专注方向:
自动化流程服务
it咨询
it在线教学
doc
https://bind9.readthedocs.io/en/latest/reference.html
介绍
通常按照 ip 访问服务是不太合理的, ip 经常会发生变化
所以我们想要使用域名的方式,来访问服务
现在常用的是ingress 代理 k8s 的 svc 来提供域名访问。
但是在使用 ingress之前,我们需要 部署自己的 dns 服务,来将服务指向 ingress 所在的 ip 地址。
这样用户才可以 使用 域名 来访问 其他服务, 而不需要知道它们的 ip
我们选择用 bind9 来作为 dns 服务器, 当然除了支持 ingress 以外, dns 服务本身,在互联网或者企业内部,也是具有很多应用场景的。
参考
bind9\yml
准备镜像
host_ip=192.168.31.21 export http_proxy="http://${host_ip}:7890" export https_proxy="http://${host_ip}:7890" export no_proxy="localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local,my-cluster-endpoint.com" # yeah, ctr can pull images with the env variable http_proxy, but crictl cannot~ ctr -n k8s.io images pull docker.io/ubuntu/bind9:9.18-22.04_beta
deployment
cd /git_proj/blogs/bind9/yml kubectl apply -f bind9-deployment.yml # 重启, 生效配置变更 kubectl replace --force -f bind9-deployment.yml kubectl rollout restart -n bind9 deployment
修改 dns 配置文件
mkdir -p /data/bind9/etc/bind/ cat > /data/bind9/etc/bind/named.conf <<EOF options { dnssec-validation no; allow-query { any; }; forward first; forwarders { 119.29.29.29; }; }; include "/etc/bind/named.conf.local"; EOF cat > /data/bind9/etc/bind/named.conf.local <<EOF zone "dev.inner.ymk.com" { type master; file "/etc/bind/db.dev.inner.ymk.com"; }; EOF cat > /data/bind9/etc/bind/db.dev.inner.ymk.com <<"EOF" $TTL 86400 @ IN SOA localhost. root.localhost. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 86400 ) ; Negative Cache TTL ; @ IN NS localhost. ingress IN A 192.168.31.241 wiki IN A 192.168.31.241 share IN A 192.168.31.241 workflow IN A 192.168.31.241 gerrit IN A 192.168.31.241 gitlab IN A 192.168.31.241 jenkins IN A 192.168.31.241 release IN A 192.168.31.241 mirrors IN A 192.168.31.241 repo IN A 192.168.31.241 pan IN A 192.168.31.241 ldap IN A 192.168.31.241 nginx-demo IN A 192.168.31.225 EOF
windows 查看 与 刷新 dns 缓存
ipconfig /displaydns ipconfig /flushdns nslookup wiki.dev.inner.ymk.com 192.168.31.234 # 服务器: UnKnown # Address: 192.168.31.234 # 名称: wiki.dev.inner.ymk.com # Address: 192.168.31.241 # 修改 windows 默认 dns 后 ping wiki.dev.inner.ymk.com nslookup nginx-demo.dev.inner.ymk.com 192.168.31.234 nginx-demo.dev.inner.ymk.com
bind9-deployment.yml
apiVersion: v1 kind: Namespace metadata: name: bind9 labels: name: bind9 --- apiVersion: v1 kind: Service metadata: namespace: bind9 name: bind9-service labels: app: bind9 spec: selector: app: bind9 ports: - protocol: TCP port: 53 targetPort: 53 name: bind9-tcp - protocol: UDP port: 53 targetPort: 53 name: bind9 type: LoadBalancer loadBalancerIP: 192.168.31.234 --- apiVersion: apps/v1 kind: Deployment metadata: namespace: bind9 name: bind9-deployment spec: replicas: 1 selector: matchLabels: app: bind9 template: metadata: labels: app: bind9 spec: containers: - name: bind9 image: docker.io/ubuntu/bind9:9.18-22.04_beta env: - name: BIND9_USER value: "root" ports: - containerPort: 53 protocol: TCP - containerPort: 53 protocol: UDP volumeMounts: - name: bind-config mountPath: /etc/bind/ - name: bind-cache mountPath: /var/cache/bind - name: bind-lib mountPath: /var/lib/bind volumes: - name: bind-config hostPath: path: "/data/bind9/etc/bind/" - name: bind-cache hostPath: path: "/data/bind9/var/cache/bind" - name: bind-lib hostPath: path: "/data/bind9/var/lib/bind"
