本主題提供 ExternalDNS 套件的參考資訊。

關於 ExternalDNS

ExternalDNS 會將公開的 Kubernetes 服務和入口與 DNS 提供者同步。

若要在 TKG 叢集上安裝 ExternalDNS,請參閱以下主題。

ExternalDNS 元件

ExternalDNS 套件將安裝下表中列出的容器。此套件將從套件存放庫中指定的公開登錄中提取容器。
容器 資源類型 複本 說明
ExternalDNS DaemonSet 6 公開 Kubernetes 服務以進行 DNS 查閱

ExternalDNS 資料值

ExternalDNS 資料值檔案用於將 ExternalDNS 元件與受支援的 DNS 提供者進行接口連接。ExternalDNS 套件已使用以下 DNS 提供者進行驗證:AWS (Route 53)、Azure DNS 和符合 RFC2136 的 DNS 伺服器 (例如 BIND)。

以下範例可用於符合 RFC2136 的 DNS 提供者 (例如 BIND)。
---
# Namespace in which to deploy ExternalDNS pods
namespace: tanzu-system-service-discovery
# Deployment-related configuration
deployment:
args:
   - --registry=txt
   - --txt-owner-id=k8s
   - --txt-prefix=external-dns- #! Disambiguates TXT records from CNAME records
   - --provider=rfc2136
   - --rfc2136-host=IP-ADDRESS #! Replace with IP of RFC2136-compatible DNS server, such as 192.168.0.1
   - --rfc2136-port=53
   - --rfc2136-zone=DNS-ZONE #! Replace with zone where services are deployed, such as my-zone.example.org 
   - --rfc2136-tsig-secret=TSIG-SECRET #! Replace with TSIG key secret authorized to update DNS server
   - --rfc2136-tsig-secret-alg=hmac-sha256
   - --rfc2136-tsig-keyname=TSIG-KEY-NAME #! Replace with TSIG key name, such as externaldns-key
   - --rfc2136-tsig-axfr
   - --source=service
   - --source=ingress
   - --source=contour-httpproxy #! Enables Contour HTTPProxy object support
   - --domain-filter=DOMAIN #! Zone where services are deployed, such as my-zone.example.org
以下範例可用於 AWS DNS 提供者 (Route 53)。
---
    namespace: service-discovery
    dns:
      pspNames: "vmware-system-restricted"
      deployment:
        args:
        - --source=service
        - --source=ingress
        - --source=contour-httpproxy #! read Contour HTTPProxy resources
        - --domain-filter=my-zone.example.org #! zone where services are deployed
        - --provider=aws
        - --policy=upsert-only #! prevent deleting any records, omit to enable full synchronization
        - --aws-zone-type=public #! only look at public hosted zones (public, private, no value for both)
        - --aws-prefer-cname
        - --registry=txt
        - --txt-owner-id=HOSTED_ZONE_ID #! Route53 hosted zone identifier for my-zone.example.org
        - --txt-prefix=txt #! disambiguates TXT records from CNAME records
        env:
          - name: AWS_ACCESS_KEY_ID
            valueFrom:
              secretKeyRef:
                name: route53-credentials #! Kubernetes secret for route53 credentials
                key: aws_access_key_id
          - name: AWS_SECRET_ACCESS_KEY
            valueFrom:
              secretKeyRef:
                name: route53-credentials #! Kubernetes secret for route53 credentials
                key: aws_secret_access_key
下列範例可用於 Azure DNS 提供者。
---
    namespace: service-discovery
    dns:
      pspNames: "vmware-system-restricted"
      deployment:
        args:
        - --provider=azure
        - --source=service
        - --source=ingress
        - --source=contour-httpproxy #! read Contour HTTPProxy resources
        - --domain-filter=my-zone.example.org #! zone where services are deployed
        - --azure-resource-group=my-resource-group #! Azure resource group
        volumeMounts:
        - name: azure-config-file
          mountPath: /etc/kubernetes
          readOnly: true
        #@overlay/replace
        volumes:
        - name: azure-config-file
          secret:
            secretName: azure-config-file

ExternalDNS 組態

下表列出並說明 ExternalDNS 的可用組態參數。如需其他指引,請參閱以下網站: https://github.com/kubernetes-sigs/external-dns#running-externaldns
表 1. 外部 DNS 套件組態
參數 說明 類型 預設值
externalDns.namespace 將部署 external-dns 的命名空間 string tanzu-system-service-discovery
externalDns.image.repository 包含 external-dns 映像的登錄 string projects.registry.vmware.com/tkg
externalDns.image.name external-dns 的名稱 string external-dns
externalDns.image.tag ExternalDNS 映像標籤 string v0.7.4_vmware.1
externalDns.image.pullPolicy ExternalDNS 映像提取原則 string IfNotPresent
externalDns.deployment.annotations external-dns 部署上的註解 map<string,string> {}
externalDns.deployment.args 透過命令列傳遞至 external-dns 的引數 list<string> [] (必要參數)
externalDns.deployment.env 要傳遞至 external-dns 的環境變數 list<string> []
externalDns.deployment.securityContext external-dns 容器的安全性內容 SecurityContext {}
externalDns.deployment.volumeMounts external-dns 容器的磁碟區掛接 list<VolumeMount> []
externalDns.deployment.volumes external-dns 網繭的磁碟區 list<Volume> []

範例 configmap

以下範例 configmap 定義了 ExternalDNS 可以與之互動的 Kerberos 組態。自訂項目包括網域/領域名稱和 kdc/admin_server 位址。
apiVersion: v1
kind: ConfigMap
metadata:
  name: krb.conf
  namespace: tanzu-system-service-discovery
data:
  krb5.conf: |
    [logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log
 
    [libdefaults]
    dns_lookup_realm = false
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false
    pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt
    default_ccache_name = KEYRING:persistent:%{uid}
 
    default_realm = CORP.ACME
 
    [realms]
    CORP.ACME = {
      kdc = controlcenter.corp.acme
      admin_server = controlcenter.corp.acme
    }
 
    [domain_realm]
    corp.acme = CORP.ACME
    .corp.acme = CORP.ACME