kubernetes 1.21 管理 公网地址、证书、域名解析

https://particule.io/en/blog/k8s-no-cloud
http://logicalshift.blogspot.com/2019/07/external-dns-for-kubernetes-services.html
https://docs.k0sproject.io/v1.22.2+k0s.1/examples/metallb-loadbalancer/
https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/coredns.md
https://richard-nunez.medium.com/my-journey-to-kubernetes-on-bare-metal-93f5d347c06f

一. MetalLB

cat > /tmp/metallb-config.yaml << EOF
apiVersion: v1
kind: Namespace
metadata:
  name: metallb-system
  labels:
    app: metallb
---
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: metallb-system
  name: config
data:
  config: |
    address-pools:
    - name: default
      protocol: layer2
      addresses:
      - 192.168.100.161-192.168.100.180
EOF

kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" -o yaml --dry-run=client > /tmp/metallb-secret.yaml

curl -k https://raw.fastgit.org/clusterfrak-dynamics/gitops-template/master/flux/resources/metallb-system/metallb.yaml -o /tmp/metallb.yaml
sed -e 's|image: metallb|image: 192.168.100.198:5000/metallb|g' -i /tmp/metallb.yaml

# kubectl apply -f /tmp/metallb-config.yaml
namespace/metallb-system create
configmap/config create

# kubectl apply -f /tmp/metallb-secret.yaml

# kubectl apply -f /tmp/metallb.yaml

# kubectl get deployment -n metallb-system -o wide
NAME         READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES                                           SELECTOR
controller   1/1     1            1           44s   controller   192.168.100.198:5000/metallb/controller:v0.9.3   app=metallb,component=controller

# kubectl get pods -n metallb-system -o wide
NAME                         READY   STATUS    RESTARTS   AGE   IP                NODE     NOMINATED NODE   READINESS GATES
controller-b88795974-qplvg   1/1     Running   0          51s   10.240.2.150      vm-197   <none>           <none>
speaker-47rnb                1/1     Running   0          51s   192.168.100.191   vm-191   <none>           <none>
speaker-ntmzn                1/1     Running   0          51s   192.168.100.207   vm-207   <none>           <none>
speaker-nwfng                1/1     Running   0          51s   192.168.100.193   vm-193   <none>           <none>
speaker-pdtmh                1/1     Running   0          51s   192.168.100.197   vm-197   <none>           <none>
speaker-tvlz2                1/1     Running   0          51s   192.168.100.192   vm-192   <none>           <none>

# kubectl get service -n ingress-nginx 
NAME                                 TYPE           CLUSTER-IP     EXTERNAL-IP       PORT(S)                      AGE
ingress-nginx-controller             LoadBalancer   10.97.48.248   192.168.100.161   80:30499/TCP,443:32340/TCP   41m
ingress-nginx-controller-admission   ClusterIP      10.107.129.7   <none>            443/TCP                      41m

# type类型 指定为 'LoadBalancer'
cat > /tmp/service.yaml << EOF
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: nginx
  namespace: deployment-demo
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: LoadBalancer
EOF

# kubectl apply -f service.yaml 
service/nginx created

# kubectl get services -n deployment-demo -o wide
NAME    TYPE           CLUSTER-IP    EXTERNAL-IP       PORT(S)        AGE   SELECTOR
nginx   LoadBalancer   10.96.42.69   192.168.100.162   80:32552/TCP   43s   app=nginx

# 分别访问内网与外网地址
curl -l http://10.96.42.69
curl -l http://192.168.100.162

二. ExternalDNS

功能： 与ingress联动，将服务主机分配的公网地址与主机名做解析，自动添加、变更、删除与之关的云提供商的域名记录

三. Cert-Manager

功能： 自动产生公网认证的证书