EKS:如何在eks cloudmap中注册动态生成的eks负载均衡器dns?
[英]EKS: how to register dynamic generated eks loadbalancer dns in eks cloudmap?
问题描述
我有一个我使用过的kafka外部服务type: Loadbalancer
问题:此服务将始终在卸载/删除后创建新的负载均衡器。
用例:我想在 AWS 云图中针对一个 static DNS 注册负载均衡器的 dns。
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
service.beta.kubernetes.io/aws-load-balancer-type: nlb
name: kafka-test-3-1-external
labels:
helm.sh/chart: kafka-0.21.5
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: kafka-broker
app.kubernetes.io/name: kafka
app.kubernetes.io/instance: kafka-test-3
pod: "kafka-test-3-1"
spec:
type: LoadBalancer
ports:
- name: external-broker
port: 19092
targetPort: 19092
protocol: TCP
#
selector:
app.kubernetes.io/component: kafka-broker
app.kubernetes.io/name: kafka
app.kubernetes.io/instance: kafka-test-3
statefulset.kubernetes.io/pod-name: "kafka-test-3-1"
我怎样才能做到这一点?
1 个解决方案
解决方案1
0 已采纳 2021-04-01 10:56:48
您可以在服务中使用以下注释
external-dns.alpha.kubernetes.io/hostname: "kafka-test-3-1.kafka.internal"
external-dns.alpha.kubernetes.io/ttl: "60"
其中kafka.internal是我的云地图命名空间。
所以服务看起来像下面的代码片段。
apiVersion: v1
kind: Service
metadata:
annotations:
external-dns.alpha.kubernetes.io/hostname: "kafka-test-3-1.kafka.internal"
external-dns.alpha.kubernetes.io/ttl: "60"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
service.beta.kubernetes.io/aws-load-balancer-type: nlb
name: kafka-test-3-1-external
labels:
helm.sh/chart: kafka-0.21.5
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: kafka-broker
app.kubernetes.io/name: kafka
app.kubernetes.io/instance: kafka-test-3
pod: "kafka-test-3-1"
spec:
type: LoadBalancer
ports:
- name: external-broker
port: 19092
targetPort: 19092
protocol: TCP
#
selector:
app.kubernetes.io/component: kafka-broker
app.kubernetes.io/name: kafka
app.kubernetes.io/instance: kafka-test-3
statefulset.kubernetes.io/pod-name: "kafka-test-3-1"
要将服务负载均衡器的 dns 注册到 cloud-map,我们需要使用external-dns服务。
注意:您必须在 cloudmap 中创建命名空间。 并为您的 kubernetes 用户提供足够的访问权限。
要使用 AWS 云 Map API,用户必须有权创建 DNS 命名空间。 此外,您需要确保您的节点(External DNS 在其上运行)具有附加了AWSCloudMapFullAccess托管策略的 IAM 实例配置文件,该配置文件提供以下权限:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:GetHostedZone",
"route53:ListHostedZonesByName",
"route53:CreateHostedZone",
"route53:DeleteHostedZone",
"route53:ChangeResourceRecordSets",
"route53:CreateHealthCheck",
"route53:GetHealthCheck",
"route53:DeleteHealthCheck",
"route53:UpdateHealthCheck",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
"servicediscovery:*"
],
"Resource": [
"*"
]
}
]
}
在应用以下代码段之前,请替换占位符
- YOUR_NAMESPACE :使用您的 kubernetes 的集群命名空间,如默认值
- AWS_REGION_VALUE :ap-south-1
- DOMAIN_FILTER :它必须是您的云图命名空间的名称。 就我而言,它将是
kafka.internal
片段:外部DNS
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: external-dns
rules:
- apiGroups: [""]
resources: ["services","endpoints","pods"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list","watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: YOUR_NAMESPACE
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: external-dns
template:
metadata:
labels:
app: external-dns
spec:
serviceAccountName: external-dns
containers:
- name: external-dns
image: k8s.gcr.io/external-dns/external-dns:v0.7.6
env:
- name: AWS_REGION
value: AWS_REGION_VALUE # ap-south-1 put your CloudMap NameSpace region
args:
- --source=service
- --source=ingress
- --domain-filter=DOMAIN_FILTER # Makes ExternalDNS see only the namespaces that match the specified domain. Omit the filter if you want to process all available namespaces.
- --provider=aws-sd
- --aws-zone-type=private # Only look at public namespaces. Valid values are public, private, or no value for both)
- --txt-owner-id=kafka-identifier
External-dns pod will polling for changes in kubernetes services and if find any changes it will use external-dns.alpha.kubernetes.io/hostname annotation to map that loadbalancer's dns into cloud-map namespaces.
有关自动注册的更多详细信息, https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws-sd.md
将 Classic Loadbalancer 迁移到 EKS 中的 Application Loadbalancer
[英]Migrate Classic Loadbalancer to Application Loadbalancer in EKS
EKS LoadBalancer 服务未从 EKS 外部返回响应
[英]EKS LoadBalancer service not returning response outside from EKS
如何使用负载均衡器类型向 aws eks 提供弹性 ip 用于外部服务?
[英]How to provide elastic ip to aws eks for external service with type loadbalancer?
AWS EKS:服务(LoadBalancer)正在运行但不响应请求
[英]AWS EKS: Service(LoadBalancer) running but not responding to requests
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何做 DNS 指向 aws eks
如何查找 EKS Fargate 集群 DNS 名称?
如何在 EKS 中添加或修复 kube-dns?
将 Classic Loadbalancer 迁移到 EKS 中的 Application Loadbalancer
EKS LoadBalancer 服务未从 EKS 外部返回响应
外部 DNS EKS AWS
如何使用负载均衡器类型向 aws eks 提供弹性 ip 用于外部服务?
如何将EKS卷直接附加到EKS Pod
AWS EKS 负载均衡器和 Kubernetes 之间的区别?
AWS EKS:服务(LoadBalancer)正在运行但不响应请求
相关标签