k8s

K8S部署Adguard实现本地的DNS服务器的部署

apiVersion: v1 kind: Namespace metadata: name: adguard --- apiVersion: apps/v1 kind:

apiVersion: v1
kind: Namespace
metadata:
  name: adguard
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: adguard
  namespace: adguard
spec:
  serviceName: adguard
  replicas: 1
  selector:
    matchLabels:
      app: adguard
  template:
    metadata:
      labels:
        app: adguard
    spec:
      containers:
        - name: adguard
          image: harbor.wanna1314y.top/adguard/adguardhome:latest
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
            - name: https
              containerPort: 443
              protocol: TCP
            - name: dns-tcp
              containerPort: 53
              protocol: TCP
            - name: dns-udp
              containerPort: 53
              protocol: UDP
            - name: webui
              containerPort: 3000
              protocol: TCP
          volumeMounts:
            - name: adguard-config
              mountPath: /opt/adguardhome/work
            - name: adguard-data
              mountPath: /opt/adguardhome/conf
  volumeClaimTemplates:
    - metadata:
        name: adguard-config
      spec:
        accessModes: ["ReadWriteMany"]
        storageClassName: k8s-nfs-storage
        resources:
          requests:
            storage: 1Gi
    - metadata:
        name: adguard-data
      spec:
        accessModes: ["ReadWriteMany"]
        storageClassName: k8s-nfs-storage
        resources:
          requests:
            storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
  name: adguard
  namespace: adguard
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      nodePort: 30080
    - name: webui
      port: 3000
      targetPort: 3000
      nodePort: 31003
    - name: https
      port: 443
      targetPort: 443
      nodePort: 30443
    - name: dns-tcp
      port: 53
      targetPort: 53
      protocol: TCP
      nodePort: 30553
    - name: dns-udp
      port: 53
      targetPort: 53
      protocol: UDP
      nodePort: 31553
  selector:
    app: adguard

可以进入ADGuard,选择DNS重写,新增一条规则,将*.local.top的域名,都映射到10.168.1.209这个IP上。

image-zl0i.png

接着,可以通过如下的命令去查看DNS服务是否正常解析,其中10.233.4.129是DNS服务器的Pod的IP(或者是Service的ClusterIP)。

dig xxx.local.top @10.233.4.129

最终会输出如下的内容:

# dig xxx.local.top @10.233.4.129
; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> xxx.local.top @10.233.4.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18180
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;xxx.local.top.                 IN      A

;; ANSWER SECTION:
xxx.local.top.          10      IN      A       10.168.1.209

;; Query time: 0 msec
;; SERVER: 10.233.4.129#53(10.233.4.129) (UDP)
;; WHEN: Mon Jan 20 03:10:38 CST 2025
;; MSG SIZE  rcvd: 47

在K8S当中,配置DNS服务器,需要修改coredns的配置文件

kubectl edit configmap coredns -n kube-system

内容如下,我们主要新增local.top这部分,把forward指向我们刚才部署的Adguard服务的地址:

  Corefile: |
    .:53 {
        errors
        health {
          lameduck 5s
        }
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          fallthrough in-addr.arpa ip6.arpa
          ttl 30
        }
        prometheus :9153
        forward . /etc/resolv.conf {
          prefer_udp
          max_concurrent 1000
        }
        cache 30
        loop
        reload
        loadbalance
    }

    local.top {
        errors
        cache 30
        reload
        forward . 10.233.4.129
    }

还有一个问题,我们本地怎么去指定DNS服务呢?

Comment