Posted Updated 3 minutes read (About 452 words)
RKE2 CoreDNS 配置随记
RKE2 是通过 HelmChartConfig CRD 进行附加配置,所以要配置 CoreDNS 的话,建议也是通过这种方式进行配置。
配置 CoreDNS 打印解析日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| cat <<EOF | kubectl apply -f -
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rke2-coredns
namespace: kube-system
spec:
valuesContent: |-
servers:
- zones:
- zone: .
port: 53
plugins:
- name: errors
- name: health
configBlock: |-
lameduck 5s
- name: ready
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
- name: prometheus
parameters: 0.0.0.0:9153
- name: forward
parameters: . /etc/resolv.conf
- name: cache
parameters: 30
- name: loop
- name: reload
- name: loadbalance
# 此处添加 log 插件
- name: log
EOF
|
效果如下:
1
2
3
4
5
6
7
| .:53
[INFO] plugin/reload: Running configuration SHA512 = c6665a67f5213bb4bfff40d089abea74c2204a0de6a6081c3756bd4f5702dadc65adc46c9561ea09726560c76b14c7a17ee017d71c40337e40e1e7c3ee8d6580
CoreDNS-1.11.1
linux/amd64, go1.20.14 X:boringcrypto, ae2bbc29
[INFO] 127.0.0.1:44801 - 7331 "HINFO IN 394071549650387858.6622785674508966848. udp 56 false 512" NOTIMP qr,rd,ra 56 0.015719481s
[INFO] 172.16.16.140:49138 - 30061 "A IN kubernetes.default.svc.cluster.local. udp 54 false 512" NOERROR qr,aa,rd 106 0.000305994s
[INFO] 172.16.16.140:64634 - 7352 "AAAA IN kubernetes.default.svc.cluster.local. udp 54 false 512" NOERROR qr,aa,rd 147 0.000231917s
|
配置 CoreDNS 对 IPv6 类型的 AAAA 记录查询返回域名不存在
当业务不需要做 IPv6 的域名解析时,可以通过该配置降低通信成本:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
| cat <<EOF | kubectl apply -f -
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rke2-coredns
namespace: kube-system
spec:
valuesContent: |-
servers:
- zones:
- zone: .
port: 53
plugins:
- name: errors
- name: health
configBlock: |-
lameduck 5s
- name: ready
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
- name: prometheus
parameters: 0.0.0.0:9153
- name: forward
parameters: . /etc/resolv.conf
- name: cache
parameters: 30
- name: loop
- name: reload
- name: loadbalance
- name: log
# 此处添加 template 插件
- name: template
parameters: ANY AAAA
configBlock: |-
rcode NXDOMAIN
EOF
|
效果如下:
1
2
3
4
5
6
7
| .:53
[INFO] plugin/reload: Running configuration SHA512 = adff475b354490010d53800263b2eaf511bb7e61ee5f84f57447a0302a1d37032e245038e0026c71c91b32c77781b687ed1dc91ce7b82ce9f36ecdcbe5a8589d
CoreDNS-1.11.1
linux/amd64, go1.20.14 X:boringcrypto, ae2bbc29
[INFO] 127.0.0.1:50998 - 41251 "HINFO IN 3159548608793632308.3001229905203107415. udp 57 false 512" NOTIMP qr,rd,ra 57 0.016489023s
[INFO] 172.16.16.140:36027 - 14184 "A IN kubernetes.default.svc.cluster.local. udp 54 false 512" NOERROR qr,aa,rd 106 0.00025433s
[INFO] 172.16.16.140:61510 - 9818 "AAAA IN kubernetes.default.svc.cluster.local. udp 54 false 512" NXDOMAIN qr,aa,rd 54 0.000246489s
|
You need to set install_url to use ShareThis. Please set it in _config.yml.