在搭建openshift,需要用到域名解析,自搭dns服务器,以前都是用named的,这次接触到多两种方式
1.named
[root@base ~]# yum install bind -y
[root@base ~]# vim /etc/named.conf
options {
listen-on port 53 { 10.83.15.30; }; # 这里是把本机作dns服务器
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
forwarders { 10.83.15.254; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
[root@base ~]# named-checkconf # 检查配置是否有问题
[root@base ~]# vim /etc/named.rfc1912.zones # 结尾加一个zone
zone "ocp.example.com" IN {
type master;
file "ocp.example.com.zone";
allow-update { 10.83.15.30; };
};
[root@base ~]# named-checkconf
[root@base ~]# vim /var/named/ocp.example.com.zone # 新建zone
$ORIGIN ocp.example.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.ocp.example.com. dnsadmin.ocp.example.com. (
2021092901 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.ocp.example.com.
$TTL 60 ; 1 minute
dns A 10.83.15.30
api A 10.83.15.30
api-int A 10.83.15.30
bootstrap A 10.83.15.30
master1 A 10.83.15.30
master2 A 10.83.15.30
master3 A 10.83.15.30
worker1 A 10.83.15.30
worker2 A 10.83.15.30
etcd-0 A 10.83.15.30
etcd-1 A 10.83.15.30
etcd-2 A 10.83.15.30
[root@base ~]# named-checkconf
[root@base ~]# systemctl start named
[root@base ~]# systemctl enable named
[root@base ~]# netstat -lntup | grep 53
2.etcd + coredns
[root@base ~]# yum install -y etcd
[root@base ~]# systemctl enable etcd --now
[root@base ~]# wget https://github.com/coredns/coredns/releases/download/v1.6.9/coredns_1.6.9_linux_amd64.tgz
[root@base ~]# tar zxvf coredns_1.6.9_linux_amd64.tgz
[root@base ~]# mv coredns /usr/local/bin
# 创建启动文件
[root@base ~]# cat > /etc/systemd/system/coredns.service <<EOF
[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io
After=network.target
[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
WorkingDirectory=~
ExecStart=/usr/local/bin/coredns -conf=/etc/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
# 创建Corefile配置文件,要大写
[root@base ~]# cat /etc/coredns/Corefile
.:53 {
template IN A apps.ocp.example.com {
match .*apps.ocp.example.com
answer "{{ .Name }} 60 IN A 10.83.15.30"
fallthrough
}
etcd {
path /skydns
endpoint http://localhost:2379
fallthrough
}
cache 160
loadbalance
log
}
# 配置解析信息到etcd的skydns目录
alias etcdctlv3='ETCDCTL_API=3 etcdctl'
etcdctlv3 put /skydns/com/example/ocp/api '{"host":"10.83.15.30","ttl":60}'
etcdctlv3 put /skydns/com/example/ocp/api-int '{"host":"10.83.15.30","ttl":60}'
etcdctlv3 put /skydns/com/example/ocp/etcd-0 '{"host":"10.83.15.32","ttl":60}'
etcdctlv3 put /skydns/com/example/ocp/etcd-1 '{"host":"10.83.15.33","ttl":60}'
etcdctlv3 put /skydns/com/example/ocp/etcd-2 '{"host":"10.83.15.34","ttl":60}'
etcdctlv3 put /skydns/com/example/ocp/_tcp/_etcd-server-ssl/x1 '{"host":"etcd-0.ocp.example.com","ttl":60,"priority":0,"weight":10,"port":2380}'
etcdctlv3 put /skydns/com/example/ocp/_tcp/_etcd-server-ssl/x2 '{"host":"etcd-1.ocp.example.com","ttl":60,"priority":0,"weight":10,"port":2380}'
etcdctlv3 put /skydns/com/example/ocp/_tcp/_etcd-server-ssl/x3 '{"host":"etcd-2.ocp.example.com","ttl":60,"priority":0,"weight":10,"port":2380}'
# 除此之外再添加各节点主机名记录
etcdctlv3 put /skydns/com/example/ocp/bootstrap '{"host":"10.83.15.31","ttl":60}'
etcdctlv3 put /skydns/com/example/ocp/master1 '{"host":"10.83.15.32","ttl":60}'
etcdctlv3 put /skydns/com/example/ocp/master2 '{"host":"10.83.15.33","ttl":60}'
etcdctlv3 put /skydns/com/example/ocp/master3 '{"host":"10.83.15.34","ttl":60}'
etcdctlv3 put /skydns/com/example/ocp/worker1 '{"host":"10.83.15.35","ttl":60}'
etcdctlv3 put /skydns/com/example/ocp/worker2 '{"host":"10.83.15.36","ttl":60}'
etcdctlv3 put /skydns/com/example/ocp/registry '{"host":"10.83.15.30","ttl":60}'
[root@base ~]# systemctl start etcd
[root@base ~]# systemctl start coredns
[root@base ~]# systemctl enable coredns --now
[root@base ~]# systemctl enable etcd --now
3.dnsmasq
这是docker安装的
docker search dnsmasq
docker pull jpillora/dnsmasq
docker exec -it xxxx /bin/sh
/ # cat etc/dnsmasq.conf
cache-size=10000
dns-forward-max=10000000
address=/api.ocp.example.com/10.83.15.30
address=/api-int.ocp.example.com/10.83.15.30
address=/\*.apps.ocp.example.com/10.83.15.30
address=/oauth-openshift.apps.ocp.example.com/10.83.15.30
address=/bootstrap.ocp.example.com/10.83.15.31
address=/console-openshift-console.apps.ocp.example.com/10.83.15.30
address=/master1.ocp.example.com/10.83.15.32
address=/master2.ocp.example.com/10.83.15.33
address=/master3.ocp.example.com/10.83.15.34
address=/worker1.ocp.example.com/10.83.15.35
address=/worker2.ocp.example.com/10.83.15.36
address=/etcd-0.ocp.example.com/10.83.15.32
address=/etcd-1.ocp.example.com/10.83.15.33
address=/etcd-2.ocp.example.com/10.83.15.34
srv-host=_etcd-server-ssl._tcp.ocp.example.com,etcd-0.ocp.example.com,2380,0,100
srv-host=_etcd-server-ssl._tcp.ocp.example.com,etcd-1.ocp.example.com,2380,0,100
srv-host=_etcd-server-ssl._tcp.ocp.example.com,etcd-2.ocp.example.com,2380,0,100
验证
修改本机第一DNS为本机地址
[root@base ~]# cat /etc/resolv.conf
nameserver 10.83.15.30
nameserver 114.114.114.114
[root@base coredns]# dig +short api.ocp.example.com @127.0.0.1
10.83.15.30
[root@base coredns]# dig +short api-int.ocp.example.com @127.0.0.1
10.83.15.30
[root@base coredns]# dig +short bootstrap.ocp.example.com @127.0.0.1
10.83.15.31
[root@base coredns]# dig +short master1.ocp.example.com @127.0.0.1
10.83.15.32
[root@base coredns]# dig +short master2.ocp.example.com @127.0.0.1
10.83.15.33
[root@base coredns]# dig +short master3.ocp.example.com @127.0.0.1
10.83.15.34
[root@base coredns]# dig +short worker1.ocp.example.com @127.0.0.1
10.83.15.35
[root@base coredns]# dig +short worker2.ocp.example.com @127.0.0.1
10.83.15.36
[root@base coredns]# dig +short -t SRV _etcd-server-ssl._tcp.ocp.example.com @127.0.0.1
10 33 2380 etcd-0.ocp.example.com.
10 33 2380 etcd-1.ocp.example.com.
10 33 2380 etcd-2.ocp.example.com.