Kubernetes 外部DNS EKS AWS
[美国焊接学会EKS 1.13] 我正在尝试设置外部dns,如下所述: 我想在名称空间中设置它,下面是代码:Kubernetes 外部DNS EKS AWS,kubernetes,amazon-eks,external-dns,Kubernetes,Amazon Eks,External Dns,[美国焊接学会EKS 1.13] 我正在尝试设置外部dns,如下所述: 我想在名称空间中设置它,下面是代码: --- apiVersion: v1 kind: ServiceAccount metadata: name: external-dns namespace: qa --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: external-dns rules: -
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
namespace: qa
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: external-dns
rules:
- apiGroups: [""]
resources: ["services"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: qa
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: external-dns
namespace: qa
spec:
strategy:
type: Recreate
template:
metadata:
labels:
app: external-dns
spec:
serviceAccountName: external-dns
containers:
- name: external-dns
image: registry.opensource.zalan.do/teapot/external-dns:latest
args:
- --source=service
- --source=ingress
- --domain-filter=xxxxxx.domain.com
- --provider=aws
- --policy=sync
- --aws-zone-type=public
- --registry=txt
- --txt-owner-id=xxxxxxx
不幸的是,这不起作用,pod的状态是“CrashLoopBackOff”
以下是吊舱的日志:
time="2019-07-15T21:07:22Z" level=info msg="config: {Master: KubeConfig: RequestTimeout:30s IstioIngressGatewayServices:[istio-system/istio-ingressgateway] Sources:[service ingress] Namespace: AnnotationFilter: FQDNTemplate: CombineFQDNAndAnnotation:false IgnoreHostnameAnnotation:false Compatibility: PublishInternal:false PublishHostIP:false ConnectorSourceServer:localhost:8080 Provider:aws GoogleProject: DomainFilter:[xxxx] ExcludeDomains:[] ZoneIDFilter:[] AlibabaCloudConfigFile:/etc/kubernetes/alibaba-cloud.json AlibabaCloudZoneType: AWSZoneType:public AWSZoneTagFilter:[] AWSAssumeRole: AWSBatchChangeSize:1000 AWSBatchChangeInterval:1s AWSEvaluateTargetHealth:true AWSAPIRetries:3 AzureConfigFile:/etc/kubernetes/azure.json AzureResourceGroup: CloudflareProxied:false CloudflareZonesPerPage:50 RcodezeroTXTEncrypt:false InfobloxGridHost: InfobloxWapiPort:443 InfobloxWapiUsername:admin InfobloxWapiPassword: InfobloxWapiVersion:2.3.1 InfobloxSSLVerify:true InfobloxView: InfobloxMaxResults:0 DynCustomerName: DynUsername: DynPassword: DynMinTTLSeconds:0 OCIConfigFile:/etc/kubernetes/oci.yaml InMemoryZones:[] PDNSServer:http://localhost:8081 PDNSAPIKey: PDNSTLSEnabled:false TLSCA: TLSClientCert: TLSClientCertKey: Policy:sync Registry:txt TXTOwnerID:ZTZ2FLS733BGN TXTPrefix: Interval:1m0s Once:false DryRun:false LogFormat:text MetricsAddress::7979 LogLevel:info TXTCacheInterval:0s ExoscaleEndpoint:https://api.exoscale.ch/dns ExoscaleAPIKey: ExoscaleAPISecret: CRDSourceAPIVersion:externaldns.k8s.io/v1alpha1 CRDSourceKind:DNSEndpoint ServiceTypeFilter:[] CFAPIEndpoint: CFUsername: CFPassword: RFC2136Host: RFC2136Port:0 RFC2136Zone: RFC2136Insecure:false RFC2136TSIGKeyName: RFC2136TSIGSecret: RFC2136TSIGSecretAlg: RFC2136TAXFR:false NS1Endpoint: NS1IgnoreSSL:false TransIPAccountName: TransIPPrivateKeyFile:}"
time="2019-07-15T21:07:22Z" level=fatal msg="invalid configuration: no configuration has been provided"
但是,如果我在默认名称空间中部署完全相同的代码,则不会出现任何问题
需要帮忙吗
谢谢无效配置:未提供任何配置位来自尝试在没有显式配置的情况下构建Kube客户端配置。如果没有提供显式配置,它将尝试使用集群中的默认API服务器位置进行猜测。如果猜测失败,将显示此错误消息 如果出现以下情况,此默认配置可能会失败:
您的日志显示
名称空间为空。如果指定非默认名称空间,我认为这是不正确的。尝试将---namespace=qa
添加到您的部署
参数。抱歉,兄弟,我没有看到您的答复。我忘了提到我使用Terraform部署它。对于terraform,它不起作用,但是“kubect工作得很好”。最后,我创建了自己的头盔图表,并使用Terraform部署了该图表,现在它运行良好。
resource "kubernetes_service_account" "foo" {
name = "foo"
}
resource "kubernetes_deployment" "foo" {
...
spec {
...
template {
...
spec {
# Normally, this is what you should do:
#service_account_name = "${kubernetes_service_account.foo.name}"
volume {
name = "${kubernetes_service_account.foo.default_secret_name}"
secret {
secret_name = "${kubernetes_service_account.foo.default_secret_name}"
}
}
...
container {
...
volume_mount {
name = "${kubernetes_service_account.foo.default_secret_name}"
mount_path = "/var/run/secrets/kubernetes.io/serviceaccount"
read_only = true
}
}
}
}
}
}