Kubernetes 外部DNS EKS AWS_Kubernetes_Amazon Eks_External Dns

Kubernetes 外部DNS EKS AWS

kubernetes

Kubernetes 外部DNS EKS AWS,kubernetes,amazon-eks,external-dns,Kubernetes,Amazon Eks,External Dns,[美国焊接学会EKS 1.13] 我正在尝试设置外部dns，如下所述：我想在名称空间中设置它，下面是代码： --- apiVersion: v1 kind: ServiceAccount metadata: name: external-dns namespace: qa --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: external-dns rules: -

[美国焊接学会EKS 1.13]

我正在尝试设置外部dns，如下所述：

我想在名称空间中设置它，下面是代码：

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: external-dns
  namespace: qa
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: external-dns
rules:
- apiGroups: [""]
  resources: ["services"]
  verbs: ["get","watch","list"]
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get","watch","list"]
- apiGroups: ["extensions"]
  resources: ["ingresses"]
  verbs: ["get","watch","list"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: external-dns-viewer
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: external-dns
subjects:
- kind: ServiceAccount
  name: external-dns
  namespace: qa
---

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: external-dns
  namespace: qa
spec:
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: external-dns
    spec:
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: registry.opensource.zalan.do/teapot/external-dns:latest
        args:
        - --source=service
        - --source=ingress
        - --domain-filter=xxxxxx.domain.com
        - --provider=aws
        - --policy=sync
        - --aws-zone-type=public
        - --registry=txt
        - --txt-owner-id=xxxxxxx

不幸的是，这不起作用，pod的状态是“CrashLoopBackOff”

以下是吊舱的日志：

time="2019-07-15T21:07:22Z" level=info msg="config: {Master: KubeConfig: RequestTimeout:30s IstioIngressGatewayServices:[istio-system/istio-ingressgateway] Sources:[service ingress] Namespace: AnnotationFilter: FQDNTemplate: CombineFQDNAndAnnotation:false IgnoreHostnameAnnotation:false Compatibility: PublishInternal:false PublishHostIP:false ConnectorSourceServer:localhost:8080 Provider:aws GoogleProject: DomainFilter:[xxxx] ExcludeDomains:[] ZoneIDFilter:[] AlibabaCloudConfigFile:/etc/kubernetes/alibaba-cloud.json AlibabaCloudZoneType: AWSZoneType:public AWSZoneTagFilter:[] AWSAssumeRole: AWSBatchChangeSize:1000 AWSBatchChangeInterval:1s AWSEvaluateTargetHealth:true AWSAPIRetries:3 AzureConfigFile:/etc/kubernetes/azure.json AzureResourceGroup: CloudflareProxied:false CloudflareZonesPerPage:50 RcodezeroTXTEncrypt:false InfobloxGridHost: InfobloxWapiPort:443 InfobloxWapiUsername:admin InfobloxWapiPassword: InfobloxWapiVersion:2.3.1 InfobloxSSLVerify:true InfobloxView: InfobloxMaxResults:0 DynCustomerName: DynUsername: DynPassword: DynMinTTLSeconds:0 OCIConfigFile:/etc/kubernetes/oci.yaml InMemoryZones:[] PDNSServer:http://localhost:8081 PDNSAPIKey: PDNSTLSEnabled:false TLSCA: TLSClientCert: TLSClientCertKey: Policy:sync Registry:txt TXTOwnerID:ZTZ2FLS733BGN TXTPrefix: Interval:1m0s Once:false DryRun:false LogFormat:text MetricsAddress::7979 LogLevel:info TXTCacheInterval:0s ExoscaleEndpoint:https://api.exoscale.ch/dns ExoscaleAPIKey: ExoscaleAPISecret: CRDSourceAPIVersion:externaldns.k8s.io/v1alpha1 CRDSourceKind:DNSEndpoint ServiceTypeFilter:[] CFAPIEndpoint: CFUsername: CFPassword: RFC2136Host: RFC2136Port:0 RFC2136Zone: RFC2136Insecure:false RFC2136TSIGKeyName: RFC2136TSIGSecret: RFC2136TSIGSecretAlg: RFC2136TAXFR:false NS1Endpoint: NS1IgnoreSSL:false TransIPAccountName: TransIPPrivateKeyFile:}"
time="2019-07-15T21:07:22Z" level=fatal msg="invalid configuration: no configuration has been provided"

但是，如果我在默认名称空间中部署完全相同的代码，则不会出现任何问题

需要帮忙吗

谢谢

无效配置：未提供任何配置位来自尝试在没有显式配置的情况下构建Kube客户端配置。如果没有提供显式配置，它将尝试使用集群中的默认API服务器位置进行猜测。如果猜测失败，将显示此错误消息

如果出现以下情况，此默认配置可能会失败：

您正在使用非标准配置（不同的apiserver URL？）

Pod和API服务器之间存在网络问题

RBAC配置不正确

假设您添加了ServiceAccount、ClusterRole、ClusterRoleBinding等，这看起来像Terraform提供程序

目前，您似乎必须手动装载机密（有关更多信息，请参阅链接）：

您的日志显示

名称空间为空。如果指定非默认名称空间，我认为这是不正确的。尝试将---namespace=qa
添加到您的部署参数。抱歉，兄弟，我没有看到您的答复。我忘了提到我使用Terraform部署它。对于terraform，它不起作用，但是“kubect工作得很好”。最后，我创建了自己的头盔图表，并使用Terraform部署了该图表，现在它运行良好。
resource "kubernetes_service_account" "foo" {
    name = "foo"
}
resource "kubernetes_deployment" "foo" {
    ...
    spec {
        ...
        template {
            ...
            spec {
                # Normally, this is what you should do:
                #service_account_name = "${kubernetes_service_account.foo.name}"

                volume {
                    name = "${kubernetes_service_account.foo.default_secret_name}"
                    secret {
                        secret_name = "${kubernetes_service_account.foo.default_secret_name}"
                    }
                }
                ...
                container {
                    ...
                    volume_mount {
                        name       = "${kubernetes_service_account.foo.default_secret_name}"
                        mount_path = "/var/run/secrets/kubernetes.io/serviceaccount"
                        read_only  = true
                    }
                }
            }
        }
    }
}