构建后端为etcd的CoreDNS的容器集群（五）、coredns对接etcd测试

代先生.重庆

于 2024-10-18 08:50:20 发布

阅读量726

点赞数 22

分类专栏：容器运维数据库文章标签： etcd 数据库容器

本文链接：https://blog.csdn.net/forestqq/article/details/143016390

版权

运维同时被 3 个专栏收录

124 篇文章 17 订阅

订阅专栏

容器

34 篇文章 1 订阅

订阅专栏

数据库

27 篇文章 0 订阅

订阅专栏

本文为系列测试文章，拟基于自签名证书认证的etcd容器来构建coredns域名解析系统。

前置文章：

构建后端为etcd的CoreDNS的容器集群（一）、生成自签名证书

构建后端为etcd的CoreDNS的容器集群（二）、下载最新的etcd容器镜像

构建后端为etcd的CoreDNS的容器集群（三）、etcd功能测试

构建后端为etcd的CoreDNS的容器集群（四）、etcd挂载私有自签名证书进行访问测试

一、验证etcd集群状态

[root@localhost etcd]# ./etcdctl --endpoints=https://etcd-1:2379  --cacert ssl/ca.pem --cert ssl/etcd.pem  --key ssl/etcd-key.pem endpoint health   
https://etcd-1:2379 is healthy: successfully committed proposal: took = 18.912612ms

可见etcd集群运行正常

二、删除集群数据库中的原有测试数据

[root@localhost etcd]# cd ../etcd &&./etcdctl --endpoints=https://etcd-1:2379  --cacert ssl/ca.pem --cert ssl/etcd.pem  --key ssl/etcd-key.pem del --prefix "/"   
4
[root@localhost etcd]# cd ../etcd &&./etcdctl --endpoints=https://etcd-1:2379  --cacert ssl/ca.pem --cert ssl/etcd.pem  --key ssl/etcd-key.pem get --prefix "/"
[root@localhost etcd]#

三、安装coredns服务

[root@localhost etcd]# yum install coredns
Last metadata expiration check: 3:10:42 ago on 2024年10月17日 星期四 09时43分07秒.
Dependencies resolved.
=========================================================================================================================================================================================================================================
 Package                                              Architecture                                        Version                                                          Repository                                               Size
=========================================================================================================================================================================================================================================
Installing:
 coredns                                              x86_64                                              1.7.0-1.1.oe2203                                                 everything                                              9.9 M

Transaction Summary
=========================================================================================================================================================================================================================================
Install  1 Package

Total download size: 9.9 M
Installed size: 48 M
Is this ok [y/N]: y
Downloading Packages:
coredns-1.7.0-1.1.oe2203.x86_64.rpm                                                                                                                                                                      1.7 MB/s | 9.9 MB     00:05    
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                                                    1.7 MB/s | 9.9 MB     00:05     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                                                 1/1 
  Installing       : coredns-1.7.0-1.1.oe2203.x86_64                                                                                                                                                                                 1/1 
  Verifying        : coredns-1.7.0-1.1.oe2203.x86_64                                                                                                                                                                                 1/1 

Installed:
  coredns-1.7.0-1.1.oe2203.x86_64                                                                                                                                                                                                        

Complete!

四、配置coredns配置文件

[root@localhost etcd]# mkdir /opt/coredns && cd /opt/coredns
[root@localhost coredns]# pwd
/opt/coredns
[root@localhost coredns]# vi Corefile 
[root@localhost coredns]# cat Corefile 
.:53 {
    #hosts /etc/coredns/hostsfile 使用文件会降低性能
    # 禁用 IPV6 的解析,给所有 IPV6 的解析请求都响应空记录，即无此域名的 IPV6 记录
    template ANY AAAA {
        rcode NXDOMAIN
    }
    etcd  {
        path /coredns
        endpoint https://etcd-1:2379
        # 配置访问etcd证书，顺序一定要正确（不使用证书删除此配置即可）
        tls /opt/etcd/ssl/etcd.pem /opt/etcd/ssl/etcd-key.pem  /opt/etcd/ssl/ca.pem
        #fallthrough 
    }
    #log 
    #errors    
}

五、启动coredns服务至后台运行

[root@localhost coredns]# /usr/sbin/coredns -conf /opt/coredns/Corefile &
[1] 26066

六、向etcdo数据库添加域名键值对并验证信息

[root@localhost coredns]# cd ../etcd && ./etcdctl --endpoints=https://etcd-1:2379  --cacert ssl/ca.pem --cert ssl/etcd.pem  --key ssl/etcd-key.pem put /coredns/com/chinamobile/cq/rms/ep1 '{"host":"192.168.8.1","ttl":10}'   
OK
[root@localhost etcd]# ./etcdctl --endpoints=https://etcd-1:2379  --cacert ssl/ca.pem --cert ssl/etcd.pem  --key ssl/etcd-key.pem put /coredns/com/chinamobile/cq/rms/ep2 '{"host":"192.168.8.2","ttl":10}'
OK
[root@localhost etcd]# ./etcdctl --endpoints=https://etcd-1:2379  --cacert ssl/ca.pem --cert ssl/etcd.pem  --key ssl/etcd-key.pem put /coredns/com/chinamobile/cq/rms/ep3 '{"host":"192.168.8.3","ttl":10}'
OK
[root@localhost etcd]# cd ../etcd &&./etcdctl --endpoints=https://etcd-1:2379  --cacert ssl/ca.pem --cert ssl/etcd.pem  --key ssl/etcd-key.pem get --prefix "/"                                            
/coredns/com/chinamobile/cq/rms/ep1
{"host":"192.168.8.1","ttl":10}
/coredns/com/chinamobile/cq/rms/ep2
{"host":"192.168.8.2","ttl":10}
/coredns/com/chinamobile/cq/rms/ep3
{"host":"192.168.8.3","ttl":10}

七、验证域名解析情况

使用dig进行验证：

[root@localhost etcd]# dig @127.0.0.1 rms.cq.chinamobile.com

; <<>> DiG 9.16.23 <<>> @127.0.0.1 rms.cq.chinamobile.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18199
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 6b27c460897baaf7 (echoed)
;; QUESTION SECTION:
;rms.cq.chinamobile.com.                IN      A

;; ANSWER SECTION:
rms.cq.chinamobile.com. 10      IN      A       192.168.8.1
rms.cq.chinamobile.com. 10      IN      A       192.168.8.2
rms.cq.chinamobile.com. 10      IN      A       192.168.8.3

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 17 14:18:28 CST 2024
;; MSG SIZE  rcvd: 177

使用nslookup进行验证

[root@localhost etcd]# nslookup rms.cq.chinamobile.com 127.0.0.1
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   rms.cq.chinamobile.com
Address: 192.168.8.1
Name:   rms.cq.chinamobile.com
Address: 192.168.8.2
Name:   rms.cq.chinamobile.com
Address: 192.168.8.3
** server can't find rms.cq.chinamobile.com: NXDOMAIN

[root@localhost etcd]#

可以看到，coredns和etcd运行正常，域名解析正常。