kubernetes - coredns forward 插件以使用 k8s 服务名称

Question

要配置具有复制控制平面的多集群 Isito，要求之一是在 kube-system 命名空间中配置 k8s coredns 服务，将区域“global”转发到部署在 istio-system 命名空间中的“istiocoredns”服务的 IP .赞 this:

    global:53 {
        errors
        cache 30
        forward . $(kubectl get svc -n istio-system istiocoredns -o jsonpath={.spec.clusterIP}):53
    }

在示例中，使用该命令扩展来获取 istiocoredns ClusterIP 类型服务的 IP。
由于这是一个非静态 IP 并且可以修改，我正在寻找一种方法来使用更动态和变化感知的东西。使用 istiocoredns 服务 FQDN 名称会很棒，但 coredns 文档没有提到任何关于它的内容。
是否有任何 coredns 插件或解决方法？
谢谢你。

Answer 1

Is there any coredns plugin or workaround this?

有 istio coredns plugin ，但如 usage section 中所述无论如何，他们在这里设置了coredns的IP。

Update the kube-dns config map to point to this coredns service as the upstream DNS service for the *.global domain. You will have to find out the cluster IP of coredns service and update the config map (or write a controller for this purpose!).

apiVersion: v1
kind: ConfigMap
metadata:
  name: kube-dns
  namespace: kube-system
data:
  stubDomains: |
    {"global": ["10.2.3.4"]}

但这里有一些有趣的信息

UPDATE: This plugin is no longer necessary as of Istio 1.8. DNS is built into the istio agent in the sidecar. Sidecar DNS is enabled by default in the preview profile. You can also enable it manually by setting the following config in the istio operator

  meshConfig:
    defaultConfig:
      proxyMetadata:
        ISTIO_META_DNS_CAPTURE: "true"
        ISTIO_META_PROXY_XDS_VIA_AGENT: "true"

您可以找到有关它的更多信息 here .

There are a few efforts in progress that will help simplify the DNS story:

Istio will soon support DNS interception for all workloads with a sidecar proxy. This will allow Istio to perform DNS lookup on behalf of the application.

Admiral is an Istio community project that provides a number of multicluster capabilities, including automatic creation of service DNS entries.

Kubernetes Multi-Cluster Services is a Kubernetes Enhancement Proposal (KEP) that defines an API for exporting services to multiple clusters. This effectively pushes the responsibility of service visibility and DNS resolution for the entire clusterset onto Kubernetes. There is also work in progress to build layers of MCS support into Istio, which would allow Istio to work with any cloud vendor MCS controller or even act as the MCS controller for the entire mesh.

While Admiral is available today, the Istio and Kubernetes communities are actively building more general solutions into their platforms. Stay tuned!

有 article关于 1.8 prelim 文档中的内容。