我正在尝试按照文档中所述为裸机 microk8s 服务器设置外部 DNS,使用 Cloudflare 作为我的 DNS 服务。使用 cloudflare 的 API 令牌部署他们的 pod 似乎工作正常,但在我部署测试 pod 的那一刻,我开始收到如下所示的消息流:
level=error msg="error from makeRequest: HTTP request failed: Get \"https://api.cloudflare.com/client/v4/zones?page=1&per_page=50\": x509: certificate is valid for unifi.local, localhost, [::1], not api.cloudflare.com"
level=error msg="error from makeRequest: HTTP request failed: Get \"https://api.cloudflare.com/client/v4/zones?page=1&per_page=50\": x509: certificate is valid for unifi.local, localhost, [::1], not api.cloudflare.com"
level=error msg="error from makeRequest: HTTP request failed: Get \"https://api.cloudflare.com/client/v4/zones?page=1&per_page=50\": x509: certificate is valid for unifi.local, localhost, [::1], not api.cloudflare.com"
而且我的 DNS 没有更新。
我发现我得到 'unifi.local' 很奇怪 - 这是我的 Ubiquiti 路由器/网关设备的证书,但我不确定它为什么要寻找 api.cloudflare.com?我也不确定是什么我应该在这里做 - 'unifi.local' 证书可能并不理想,但我绝对不应该将证书更改为似乎来自 api.cloudflare.com .... 对吗?
- 更新信息:
根据用户 x4k3p 的要求,提供更多信息:
- 我正在使用 microk8s 附带的标准核心 DNS。这是 microk8s 状态输出:
microk8s is running
high-availability: no
datastore master nodes: 127.0.0.1:19001
datastore standby nodes: none
addons:
enabled:
dashboard # The Kubernetes dashboard
dns # CoreDNS
ha-cluster # Configure high availability on the current node
helm3 # Helm 3 - Kubernetes package manager
ingress # Ingress controller for external access
metallb # Loadbalancer for your Kubernetes cluster
metrics-server # K8s Metrics Server for API access to service metrics
prometheus # Prometheus operator for monitoring and logging
registry # Private image registry exposed on localhost:32000
storage # Storage class; allocates storage from host directory
disabled:
ambassador # Ambassador API Gateway and Ingress
cilium # SDN, fast with full network policy
fluentd # Elasticsearch-Fluentd-Kibana logging and monitoring
gpu # Automatic enablement of Nvidia CUDA
helm # Helm 2 - the package manager for Kubernetes
host-access # Allow Pods connecting to Host services smoothly
istio # Core Istio service mesh services
jaeger # Kubernetes Jaeger operator with its simple config
knative # The Knative framework on Kubernetes.
kubeflow # Kubeflow for easy ML deployments
linkerd # Linkerd is a service mesh for Kubernetes and other frameworks
multus # Multus CNI enables attaching multiple network interfaces to pods
rbac # Role-Based Access Control for authorisation
挖掘 api.cloudflare.com 的输出:
; <<>> DiG 9.16.1-Ubuntu <<>> +trace api.cloudflare.com
;; global options: +cmd
. 7169 IN NS m.root-servers.net.
. 7169 IN NS l.root-servers.net.
. 7169 IN NS k.root-servers.net.
. 7169 IN NS j.root-servers.net.
. 7169 IN NS i.root-servers.net.
. 7169 IN NS h.root-servers.net.
. 7169 IN NS g.root-servers.net.
. 7169 IN NS f.root-servers.net.
. 7169 IN NS e.root-servers.net.
. 7169 IN NS d.root-servers.net.
. 7169 IN NS c.root-servers.net.
. 7169 IN NS b.root-servers.net.
. 7169 IN NS a.root-servers.net.
;; Received 262 bytes from 127.0.0.53#53(127.0.0.53) in 0 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20210109170000 20201227160000 26116 . CxVQqdDVxRu9qppYx+yycTfWZb9YCwwWzWysdZ+N1d57xjEvxjgdLwlz aNb6LE3AVn90qtba6b+foAVU91kgCVtlGTruj7cuxNbAhrwx+aNPCfXh fAldBiPjAyBjIxi9KmFxv2cZx6+koKvVfY6ZhTydTArq/YhHT2Q87LPr JkRMDTn/qasoLhBLGek0ibkR7l8JwnjLnWhmWR85ZaeIDCpmxQxWzWOR 1rWCRsE3uIAL+UIlcwHIlSQOqH9xPwHtkL+M17+7wJdoS7RkW541nxZP yX8yGWA9KykYcyz/SWV/jDF2gBgZ3Ouyaay9PpC2hn8m7VCfo5Zi6zdc l5wiqQ==
;; Received 1178 bytes from 192.58.128.30#53(j.root-servers.net) in 4 ms
cloudflare.com. 172800 IN NS ns3.cloudflare.com.
cloudflare.com. 172800 IN NS ns5.cloudflare.com.
cloudflare.com. 172800 IN NS ns4.cloudflare.com.
cloudflare.com. 172800 IN NS ns6.cloudflare.com.
cloudflare.com. 172800 IN NS ns7.cloudflare.com.
cloudflare.com. 86400 IN DS 2371 13 2 32996839A6D808AFE3EB4A795A0E6A7A39A76FC52FF228B22B76F6D6 3826F2B9
cloudflare.com. 86400 IN RRSIG DS 8 2 86400 20210103052149 20201227041149 31510 com. cRdRaMsAfVArkVJjuH3wpQmhJYVZra2roIrgiEdaFQ3guUpl1pDXVoH5 vMT/tj9CXiNvL/hIKfdq+uto9v+YkCYrB+RlwfoMbwJN3IYMnycHpDAQ LWHxLoV/h/jMq20oC8J311hhCd7b/NjL2fiU3UZrmPwhDjG6rp6EGQIO BiHOOk6NXyIKnMwDrtHaTuZMfwxDYpWV271p+AjukUcPkw==
;; Received 820 bytes from 192.31.80.30#53(d.gtld-servers.net) in 4 ms
api.cloudflare.com. 300 IN A 104.19.193.29
api.cloudflare.com. 300 IN A 104.19.192.29
api.cloudflare.com. 300 IN RRSIG A 13 3 300 20201229054503 20201227034503 34505 api.cloudflare.com. Eo014eDzLog4AsqibERuyJlXQNrFnFkPfWAAbR138ZLyklOxWcvQ0a83 IMNGOXP+jQwwMqijoYUFXAqI5HEppA==
;; Received 193 bytes from 162.159.6.6#53(ns7.cloudflare.com) in 8 ms
(这些都不是我的 IP;我在 50.xxx.xxx.xxx 范围内)
- 挖谷歌:
; <<>> DiG 9.16.1-Ubuntu <<>> +trace google.com
;; global options: +cmd
. 7062 IN NS m.root-servers.net.
. 7062 IN NS l.root-servers.net.
. 7062 IN NS k.root-servers.net.
. 7062 IN NS j.root-servers.net.
. 7062 IN NS i.root-servers.net.
. 7062 IN NS h.root-servers.net.
. 7062 IN NS g.root-servers.net.
. 7062 IN NS f.root-servers.net.
. 7062 IN NS e.root-servers.net.
. 7062 IN NS d.root-servers.net.
. 7062 IN NS c.root-servers.net.
. 7062 IN NS b.root-servers.net.
. 7062 IN NS a.root-servers.net.
;; Received 262 bytes from 127.0.0.53#53(127.0.0.53) in 0 ms
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20210109170000 20201227160000 26116 . CxVQqdDVxRu9qppYx+yycTfWZb9YCwwWzWysdZ+N1d57xjEvxjgdLwlz aNb6LE3AVn90qtba6b+foAVU91kgCVtlGTruj7cuxNbAhrwx+aNPCfXh fAldBiPjAyBjIxi9KmFxv2cZx6+koKvVfY6ZhTydTArq/YhHT2Q87LPr JkRMDTn/qasoLhBLGek0ibkR7l8JwnjLnWhmWR85ZaeIDCpmxQxWzWOR 1rWCRsE3uIAL+UIlcwHIlSQOqH9xPwHtkL+M17+7wJdoS7RkW541nxZP yX8yGWA9KykYcyz/SWV/jDF2gBgZ3Ouyaay9PpC2hn8m7VCfo5Zi6zdc l5wiqQ==
;; Received 1198 bytes from 192.112.36.4#53(g.root-servers.net) in 67 ms
google.com. 172800 IN NS ns2.google.com.
google.com. 172800 IN NS ns1.google.com.
google.com. 172800 IN NS ns3.google.com.
google.com. 172800 IN NS ns4.google.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20201231054042 20201224043042 31510 com. WCw2EkmxTyUDl5OH585paZeOpsJGZxYPmMLvxiyH+Q8/vTnogCTRCOiE oalX4/M3cE7w/RSxMXbbtMkDcCmWvhRTBQ4GUbtuJB+0AeXNmkBsGfLU jJl4dWFrXuLq0bgiu8xeKoIvJmV59EkHWq9iaekMiy9uMi1OxwyBPZBH K6IREH5Zv+ox++OAmyxj/Wzb8AesBehtoFaIpZ3i869l8A==
S84BDVKNH5AGDSI7F5J0O3NPRHU0G7JQ.com. 86400 IN NSEC3 1 1 0 - S84CDVS9VPREADFD6KK7PDADH0M6IO8H NS DS RRSIG
S84BDVKNH5AGDSI7F5J0O3NPRHU0G7JQ.com. 86400 IN RRSIG NSEC3 8 2 86400 20210101053343 20201225042343 31510 com. EblXvGFMwJYHdEKosFJGylU+cE8tc4mdFZxDTHGcLI7Ae6aONxgWV/xk V55P+J6W4xsGS78a0OY/6ZQk+b3xLKbXuKaUwxlf8xUgzv+1Qt9JQ6Iz rTayg880COrXePjjFyh62Q9jQTsNgRtDRBSOnxjnwuvy+/BwxA4Tm652 ZqvzRM/DwZlo2X/u3xVwYt9qIHoL4wZtI+DpJAKDI5WgTg==
;; Received 836 bytes from 192.35.51.30#53(f.gtld-servers.net) in 35 ms
google.com. 300 IN A 172.217.3.174
;; Received 55 bytes from 216.239.34.10#53(ns2.google.com) in 12 ms