本主題提供 ExternalDNS 套件的參考資訊。
關於 ExternalDNS
ExternalDNS 會將公開的 Kubernetes 服務和入口與 DNS 提供者同步。
若要在 TKG 叢集上安裝 ExternalDNS,請參閱以下主題。
- 適用於 vSphere 8.x 的 TKr:安裝 ExternalDNS
- 適用於 vSphere 7.x 的 Tkr:安裝 ExternalDNS
ExternalDNS 元件
ExternalDNS 套件將安裝下表中列出的容器。此套件將從套件存放庫中指定的公開登錄中提取容器。
容器 | 資源類型 | 複本 | 說明 |
---|---|---|---|
ExternalDNS | DaemonSet | 6 | 公開 Kubernetes 服務以進行 DNS 查閱 |
ExternalDNS 資料值
ExternalDNS 資料值檔案用於將 ExternalDNS 元件與受支援的 DNS 提供者進行接口連接。ExternalDNS 套件已使用以下 DNS 提供者進行驗證:AWS (Route 53)、Azure DNS 和符合 RFC2136 的 DNS 伺服器 (例如 BIND)。
以下範例可用於符合 RFC2136 的 DNS 提供者 (例如 BIND)。
--- # Namespace in which to deploy ExternalDNS pods namespace: tanzu-system-service-discovery # Deployment-related configuration deployment: args: - --registry=txt - --txt-owner-id=k8s - --txt-prefix=external-dns- #! Disambiguates TXT records from CNAME records - --provider=rfc2136 - --rfc2136-host=IP-ADDRESS #! Replace with IP of RFC2136-compatible DNS server, such as 192.168.0.1 - --rfc2136-port=53 - --rfc2136-zone=DNS-ZONE #! Replace with zone where services are deployed, such as my-zone.example.org - --rfc2136-tsig-secret=TSIG-SECRET #! Replace with TSIG key secret authorized to update DNS server - --rfc2136-tsig-secret-alg=hmac-sha256 - --rfc2136-tsig-keyname=TSIG-KEY-NAME #! Replace with TSIG key name, such as externaldns-key - --rfc2136-tsig-axfr - --source=service - --source=ingress - --source=contour-httpproxy #! Enables Contour HTTPProxy object support - --domain-filter=DOMAIN #! Zone where services are deployed, such as my-zone.example.org
以下範例可用於 AWS DNS 提供者 (Route 53)。
--- namespace: service-discovery dns: pspNames: "vmware-system-restricted" deployment: args: - --source=service - --source=ingress - --source=contour-httpproxy #! read Contour HTTPProxy resources - --domain-filter=my-zone.example.org #! zone where services are deployed - --provider=aws - --policy=upsert-only #! prevent deleting any records, omit to enable full synchronization - --aws-zone-type=public #! only look at public hosted zones (public, private, no value for both) - --aws-prefer-cname - --registry=txt - --txt-owner-id=HOSTED_ZONE_ID #! Route53 hosted zone identifier for my-zone.example.org - --txt-prefix=txt #! disambiguates TXT records from CNAME records env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: route53-credentials #! Kubernetes secret for route53 credentials key: aws_access_key_id - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: route53-credentials #! Kubernetes secret for route53 credentials key: aws_secret_access_key
下列範例可用於 Azure DNS 提供者。
--- namespace: service-discovery dns: pspNames: "vmware-system-restricted" deployment: args: - --provider=azure - --source=service - --source=ingress - --source=contour-httpproxy #! read Contour HTTPProxy resources - --domain-filter=my-zone.example.org #! zone where services are deployed - --azure-resource-group=my-resource-group #! Azure resource group volumeMounts: - name: azure-config-file mountPath: /etc/kubernetes readOnly: true #@overlay/replace volumes: - name: azure-config-file secret: secretName: azure-config-file
ExternalDNS 組態
下表列出並說明 ExternalDNS 的可用組態參數。如需其他指引,請參閱以下網站:
https://github.com/kubernetes-sigs/external-dns#running-externaldns。
參數 | 說明 | 類型 | 預設值 |
---|---|---|---|
externalDns.namespace | 將部署 external-dns 的命名空間 | string | tanzu-system-service-discovery |
externalDns.image.repository | 包含 external-dns 映像的登錄 | string | projects.registry.vmware.com/tkg |
externalDns.image.name | external-dns 的名稱 | string | external-dns |
externalDns.image.tag | ExternalDNS 映像標籤 | string | v0.7.4_vmware.1 |
externalDns.image.pullPolicy | ExternalDNS 映像提取原則 | string | IfNotPresent |
externalDns.deployment.annotations | external-dns 部署上的註解 | map<string,string> | {} |
externalDns.deployment.args | 透過命令列傳遞至 external-dns 的引數 | list<string> | [] (必要參數) |
externalDns.deployment.env | 要傳遞至 external-dns 的環境變數 | list<string> | [] |
externalDns.deployment.securityContext | external-dns 容器的安全性內容 | SecurityContext | {} |
externalDns.deployment.volumeMounts | external-dns 容器的磁碟區掛接 | list<VolumeMount> | [] |
externalDns.deployment.volumes | external-dns 網繭的磁碟區 | list<Volume> | [] |
範例 configmap
以下範例 configmap 定義了 ExternalDNS 可以與之互動的 Kerberos 組態。自訂項目包括網域/領域名稱和 kdc/admin_server 位址。
apiVersion: v1 kind: ConfigMap metadata: name: krb.conf namespace: tanzu-system-service-discovery data: krb5.conf: | [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt default_ccache_name = KEYRING:persistent:%{uid} default_realm = CORP.ACME [realms] CORP.ACME = { kdc = controlcenter.corp.acme admin_server = controlcenter.corp.acme } [domain_realm] corp.acme = CORP.ACME .corp.acme = CORP.ACME