使入口/服务公开 DNS 在 GKE 上可解析
[英]Make ingresses/services publicly DNS resolvable on GKE
问题描述
We have a GKE cluster set up on Google Cloud and we want new ingress routes to be automatically resolvable under the according subdomain.
我们在 Google Cloud 上设置了一个 GKE 集群,我们希望新的入口路由能够在相应的子域下自动解析。
We have a subdomain (lets say app-dev.company.com) which already resolves to the public IP of our ingress controller (Traefik) and when I create a service "hello-world" on k8s, it should be automatically publicly resolvable under hello-world.app-dev.company.com as well.我们有一个子域(假设是 app-dev.company.com),它已经解析为我们入口 controller(Traefik)的公共 IP ,当我在 k8s 上创建服务“hello-world”时,它应该可以自动公开解析还有 hello-world.app-dev.company.com。
I used to work with a cluster on Azure before, where it was simply a matter of configuring CoreDNS with stub domain and upstream DNS and it just worked after that.之前我曾经在 Azure 上使用集群,这只是简单地配置 CoreDNS 与存根域和上游 DNS 的问题,然后它就可以工作了。 Now Google still uses kube-dns for some reason;现在谷歌出于某种原因仍然使用 kube-dns; I tried configuring the stub domain "app-dev.company.com" in kube-dns and installing CoreDNS (and scaling kube-dns down to 0) but that did not work and broke some other things, so I rolled it back.我尝试在 kube-dns 中配置存根域“app-dev.company.com”并安装 CoreDNS(并将 kube-dns 缩小到 0)但这没有用并且破坏了其他一些东西,所以我将其回滚。
I also looked into Googles Cloud DNS service (since Google recommends it), but I don't want that hard vendor lock in tbh, also I'm not sure if that even does what I want.我还查看了 Google 的 Cloud DNS 服务(因为 Google 推荐它),但我不想让供应商硬锁在 tbh 中,而且我不确定这是否符合我的要求。
Can someone point me in the right direction here?有人可以在这里指出我正确的方向吗?
1 个解决方案
解决方案1
-1 2021-10-01 11:07:03
A few things:一些东西:
- You will need to reserve a global static IP address .您将需要保留一个全局地址 static IP 。
- You will need to create/update your DNS record to point to that IP address.您将需要创建/更新您的 DNS 记录以指向该 IP 地址。
- There is a 1-1 mapping between GKE Ingress and a GCP external load balancer. GKE Ingress 和 GCP 外部负载均衡器之间存在 1-1 映射。 This means that you cannot have multiple Ingress resources mapped to the same external IP.这意味着您不能将多个 Ingress 资源映射到同一个外部 IP。
- If you want to have multiple applications behind the same Ingress, you can configure your Ingress resource to use path based or name based virtual hosting to route to multiple backend applications.如果您希望在同一个 Ingress 后面有多个应用程序,您可以将 Ingress 资源配置为使用基于路径或基于名称的虚拟主机来路由到多个后端应用程序。
Reserve a static IP address:预留static IP地址:
gcloud compute addresses create ${ADDRESS} --global
Replace ${ADDRESS} with any name you like.将 ${ADDRESS} 替换为您喜欢的任何名称。
Annotate your Ingress resource to tell the load balancer to use the static IP created above注释您的 Ingress 资源以告诉负载均衡器使用上面创建的 static IP
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: helloweb
annotations:
kubernetes.io/ingress.global-static-ip-name: ${ADDRESS}
Replace ${ADDRESS} with the name of the static IP created in the previous step将 ${ADDRESS} 替换为上一步创建的 static IP 的名称
Configure multiple backend apps配置多个后端应用
Path-based : 基于路径:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: multi-app-fanout
annotations:
kubernetes.io/ingress.global-static-ip-name: ${ADDRESS}
spec:
rules:
- http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: app1
port:
number: 8080
- path: /app2/*
pathType: ImplementationSpecific
backend:
service:
name: app2
port:
number: 8080
- path: /app3/*
pathType: ImplementationSpecific
backend:
service:
name: app3
port:
number: 8080
You would access your apps as follows:您将按如下方式访问您的应用程序:
- app-dev.company.com app-dev.company.com
- app-dev.company.com/app2 app-dev.company.com/app2
- app-dev.company.com/app3 app-dev.company.com/app3
Name-based virtual hosting : 基于名称的虚拟主机:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: multi-app-virtual
annotations:
kubernetes.io/ingress.global-static-ip-name: ${ADDRESS}
spec:
rules:
- host: app1.app-dev.company.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: app1
port:
number: 8080
- host: app2.app-dev.company.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: app2
port:
number: 8080
- host: ap32.app-dev.company.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: app3
port:
number: 8080
You would access your apps as follows:您将按如下方式访问您的应用程序:
- app1.app-dev.company.com app1.app-dev.company.com
- app2.app-dev.company.com app2.app-dev.company.com
- app3.app-dev.company.com app3.app-dev.company.com
Configure DNS records If you choose to do path-based routing, then you just need to add a single DNS A record which maps app-dev.company.com to the global IP address created above.配置 DNS 记录如果您选择进行基于路径的路由,那么您只需要添加一条 DNS A 记录,它将app-dev.company.com映射到上面创建的全局地址 IP。
If you choose name-based virtual hosting, you'll need to create a wildcard record mapping * .app-dev.company.com to the global IP address.如果您选择基于名称的虚拟主机,则需要创建通配符记录映射 * .app-dev.company.com到全局地址 IP。
See https://cloud.google.com/kube.netes-engine/docs/tutorials/configuring-domain-name-static-ip for more info.有关详细信息,请参阅https://cloud.google.com/kube.netes-engine/docs/tutorials/configuring-domain-name-static-ip 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.