如何使用ExternalDNS从DigitalOcean Kubernetes自动管理DNS记录

介绍 (Introduction)

When deploying web apps to Kubernetes, you usually use Services and Ingresses to expose apps beyond the cluster at your desired domain. This involves manually configuring not only the Ingress, but also the DNS records at your provider, which can be a time-consuming and error-prone process. This can become an obstacle as your application grows in complexity; when the external IP changes, it is necessary to update the DNS records accordingly.

将Web应用程序部署到Kubernetes时，通常使用服务和入口在所需域中将应用程序公开到群集之外。 这不仅需要在供应商处手动配置Ingress，还需要手动配置DNS记录，这可能是一个耗时且容易出错的过程。 随着应用程序复杂性的增加，这可能成为障碍。 当外部IP更改时，有必要相应地更新DNS记录。

To overcome this, the Kubernetes sig-network team created ExternalDNS for the purpose of automatically managing external DNS records from within a Kubernetes cluster. Once deployed, ExternalDNS works in the background and requires almost no additional configuration. Whenever a Service or Ingress is created or changed, ExternalDNS will update the records right away.

为了克服这个问题， Kubernetes sig-network团队创建了ExternalDNS ，目的是从Kubernetes集群中自动管理外部DNS记录。 部署后，ExternalDNS在后台运行，几乎不需要其他配置。 每当创建或更改服务或入口时，ExternalDNS都会立即更新记录。

In this tutorial, you will install ExternalDNS to your DigitalOcean Kubernetes cluster via Helm and configure it to use DigitalOcean as your DNS provider. Then, you will deploy a sample web app with an Ingress and use ExternalDNS to point it to your domain name. In the end, you will have an automated DNS record managing system in place for both Services and Ingresses.

在本教程中，您将通过Helm将ExternalDNS安装到DigitalOcean Kubernetes群集，并将其配置为使用DigitalOcean作为您的DNS提供程序。 然后，您将部署一个带有Ingress的示例Web应用程序，并使用ExternalDNS将其指向您的域名。 最后，您将拥有针对服务和入口的自动DNS记录管理系统。

先决条件 (Prerequisites)

• A DigitalOcean Kubernetes cluster with your connection configured as the kubectl default. Instructions on how to configure kubectl are shown under the Connect to your Cluster step when you create your cluster. To create a Kubernetes cluster on DigitalOcean, see Kubernetes Quickstart.

  一个DigitalOcean Kubernetes集群，其连接配置为kubectl默认。 创建集群时，“如何连接到集群”步骤下会显示有关如何配置kubectl说明。 要在DigitalOcean上创建Kubernetes集群，请参阅Kubernetes Quickstart 。

• The Helm package manager installed on your local machine, and Tiller installed on your cluster. To do this, complete Steps 1 and 2 of the How To Install Software on Kubernetes Clusters with the Helm Package Manager tutorial.

  在本地计算机上安装了Helm软件包管理器，在集群上安装了Tiller。 为此，请使用Helm Package Manager教程完成如何在Kubernetes群集上安装软件的步骤1和2。

• The Nginx Ingress Controller installed on your cluster using Helm in order to use ExternalDNS with Ingress Resources. To do this, follow How to Set Up an Nginx Ingress on DigitalOcean Kubernetes Using Helm. You’ll need to set the publishService property to true as per the instructions in Step 2.

  使用Helm在群集上安装的Nginx Ingress Controller可以将ExternalDNS与Ingress资源一起使用。 为此，请遵循如何使用Helm在DigitalOcean Kubernetes上设置Nginx入口 。 您需要按照步骤2中的说明将publishService属性设置为true 。

• A DigitalOcean API key (Personal Access Token) with read and write permissions. To create one, visit How to Create a Personal Access Token.

  具有读写权限的DigitalOcean API密钥(个人访问令牌)。 要创建一个，请访问如何创建个人访问令牌 。

• A fully registered domain name. This tutorial will use echo.example.com throughout. You can purchase a domain name on Namecheap, get one for free on Freenom, or use the domain registrar of your choice.

  完全注册的域名。 本教程将始终使用echo.example.com 。 你可以购买一个域名Namecheap ，免费获得一个在Freenom ，或使用你选择的域名注册商。

第1步-使用Helm安装ExternalDNS (Step 1 — Installing ExternalDNS Using Helm)

In this section, you will install ExternalDNS to your cluster using Helm and configure it to work with the DigitalOcean DNS service.

在本节中，您将使用Helm将ExternalDNS安装到您的群集，并将其配置为与DigitalOcean DNS服务一起使用。

In order to override some of the default settings of the ExternalDNS Helm chart, you’ll need to create a values.yaml file that you’ll pass in to Helm during installation. On the machine you use to access your cluster in the prerequisites, create the file by running:

为了覆盖ExternalDNS Helm图表的某些默认设置，您需要创建一个values.yaml文件，该文件将在安装过程中传递给Helm。 在前提条件中用于访问群集的计算机上，通过运行以下命令创建文件：

• nano externaldns-values.yaml
  纳米外部dns-values.yaml

Add the following lines:

添加以下行：

externaldns-values.yaml

externaldns-values.yaml

rbac:
  create: true

provider: digitalocean

digitalocean:
  apiToken: your_api_token

interval: "1m"

policy: sync # or upsert-only

# domainFilters: [ 'example.com' ]

In the first block, you enable RBAC (Role Based Access Control) manifest creation, which must be enabled on RBAC-enabled Kubernetes clusters like DigitalOcean. In the next line, you set the DNS service provider to DigitalOcean. Then, in the next block, you’ll add your DigitalOcean API token by replacing your_api_token.

在第一步中，您将启用RBAC (基于角色的访问控制)清单创建，必须在启用了RBAC的Kubernetes集群(例如DigitalOcean)上启用它。 在下一行中，将DNS服务提供程序设置为DigitalOcean。 然后，在下一个块中，您将通过替换your_api_token添加您的DigitalOcean API令牌。

The next line sets the interval at which ExternalDNS will poll for changes to Ingresses and Services. You can set it to a lower value to propogate changes to your DNS faster.

下一行设置了外部DNS轮询轮询Ingress和服务的时间间隔。 您可以将其设置为较低的值，以更快地将更改传播到DNS。

The policy setting determines whether ExternalDNS will only insert DNS records (upsert-only) or create and delete them as needed (sync). Fortunately, since version 0.3, ExternalDNS supports the concept of ownership by creating accompanying TXT records in which it stores information about the domains it creates, limiting its scope of action to only those it created.

该policy设置确定ExternalDNS是仅插入DNS记录( upsert-only )还是根据需要创建和删除它们( sync )。 幸运的是，从0.3版开始，ExternalDNS通过创建附带的TXT记录来支持所有权的概念，在其中存储有关其创建的域的信息，从而将其作用范围限制为仅创建的域。

The domainFilters parameter is used for limiting the domains that ExternalDNS can manage. You can uncomment it and enter your domains in the form of a string array, but this isn’t necessary.

domainFilters参数用于限制ExternalDNS可以管理的域。 您可以取消注释，并以字符串数组的形式输入域，但这不是必需的。

When you’ve finished editing, save and close the file.

完成编辑后，保存并关闭文件。

Now, install ExternalDNS to your cluster by running the following command:

现在，通过运行以下命令将ExternalDNS安装到您的群集：

• helm install stable/external-dns --name external-dns -f externaldns-values.yaml
  掌舵安装稳定/外部dns --name外部dns -f externaldns-values.yaml

The output will look similar to the following:

输出将类似于以下内容：

   
   

    
    Output
   
   
NAME:   external-dns
LAST DEPLOYED: ...
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Pod(related)
NAME                           READY  STATUS             RESTARTS  AGE
external-dns-69c545655f-xqjjf  0/1    ContainerCreating  0         0s

==> v1/Secret
NAME          TYPE    DATA  AGE
external-dns  Opaque  1     0s

==> v1/Service
NAME          TYPE       CLUSTER-IP    EXTERNAL-IP  PORT(S)   AGE
external-dns  ClusterIP  10.245.47.69  <none>       7979/TCP  0s

==> v1/ServiceAccount
NAME          SECRETS  AGE
external-dns  1        0s

==> v1beta1/ClusterRole
NAME          AGE
external-dns  0s

==> v1beta1/ClusterRoleBinding
NAME          AGE
external-dns  0s

==> v1beta1/Deployment
NAME          READY  UP-TO-DATE  AVAILABLE  AGE
external-dns  0/1    1           0          0s


NOTES:
...

You can verify the ExternalDNS creation by running the following command:

您可以通过运行以下命令来验证ExternalDNS的创建：

• kubectl --namespace=default get pods -l "app=external-dns,release=external-dns" -w
  kubectl --namespace =默认获取pods -l“ app = external-dns，release = external-dns” -w

   
   

    
    Output
   
   
NAME                            READY   STATUS              RESTARTS   AGE
external-dns-69bfcf8ccb-7j4hp   0/1     ContainerCreating   0          3s

You’ve installed ExternalDNS to your Kubernetes cluster. Next, you will deploy an example web app, expose it using an Nginx Ingress, and let ExternalDNS automatically point your domain name to the appropriate Load Balancer.

您已将ExternalDNS安装到Kubernetes集群中。 接下来，您将部署一个示例Web应用程序，使用Nginx Ingress公开它，然后让ExternalDNS自动将您的域名指向适当的负载均衡器。

第2步-部署和公开示例Web应用程序 (Step 2 — Deploying and Exposing an Example Web App)

In this section, you will deploy a dummy web app to your cluster in order to expose it using your Ingress. Then you’ll set up ExternalDNS to automatically configure DNS records for you. In the end, you will have DNS records for your domain pointed to the Load Balancer of the Ingress.

在本部分中，您将向您的集群部署一个虚拟Web应用程序，以便使用Ingress将其公开。 然后，您将设置ExternalDNS为您自动配置DNS记录。 最后，您将拥有指向入口负载均衡器的域的DNS记录。

The dummy web app you’ll deploy is http-echo by Hashicorp. It is an in-memory web server that echoes back the message you give it. You’ll store its Kubernetes manifests in a file named echo.yaml. Create it and open it for editing:

您将部署的虚拟Web应用程序是Hashicorp的http-echo 。 这是一个内存中的Web服务器，它回显您给它的消息。 您会将其Kubernetes清单存储在名为echo.yaml的文件中。 创建并打开以进行编辑：

• nano echo.yaml
  纳米回声

Add the following lines to your file:

将以下行添加到您的文件：

echo.yaml

回声

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: echo-ingress
spec:
  rules:
  - host: echo.example.com
    http:
      paths:
      - backend:
          serviceName: echo
          servicePort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: echo
spec:
  ports:
  - port: 80
    targetPort: 5678
  selector:
    app: echo
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: echo
spec:
  selector:
    matchLabels:
      app: echo
  replicas: 3
  template:
    metadata:
      labels:
        app: echo
    spec:
      containers:
      - name: echo
        image: hashicorp/http-echo
        args:
        - "-text=Echo!"
        ports:
        - containerPort: 5678

In this configuration, you define a Deployment, an Ingress, and a Service. The Deployment consists of three replicas of the http-echo app, with a custom message (Echo!) passed in. The Service is defined to allow access to the Pods in the Deployment via port 80. The Ingress is configured to expose the Service at your domain.

在此配置中，您将定义部署，入口和服务。 部署由http-echo应用程序的三个副本组成，并传入了自定义消息( Echo! )。服务被定义为允许通过端口80访问部署中的Pod。 入口配置为在您的域公开服务。

Replace echo.example.com with your domain, then save and close the file.

用您的域替换echo.example.com ，然后保存并关闭文件。

Now there is no need for you to configure the DNS records for the domain manually. ExternalDNS will do so automatically, as soon as you apply the configuration to Kubernetes.

现在，您无需手动为域配置DNS记录。 将配置应用于Kubernetes后，ExternalDNS会自动执行此操作。

To apply the configuration, run the following command:

要应用配置，请运行以下命令：

• kubectl create -f echo.yaml
  kubectl创建-f echo.yaml

You’ll see the following output:

您将看到以下输出：

   
   

    
    Output
   
   
ingress.extensions/echo-ingress created
service/echo created
deployment.apps/echo created

You’ll need to wait a short amount of time for ExternalDNS to notice the changes and create the appropriate DNS records. The interval setting in the Helm chart governs the length of time you’ll need to wait for your DNS record creation. In values.yaml, the interval length is set to 1 minute by default.

您需要等待一小段时间，以便ExternalDNS注意到更改并创建适当的DNS记录。 Helm图表中的interval设置控制着您等待创建DNS记录所需的时间长度。 在values.yaml ，间隔长度默认设置为1分钟。

You can visit your DigitalOcean Control Panel to see an A and TXT record.

您可以访问DigitalOcean控制面板以查看A和TXT记录。

Once the specified time interval has passed, access your domain using curl:

经过指定的时间间隔后，请使用curl访问您的域：

• curl echo.example.com

  卷曲echo.example.com

You’ll see the following output:

您将看到以下输出：

   
   

    
    Output
   
   
Echo!

This message confirms you’ve configured ExternalDNS and created the necessary DNS records to point to the Load Balancer of the Nginx Ingress Controller. If you see an error message, give it some time. Or, you can try accessing your domain from your browser where you’ll see Echo!.

该消息确认您已经配置了ExternalDNS并创建了必要的DNS记录，以指向Nginx Ingress Controller的负载均衡器。 如果看到错误消息，请花一些时间。 或者，您可以尝试在浏览器中访问Echo! 。

You’ve tested ExternalDNS by deploying an example app with an Ingress. You can also observe the new DNS records in your DigitalOcean Control Panel. In the next step, you’ll expose the Service at your domain name.

您已经通过部署带有Ingress的示例应用程序测试了ExternalDNS。 您也可以在DigitalOcean控制面板中观察新的DNS记录。 在下一步中，您将使用域名公开服务。

步骤3 —(可选)使用服务公开应用 (Step 3 — (Optional) Exposing the App Using a Service)

In this optional section, you’ll use Services with ExternalDNS instead of Ingresses. ExternalDNS allows you to make different Kubernetes resources available to DNS servers. Using Services is a similar process to Ingresses with the configuration modified for this alternate resource.

在此可选部分中，您将使用带有外部DNS的服务，而不是Ingresses。 ExternalDNS允许您使DNS服务器可以使用其他Kubernetes资源。 使用服务的过程与Ingress相似，只是为此备用资源修改了配置。

Note: Following this step will delete the DNS records you’ve just created.

注意：执行此步骤将删除您刚刚创建的DNS记录。

Since you’ll be customizing the Service contained in echo.yaml, you won’t need the echo-ingress anymore. Delete it using the following command:

由于您将自定义echo.yaml包含的服务，因此不再需要echo-ingress 。 使用以下命令将其删除：

• kubectl delete ing echo-ingress
  kubectl删除回声入口

The output will be:

输出将是：

   
   

    
    Output
   
   
ingress.extensions/echo-ingress deleted

ExternalDNS will delete the existing DNS records it created in the previous step. In the remainder of the step, you can use the same domain you have used before.

ExternalDNS将删除在上一步中创建的现有DNS记录。 在该步骤的其余部分，您可以使用之前使用的相同域。

Next, open the echo.yaml file for editing:

接下来，打开echo.yaml文件进行编辑：

• nano echo.yaml
  纳米回声

Replace the file contents with the following lines:

用以下行替换文件内容：

echo.yaml

回声

apiVersion: v1
kind: Service
metadata:
  name: echo
  annotations:
    external-dns.alpha.kubernetes.io/hostname: echo.example.com
spec:
  type: LoadBalancer
  ports:
  - port: 80
    targetPort: 5678
  selector:
    app: echo
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: echo
spec:
  selector:
    matchLabels:
      app: echo
  replicas: 3
  template:
    metadata:
      labels:
        app: echo
    spec:
      containers:
      - name: echo
        image: hashicorp/http-echo
        args:
        - "-text=Echo!"
        ports:
        - containerPort: 5678

You’ve removed Ingress from the file for the previous set up and changed the Service type to LoadBalancer. Furthermore, you’ve added an annotation specifying the domain name for ExternalDNS.

您已从文件中删除了先前设置的Ingress并将服务类型更改为LoadBalancer 。 此外，您还添加了一个注释，用于指定ExternalDNS的域名。

Apply the changes to your cluster by running the following command:

通过运行以下命令将更改应用于集群：

• kubectl apply -f echo.yaml
  kubectl应用-f echo.yaml

The output will be:

输出将是：

   
   

    
    Output
   
   
service/echo configured
deployment.apps/echo configured

You can watch the Service’s Load Balancer become available by running:

您可以通过运行以下命令查看服务的负载均衡器是否可用：

• kubectl get svc echo -w
  kubectl获取svc echo -w

You will see output similar to the following:

您将看到类似于以下内容的输出：

   
   

    
    Output
   
   
NAME   TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
echo   LoadBalancer   10.245.81.235   <pending>     80:31814/TCP   8s
...

As in the previous step, you’ll need to wait some time for the DNS records to be created and propagated. Once that is done, curl the domain you specified:

与上一步一样，您需要等待一段时间才能创建和传播DNS记录。 完成后， curl您指定的域：

• curl echo.example.com

  卷曲echo.example.com

The output will be the same as the previous step:

输出将与上一步相同：

   
   

    
    Output
   
   
Echo!

If you get an error, wait a little longer, or you can try a different domain. Since DNS records are cached on client systems, it may take a long time for the changes to actually propagate.

如果出现错误，请稍等一下，否则您可以尝试其他域。 由于DNS记录缓存在客户端系统上，因此更改可能要花费很长时间才能真正传播。

In this step, you created a Service (of type LoadBalancer) and pointed it to your domain name using ExternalDNS.

在此步骤中，您创建了一个Service(类型为LoadBalancer )并使用ExternalDNS将其指向您的域名。

结论 (Conclusion)

ExternalDNS works silently in the background and provides a friction-free experience. Your Kubernetes cluster has just become the central source of truth regarding the domains. You won’t have to manually update DNS records anymore.

ExternalDNS在后台静默运行，并提供无摩擦的体验。 您的Kubernetes集群刚刚成为有关领域的重要事实来源。 您将不再需要手动更新DNS记录。

The real power of ExternalDNS will become apparent when creating testing environments from a Continuous Delivery system. If you want to set up one such system on your Kubernetes cluster, visit How To Set Up a CD Pipeline with Spinnaker on DigitalOcean Kubernetes.

从持续交付系统创建测试环境时，ExternalDNS的真正功能将变得显而易见。 如果要在Kubernetes集群上设置这样的系统，请访问如何在DigitalOcean Kubernetes上使用Spinnaker设置CD管道 。

翻译自: https://www.digitalocean.com/community/tutorials/how-to-automatically-manage-dns-records-from-digitalocean-kubernetes-using-externaldns