004_部署dns服务_bind9

关于我们

https://yuemake.xyz
公众号: 悦码客
v: ymkcode
视频教程：https://www.bilibili.com/video/BV1bG411M7we?vd_source=2d319a7a197bc133da44d00cd53e970c

专注方向：
自动化流程服务
it咨询
it在线教学

doc

https://bind9.readthedocs.io/en/latest/reference.html

介绍

通常按照 ip 访问服务是不太合理的， ip 经常会发生变化
所以我们想要使用域名的方式，来访问服务
现在常用的是ingress 代理 k8s 的 svc 来提供域名访问。

但是在使用 ingress之前，我们需要 部署自己的 dns 服务，来将服务指向 ingress 所在的 ip 地址。
这样用户才可以 使用 域名 来访问 其他服务， 而不需要知道它们的 ip

我们选择用 bind9 来作为 dns 服务器, 当然除了支持 ingress 以外， dns 服务本身，在互联网或者企业内部，也是具有很多应用场景的。

参考

bind9\yml

准备镜像

host_ip=192.168.31.21
export  http_proxy="http://${host_ip}:7890"
export  https_proxy="http://${host_ip}:7890"
export  no_proxy="localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local,my-cluster-endpoint.com"

# yeah, ctr can pull images with the env variable http_proxy, but crictl cannot~
ctr -n k8s.io images pull   docker.io/ubuntu/bind9:9.18-22.04_beta

deployment

cd /git_proj/blogs/bind9/yml

kubectl apply -f bind9-deployment.yml

# 重启, 生效配置变更
kubectl replace --force -f bind9-deployment.yml

kubectl rollout restart -n bind9 deployment

修改 dns 配置文件

mkdir -p /data/bind9/etc/bind/

cat > /data/bind9/etc/bind/named.conf <<EOF

options {
    dnssec-validation no;
    allow-query { any; };
    forward first;
    forwarders {
        119.29.29.29;
    };
};

include "/etc/bind/named.conf.local";

EOF

cat > /data/bind9/etc/bind/named.conf.local <<EOF
zone "dev.inner.ymk.com" {
        type master;
        file "/etc/bind/db.dev.inner.ymk.com";
};

EOF

cat > /data/bind9/etc/bind/db.dev.inner.ymk.com <<"EOF"
$TTL 86400
@ IN SOA localhost. root.localhost. (
        1  ; Serial
    604800  ; Refresh
    86400  ; Retry
   2419200  ; Expire
    86400 ) ; Negative Cache TTL
;
@ IN NS localhost.
ingress    IN      A   192.168.31.241
wiki    IN      A   192.168.31.241
share    IN      A   192.168.31.241
workflow    IN      A   192.168.31.241
gerrit    IN      A   192.168.31.241
gitlab    IN      A   192.168.31.241
jenkins    IN      A   192.168.31.241
release    IN      A   192.168.31.241
mirrors    IN      A   192.168.31.241
repo    IN      A   192.168.31.241
pan    IN      A   192.168.31.241
ldap   IN      A   192.168.31.241
nginx-demo    IN      A   192.168.31.225

EOF

windows 查看 与 刷新 dns 缓存

ipconfig /displaydns

ipconfig /flushdns

nslookup wiki.dev.inner.ymk.com 192.168.31.234
# 服务器:  UnKnown
# Address:  192.168.31.234

# 名称:    wiki.dev.inner.ymk.com
# Address:  192.168.31.241

# 修改 windows 默认 dns 后
ping  wiki.dev.inner.ymk.com

nslookup nginx-demo.dev.inner.ymk.com 192.168.31.234
nginx-demo.dev.inner.ymk.com

bind9-deployment.yml

apiVersion: v1
kind: Namespace
metadata:
  name: bind9
  labels:
    name: bind9
---
apiVersion: v1
kind: Service
metadata:
  namespace: bind9
  name: bind9-service
  labels:
    app: bind9
spec:
  selector:
    app: bind9
  ports:
  - protocol: TCP
    port: 53
    targetPort: 53
    name: bind9-tcp
  - protocol: UDP
    port: 53
    targetPort: 53
    name: bind9
  type: LoadBalancer
  loadBalancerIP: 192.168.31.234
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: bind9
  name: bind9-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: bind9
  template:
    metadata:
      labels:
        app: bind9
    spec:
      containers:
      - name: bind9
        image:  docker.io/ubuntu/bind9:9.18-22.04_beta
        env:
        - name: BIND9_USER
          value: "root"
        ports:
        - containerPort: 53
          protocol: TCP
        - containerPort: 53
          protocol: UDP
        volumeMounts:
            - name: bind-config
              mountPath: /etc/bind/
            - name: bind-cache
              mountPath: /var/cache/bind
            - name: bind-lib
              mountPath: /var/lib/bind
      volumes:
      - name: bind-config
        hostPath:
          path: "/data/bind9/etc/bind/"
      - name: bind-cache
        hostPath:
          path: "/data/bind9/var/cache/bind"
      - name: bind-lib
        hostPath:
          path: "/data/bind9/var/lib/bind"