使用 Azure Kubernetes 服务自定义 CoreDNSCustomize CoreDNS with Azure Kubernetes Service

Azure Kubernetes 服务 (AKS) 可将适用于管理和解决群集 DNS 问题的 CoreDNS 项目与所有 1.12.x 及更高版本的群集配合使用。Azure Kubernetes Service (AKS) uses the CoreDNS project for cluster DNS management and resolution with all 1.12.x and higher clusters. 以前使用 kube-dns 项目。Previously, the kube-dns project was used. 该 kube-dns 项目现已弃用。This kube-dns project is now deprecated. 有关 CoreDNS 自定义和 Kubernetes 的详细信息,请参阅官方的上游文档For more information about CoreDNS customization and Kubernetes, see the official upstream documentation.

由于 AKS 是托管的服务,因此不能修改 CoreDNS 的主要配置 (CoreFile)。As AKS is a managed service, you cannot modify the main configuration for CoreDNS (a CoreFile). 可以改用 Kubernetes ConfigMap 来替代默认设置。Instead, you use a Kubernetes ConfigMap to override the default settings. 若要查看默认的 AKS CoreDNS ConfigMap,请使用 kubectl get configmaps --namespace=kube-system coredns -o yaml 命令。To see the default AKS CoreDNS ConfigMaps, use the kubectl get configmaps --namespace=kube-system coredns -o yaml command.

本文介绍如何在 AKS 中将 ConfigMap 用于 CoreDNS 的基本自定义选项。This article shows you how to use ConfigMaps for basic customization options of CoreDNS in AKS. 此方法不同于在其他上下文中配置 CoreDNS,例如使用 CoreFile。This approach differs from configuring CoreDNS in other contexts such as using the CoreFile. 验证正在运行的 CoreDNS 的版本,因为配置值可能会在不同版本之间发生变化。Verify the version of CoreDNS you are running as the configuration values may change between versions.

备注

kube-dns 通过 Kubernetes 配置映射提供不同的自定义选项kube-dns offered different customization options via a Kubernetes config map. CoreDNS 后向兼容 kube-dns。CoreDNS is not backwards compatible with kube-dns. 以前使用的任何自定义项都必须在更新后才能与 CoreDNS 配合使用。Any customizations you previously used must be updated for use with CoreDNS.

开始之前Before you begin

本文假定你拥有现有的 AKS 群集。This article assumes that you have an existing AKS cluster. 如果需要 AKS 群集,请参阅 AKS 快速入门使用 Azure CLI使用 Azure 门户If you need an AKS cluster, see the AKS quickstart using the Azure CLI or using the Azure portal.

创建类似下面示例的配置时,data 部分中的名称必须以 .server 或 .override 结尾 。When creating a configuration like the examples below, your names in the data section must end in either .server or .override. 这个命名约定是在默认的 AKS CoreDNS Configmap 中定义的,可以使用 kubectl get configmaps --namespace=kube-system coredns -o yaml 命令查看。This naming convention is defined in the default AKS CoreDNS Configmap which you can view using the kubectl get configmaps --namespace=kube-system coredns -o yaml command.

支持的/不支持的插件What is supported/unsupported

支持所有内置 CoreDNS 插件。All built-in CoreDNS plugins are supported. 不支持任何附加/第三方插件。No add-on/third party plugins are supported.

重写 DNSRewrite DNS

一个可以使用的方案是执行 DNS 名称即时重写。One scenario you have is to perform on-the-fly DNS name rewrites. 在以下示例中,请将 <domain to be written> 替换为你自己的完全限定域名。In the following example, replace <domain to be written> with your own fully qualified domain name. 创建名为 corednsms.yaml 的文件并粘贴以下示例配置:Create a file named corednsms.yaml and paste the following example configuration:

apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns-custom
  namespace: kube-system
data:
  test.server: | # you may select any name here, but it must end with the .server file extension
    <domain to be rewritten>.com:53 {
        errors
        cache 30
        rewrite name substring <domain to be rewritten>.com default.svc.cluster.local
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          upstream
          fallthrough in-addr.arpa ip6.arpa
        }
        forward .  /etc/resolv.conf # you can redirect this to a specific DNS server such as 10.0.0.10, but that server must be able to resolve the rewritten domain name
    }

重要

如果重定向到 DNS 服务器(例如 CoreDNS 服务 IP),则该 DNS 服务器必须能够解析重写的域名。If you redirect to a DNS server, such as the CoreDNS service IP, that DNS server must be able to resolve the rewritten domain name.

使用 kubectl apply configmap 命令创建 ConfigMap,并指定 YAML 清单的名称:Create the ConfigMap using the kubectl apply configmap command and specify the name of your YAML manifest:

kubectl apply -f corednsms.yaml

若要验证自定义项是否已得到应用,请使用 kubectl get configmaps 命令并指定 coredns-custom ConfigMap:To verify the customizations have been applied, use the kubectl get configmaps and specify your coredns-custom ConfigMap:

kubectl get configmaps --namespace=kube-system coredns-custom -o yaml

现在强制 CoreDNS 重新加载 ConfigMap。Now force CoreDNS to reload the ConfigMap. kubectl delete pod 命令不是破坏性的,不会导致停机。The kubectl delete pod command isn't destructive and doesn't cause down time. kube-dns Pod 会被删除,然后 Kubernetes 计划程序会重新创建它们。The kube-dns pods are deleted, and the Kubernetes Scheduler then recreates them. 这些新的 Pod 包含 TTL 值中的更改。These new pods contain the change in TTL value.

kubectl delete pod --namespace kube-system -l k8s-app=kube-dns

备注

以上命令是正确的。The command above is correct. 当我们更改 coredns 时,部署采用 kube-dns 名称。While we're changing coredns, the deployment is under the kube-dns name.

自定义转发服务器Custom forward server

如需为网络流量指定转发服务器,可以创建 ConfigMap 以自定义 DNS。If you need to specify a forward server for your network traffic, you can create a ConfigMap to customize DNS. 在以下示例中,请将 forward 名称和地址更新为你自己的环境的值。In the following example, update the forward name and address with the values for your own environment. 创建名为 corednsms.yaml 的文件并粘贴以下示例配置:Create a file named corednsms.yaml and paste the following example configuration:

apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns-custom
  namespace: kube-system
data:
  test.server: | # you may select any name here, but it must end with the .server file extension
    <domain to be rewritten>.com:53 {
        forward foo.com 1.1.1.1
    }

与前面的示例一样,使用 kubectl apply configmap 命令创建 ConfigMap,并指定 YAML 清单的名称。As in the previous examples, create the ConfigMap using the kubectl apply configmap command and specify the name of your YAML manifest. 然后,使用 kubectl delete pod 强制 CoreDNS 重新加载 ConfigMap,以便 Kubernetes 计划程序重新创建它们:Then, force CoreDNS to reload the ConfigMap using the kubectl delete pod for the Kubernetes Scheduler to recreate them:

kubectl apply -f corednsms.yaml
kubectl delete pod --namespace kube-system --selector k8s-app=kube-dns

使用自定义域Use custom domains

可能需要配置只能在内部进行解析的自定义域。You may want to configure custom domains that can only be resolved internally. 例如,可能需要解析自定义域 puglife.local,该域不是有效的顶级域。For example, you may want to resolve the custom domain puglife.local, which isn't a valid top-level domain. 在没有自定义域 ConfigMap 的情况下,AKS 群集无法解析该地址。Without a custom domain ConfigMap, the AKS cluster can't resolve the address.

在以下示例中,请将用于定向流量的自定义域和 IP 地址更新为你自己的环境的值。In the following example, update the custom domain and IP address to direct traffic to with the values for your own environment. 创建名为 corednsms.yaml 的文件并粘贴以下示例配置:Create a file named corednsms.yaml and paste the following example configuration:

apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns-custom
  namespace: kube-system
data:
  puglife.server: | # you may select any name here, but it must end with the .server file extension
    puglife.local:53 {
        errors
        cache 30
        forward . 192.11.0.1  # this is my test/dev DNS server
    }

与前面的示例一样,使用 kubectl apply configmap 命令创建 ConfigMap,并指定 YAML 清单的名称。As in the previous examples, create the ConfigMap using the kubectl apply configmap command and specify the name of your YAML manifest. 然后,使用 kubectl delete pod 强制 CoreDNS 重新加载 ConfigMap,以便 Kubernetes 计划程序重新创建它们:Then, force CoreDNS to reload the ConfigMap using the kubectl delete pod for the Kubernetes Scheduler to recreate them:

kubectl apply -f corednsms.yaml
kubectl delete pod --namespace kube-system --selector k8s-app=kube-dns

存根域Stub domains

CoreDNS 也可用于配置存根域。CoreDNS can also be used to configure stub domains. 在以下示例中,请将自定义域和 IP 地址更新为你自己的环境的值。In the following example, update the custom domains and IP addresses with the values for your own environment. 创建名为 corednsms.yaml 的文件并粘贴以下示例配置:Create a file named corednsms.yaml and paste the following example configuration:

apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns-custom
  namespace: kube-system
data:
  test.server: | # you may select any name here, but it must end with the .server file extension
    abc.com:53 {
        errors
        cache 30
        forward . 1.2.3.4
    }
    my.cluster.local:53 {
        errors
        cache 30
        forward . 2.3.4.5
    }

与前面的示例一样,使用 kubectl apply configmap 命令创建 ConfigMap,并指定 YAML 清单的名称。As in the previous examples, create the ConfigMap using the kubectl apply configmap command and specify the name of your YAML manifest. 然后,使用 kubectl delete pod 强制 CoreDNS 重新加载 ConfigMap,以便 Kubernetes 计划程序重新创建它们:Then, force CoreDNS to reload the ConfigMap using the kubectl delete pod for the Kubernetes Scheduler to recreate them:

kubectl apply -f corednsms.yaml
kubectl delete pod --namespace kube-system --selector k8s-app=kube-dns

Hosts 插件Hosts plugin

由于所有内置插件都受支持,这意味着 CoreDNS Hosts 插件也可用于自定义:As all built-in plugins are supported this means that the CoreDNS Hosts plugin is available to customize as well:

apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns-custom # this is the name of the configmap you can overwrite with your changes
  namespace: kube-system
data:
    test.override: | # you may select any name here, but it must end with the .override file extension
          hosts example.hosts example.org { # example.hosts must be a file
              10.0.0.1 example.org
              fallthrough
          }

启用日志记录以进行 DNS 查询调试Enable logging for DNS query debugging

若要启用 DNS 查询日志记录,请在 coredns-custom ConfigMap 中应用以下配置:To enable DNS query logging, apply the following configuration in your coredns-custom ConfigMap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns-custom
  namespace: kube-system
data:
  log.override: | # you may select any name here, but it must end with the .override file extension
        log

后续步骤Next steps

本文介绍了一些适用于 CoreDNS 自定义的示例方案。This article showed some example scenarios for CoreDNS customization. 有关 CoreDNS 项目的信息,请参阅 CoreDNS 上游项目页For information on the CoreDNS project, see the CoreDNS upstream project page.

若要详细了解核心网络概念,请参阅 AKS 中应用程序的网络概念To learn more about core network concepts, see Network concepts for applications in AKS.