VMware Solutions DNS 配置
收集 Active Directory 证书
-
登录 IBM Cloud®.
-
从左侧菜单中选择 VMware。
-
在 VMware Solutions 控制台中,从左侧导航面板单击资源 > VCF for Classic。
-
选择已部署的实例。
-
单击 访问信息选项卡,收集 AD/DNS IP 和远程桌面凭据。
-
从跳转服务器或使用 SSL VPN,远程桌面连接到 AD/DNS 服务器。
创建 DNS 记录
- 基于以下示例创建表来记录值。
- 使用您的值更新以下 PowerShell 命令。
- 从 Windows® RDP 会话打开 PowerShell 命令窗口。
- 运行命令以创建 DNS 工件。
- 逆向查找专区。
- 使用 PTR 创建 DNS A 记录
- 创建 DNS 服务记录
etcd - 创建 DNS SRV 记录
etcd
关于 DNS 记录的说明
Add-DnsServerPrimaryZone-networkidcmdlet 只创建有类的反向查找区。 因此,如果指定的前缀长于/24,那么 cmdlet 将创建/32反向查找区域。 因此,作为一种变通方法,在脚本中使用/24代替/26。 您还需要修改专用便携式子网,使其与命令中的分类/24网络相匹配。- 请勿创建 CNAME 条目,因为 Red Hat® OpenShift® 证书的关键是 DNS 只返回 IP 地址,而不是指向基本主机名。 DNS 命名标准使用以下格式:
HostName.ClusterName.SubDomain.DomainName- HostName - 虚拟机或主机的名称,例如
control-plane-0 - ClusterName- Red Hat OpenShift 集群名称,例如
ocp - SubDomain - IBM Cloud for VMware Solutions 部署的子域,例如
dallas - DomainName - IBM Cloud for VMware Solutions 部署的域名,例如
ibm.local
- HostName - 虚拟机或主机的名称,例如
例如,FQDN 将为 control-plane-0.ocp.dallas.ibm.local。
下表针对的是示例部署情况。 使用您自己的值。
| DNS 描述 | DNS 示例名称 | DNS 示例 IP 地址 |
|---|---|---|
| Red Hat OpenShift VXLAN 的 DNS 反向查询 | 192.168.133.0/24 |
|
| Red Hat OpenShift IBM Cloud 子网的 DNS 反向查找 | 10.208.242.128/26 |
|
| 防御主机 | bastion.ocp.dallas.ibm.local | 192.168.133.8 |
| bootstrap-0 Host | bootstrap-0.ocp.dallas.ibm.local | 192.168.133.9 |
| control-plane-0 主机 | control-plane-0.ocp.dallas.ibm.local | 192.168.133.10 |
| control-plane-1 主机 | control-plane-1.ocp.dallas.ibm.local | 192.168.133.11 |
| control-plane-2 主机 | control-plane-2.ocp.dallas.ibm.local | 192.168.133.12 |
| compute-0 主机 | compute-0.ocp.dallas.ibm.local | 192.168.133.13 |
| compute-1 主机 | compute-1.ocp.dallas.ibm.local | 192.168.133.14 |
| compute-2 主机 | compute-2.ocp.dallas.ibm.local | 192.168.133.15 |
| 应用程序通配符 DNS(负载均衡器) | *.apps.ocp.dallas.ibm.local | 10.208.242.131 |
| Kubernetes API URL(负载均衡器) | api.ocp.dallas.ibm.local | 10.208.242.132 |
| Kubernetes API-INT(内部)URL(负载均衡器) | api-int.ocp.dallas.ibm.local |
10.208.242.132 |
etcd Node0 |
etcd-0.ocp.dallas.ibm.local | 192.168.133.10 |
etcd Node1 |
etcd-1.ocp.dallas.ibm.local | 192.168.133.11 |
etcd Node2 |
etcd-2.ocp.dallas.ibm.local | 192.168.133.12 |
etcd Service Record Node 0 |
_etcd-server-ssl._tcp.ocp.dallas.ibm.local | 192.168.133.10 |
etcd Service Record Node 1 |
_etcd-server-ssl._tcp.ocp.dallas.ibm.local | 192.168.133.11 |
etcd Service Record Node 2 |
_etcd-server-ssl._tcp.ocp.dallas.ibm.local | 192.168.133.12 |
DNS 命令
# Create Reverse Lookup Zones
Add-DnsServerPrimaryZone -networkid "192.168.133.0/24" -replicationscope forest
Add-DnsServerPrimaryZone -networkid "10.208.242.0/24" -replicationscope forest
# Create DNS A Records, with PTR
Add-DnsServerResourceRecordA -Name "bastion.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.8" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "bootstrap-0.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.9" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "control-plane-0.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.10" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "etcd-0.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.10" -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "control-plane-1.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.11" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "etcd-1.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.11" -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "control-plane-2.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.12" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "etcd-2.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.12" -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "compute-0.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.13" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "compute-1.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.14" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "compute-2.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "192.168.133.15" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "*.apps.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "10.208.242.131" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "api.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "10.208.242.132" -CreatePtr -TimeToLive 00:00:10
Add-DnsServerResourceRecordA -Name "api-int.ocp.dallas" -ZoneName "ibm.local" -AllowUpdateAny -IPv4Address "10.208.242.132" -CreatePtr -TimeToLive 00:00:10
# Create DNS SRV record for etcd
Add-DnsServerResourceRecord -Srv -ZoneName "ibm.local" -Name "_etcd-server-ssl._tcp.ocp.dallas" -DomainName "etcd-0.ocp.dallas.ibm.local" -Priority 10 -Weight 0 -Port 2380
Add-DnsServerResourceRecord -Srv -ZoneName "ibm.local" -Name "_etcd-server-ssl._tcp.ocp.dallas" -DomainName "etcd-1.ocp.dallas.ibm.local" -Priority 10 -Weight 0 -Port 2380
Add-DnsServerResourceRecord -Srv -ZoneName "ibm.local" -Name "_etcd-server-ssl._tcp.ocp.dallas" -DomainName "etcd-2.ocp.dallas.ibm.local" -Priority 10 -Weight 0 -Port 2380