coredns 转发插件使用 k8s 服务名称
coredns forward plugin to use a k8s service name
要配置具有复制控制平面的多集群 Isito,要求之一是在 kube-system 命名空间中配置 k8s coredns 服务,将区域“global”转发到部署在中的“istiocoredns”服务的 IP istio 系统命名空间。喜欢this:
global:53 {
errors
cache 30
forward . $(kubectl get svc -n istio-system istiocoredns -o jsonpath={.spec.clusterIP}):53
}
在示例中使用该命令扩展获取 istiocoredns ClusterIP 服务类型的 IP。
由于这是一个非静态 IP 并且可以修改,我正在寻找一种方法来使用更动态和更能感知变化的东西。使用 istiocoredns 服务 FQDN 名称会很棒,但 coredns 文档没有提及任何相关内容。
是否有任何 coredns 插件或解决方法?
谢谢。
Is there any coredns plugin or workaround this?
有 istio coredns plugin, but as mentioned in the usage section 他们在这里设置了 coredns 的 IP。
Update the kube-dns config map to point to this coredns service as the upstream DNS service for the *.global domain. You will have to find out the cluster IP of coredns service and update the config map (or write a controller for this purpose!).
apiVersion: v1
kind: ConfigMap
metadata:
name: kube-dns
namespace: kube-system
data:
stubDomains: |
{"global": ["10.2.3.4"]}
但这里有一些有趣的信息
UPDATE: This plugin is no longer necessary as of Istio 1.8. DNS is built into the istio agent in the sidecar. Sidecar DNS is enabled by default in the preview profile. You can also enable it manually by setting the following config in the istio operator
meshConfig:
defaultConfig:
proxyMetadata:
ISTIO_META_DNS_CAPTURE: "true"
ISTIO_META_PROXY_XDS_VIA_AGENT: "true"
您可以找到更多关于它的信息here。
There are a few efforts in progress that will help simplify the DNS story:
Istio will soon support DNS interception for all workloads with a sidecar proxy. This will allow Istio to perform DNS lookup on behalf of the application.
Admiral is an Istio community project that provides a number of multicluster capabilities, including automatic creation of service DNS entries.
Kubernetes Multi-Cluster Services is a Kubernetes Enhancement Proposal (KEP) that defines an API for exporting services to multiple clusters. This effectively pushes the responsibility of service visibility and DNS resolution for the entire clusterset onto Kubernetes. There is also work in progress to build layers of MCS support into Istio, which would allow Istio to work with any cloud vendor MCS controller or even act as the MCS controller for the entire mesh.
While Admiral is available today, the Istio and Kubernetes communities are actively building more general solutions into their platforms. Stay tuned!
1.8 prelim 文档中有 article 相关内容。
要配置具有复制控制平面的多集群 Isito,要求之一是在 kube-system 命名空间中配置 k8s coredns 服务,将区域“global”转发到部署在中的“istiocoredns”服务的 IP istio 系统命名空间。喜欢this:
global:53 {
errors
cache 30
forward . $(kubectl get svc -n istio-system istiocoredns -o jsonpath={.spec.clusterIP}):53
}
在示例中使用该命令扩展获取 istiocoredns ClusterIP 服务类型的 IP。
由于这是一个非静态 IP 并且可以修改,我正在寻找一种方法来使用更动态和更能感知变化的东西。使用 istiocoredns 服务 FQDN 名称会很棒,但 coredns 文档没有提及任何相关内容。
是否有任何 coredns 插件或解决方法?
谢谢。
Is there any coredns plugin or workaround this?
有 istio coredns plugin, but as mentioned in the usage section 他们在这里设置了 coredns 的 IP。
Update the kube-dns config map to point to this coredns service as the upstream DNS service for the *.global domain. You will have to find out the cluster IP of coredns service and update the config map (or write a controller for this purpose!).
apiVersion: v1
kind: ConfigMap
metadata:
name: kube-dns
namespace: kube-system
data:
stubDomains: |
{"global": ["10.2.3.4"]}
但这里有一些有趣的信息
UPDATE: This plugin is no longer necessary as of Istio 1.8. DNS is built into the istio agent in the sidecar. Sidecar DNS is enabled by default in the preview profile. You can also enable it manually by setting the following config in the istio operator
meshConfig:
defaultConfig:
proxyMetadata:
ISTIO_META_DNS_CAPTURE: "true"
ISTIO_META_PROXY_XDS_VIA_AGENT: "true"
您可以找到更多关于它的信息here。
There are a few efforts in progress that will help simplify the DNS story:
Istio will soon support DNS interception for all workloads with a sidecar proxy. This will allow Istio to perform DNS lookup on behalf of the application.
Admiral is an Istio community project that provides a number of multicluster capabilities, including automatic creation of service DNS entries.
Kubernetes Multi-Cluster Services is a Kubernetes Enhancement Proposal (KEP) that defines an API for exporting services to multiple clusters. This effectively pushes the responsibility of service visibility and DNS resolution for the entire clusterset onto Kubernetes. There is also work in progress to build layers of MCS support into Istio, which would allow Istio to work with any cloud vendor MCS controller or even act as the MCS controller for the entire mesh.
While Admiral is available today, the Istio and Kubernetes communities are actively building more general solutions into their platforms. Stay tuned!
1.8 prelim 文档中有 article 相关内容。