pspNames: "vmware-system-restricted"
      deployment:
        args:
        - --provider=azure
        - --source=service
        - --source=ingress
        - --source=contour-httpproxy #! read Contour HTTPProxy resources
        - --domain-filter=my-zone.example.org #! zone where services are deployed
        - --azure-resource-group=my-resource-group #! Azure resource group
        volumeMounts:
        - name: azure-config-file
          mountPath: /etc/kubernetes
          readOnly: true
        #@overlay/replace
        volumes:
        - name: azure-config-file
          secret:
            secretName: azure-config-file

ExternalDNS 配置

下表列出并介绍了 ExternalDNS 的可用配置参数。有关其他指导,请参阅站点 https://github.com/kubernetes-sigs/external-dns#running-externaldns
表 1. 外部 DNS 软件包配置
参数 描述 类型 默认
externalDns.namespace 将部署 external-dns 的命名空间 string tanzu-system-service-discovery
externalDns.image.repository 包含 external-dns 映像的存储库 string projects.registry.vmware.com/tkg
externalDns.image.name external-dns 的名称 string external-dns
externalDns.image.tag ExternalDNS 映像标记 string v0.7.4_vmware.1
externalDns.image.pullPolicy ExternalDNS 映像提取策略 string IfNotPresent
externalDns.deployment.annotations external-dns 部署上的注释 map<string,string> {}
externalDns.deployment.args 通过命令行传递到 external-dns 的参数 list<string> [](必填参数)
externalDns.deployment.env 要传递到 external-dns 的环境变量 list<string> []
externalDns.deployment.securityContext external-dns 容器的安全上下文 SecurityContext {}
externalDns.deployment.volumeMounts external-dns 容器的卷挂载 list<VolumeMount> []
externalDns.deployment.volumes external-dns pod 的卷 list<Volume> []

示例配置映射

以下示例配置映射定义了 ExternalDNS 可以与之交互的 Kerberos 配置。自定义条目包括域/领域名称和 kdc/admin_server 地址。 
apiVersion: v1
kind: ConfigMap
metadata:
  name: krb.conf
  namespace: tanzu-system-service-discovery
data:
  krb5.conf: |
    [logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log
 
    [libdefaults]
    dns_lookup_realm = false
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false
    pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt
    default_ccache_name = KEYRING:persistent:%{uid}
 
    default_realm = CORP.ACME
 
    [realms]
    CORP.ACME = {
      kdc = controlcenter.corp.acme
      admin_server = controlcenter.corp.acme
    }
 
    [domain_realm]
    corp.acme = CORP.ACME
    .corp.acme = CORP.ACME