使用官方 Helm bitnami/external-dns 图表将 External-Dns 部署到我们的 K8 集群后,在 cloudflare 中创建了 dns 记录,但注册的 ip 地址是私有而不是公共 ip。因此,我使用 cert-manager 生成证书也失败了。
Helm 图表:https ://github.com/bitnami/charts/tree/master/bitnami/external-dns Values.yaml 用于 helm 图表
## Modify how DNS records are synchronized between sources and providers (options: sync, upsert-only)
##
policy: sync
logLevel: debug
domainFilters:
- example.xyz
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
limits:
cpu: 50m
memory: 50Mi
requests:
memory: 50Mi
cpu: 10m
## If specified, the pod's tolerations.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations:
- key: "infra"
operator: "Equal"
value: "true"
effect: "NoSchedule"
## Cloudflare configuration to be set via arguments/env. variables
##
cloudflare:
## `CF_API_TOKEN` to set in the environment
##
apiToken: "NOJNFOJNOSJNOMSPKPLMPMP"
## `CF_API_EMAIL` to set in the environment
##
email: "devops@example.xyz"
## Enable the proxy feature of Cloudflare
##
proxied: false
部署后,我可以在日志中看到正在创建记录,但是是私有 ip 而不是公共 ip。日志
time="2022-01-20T09:55:31Z" level=debug msg="Endpoints generated from ingress: devops-gitops/argo: [argo.example.xyz 0 IN A 10.1.0.2;10.1.0.3;10.1.0.4;10.244.0.1 [] argo.example.xyz 0 IN A 10.1.0.2;10.1.0.3;10.1.0.4;10.244.0.1 []]"
time="2022-01-20T09:55:31Z" level=debug msg="Endpoints generated from ingress: devops-gitops/test: [test.example.xyz 0 IN A 10.1.0.2;10.1.0.3;10.1.0.4;10.244.0.1 [] example.xyz 0 IN A 10.1.0.2;10.1.0.3;10.1.0.4;10.244.0.1 []]"
time="2022-01-20T09:55:31Z" level=debug msg="Endpoints generated from ingress: ingress-nginx/test1: [test1.example.xyz 0 IN A 10.1.0.2;10.1.0.3;10.1.0.4;10.244.0.1 [] example.xyz 0 IN A 10.1.0.2;10.1.0.3;10.1.0.4;10.244.0.1 []]"
入口是从 Rancher->Cluster->Service-Discovery->Ingress 创建的。并且 external-dns 部署在为extenral-dns和创建的新命名空间中cert-manager
Kubernetes集群部署在Rancher中