18.服务发现-CoreDNS
18.服务发现-CoreDNS本节将通过向k8s内部署容器的方式来交付CoreDNS服务一、获取CoreDNS二进制包:https://github.com/coredns/coredns/releases使用容器部署CoreDNS:https://registry.hub.docker.com/r/coredns/coredns/tags?page=1&ordering=last_upd
·
18.服务发现-CoreDNS
本节将通过向k8s内部署容器的方式来交付CoreDNS服务
一、获取CoreDNS
二进制包:https://github.com/coredns/coredns/releases
使用容器部署CoreDNS:https://registry.hub.docker.com/r/coredns/coredns/tags?page=1&ordering=last_updated
docker pull coredns/coredns:1.8.3
二、资源配置清单
参考:https://github.com/kubernetes/kubernetes/blob/v1.17.16/cluster/addons/dns/coredns/coredns.yaml.base
资源配置清单文件创建到node200:/data/k8s-yaml
1. RBAC
coredns_rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
2. ConfigMap
coredns_configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa { # cluster.local 集群域名
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
修改forward . 172.10.10.11可以将coredns的上级dns指定为我们之前搭建的bind9,这样容器内就能同步bind9的dns内容了
3. Deployment
coredns_dp.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
# replicas: not specified here:
# 1. In order to make Addon Manager do not reconcile this replicas parameter.
# 2. Default is 1.
# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
priorityClassName: system-cluster-critical
serviceAccountName: coredns
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- name: coredns
image: harbor.hzwod.com/k8s/coredns:1.6.5
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 128Mi # 内存限制
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /ready
port: 8181
scheme: HTTP
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
4.Service
coredns_service.yaml
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 192.168.0.2 # dns在集群中的ip
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
- name: metrics
port: 9153
protocol: TCP
clusterIP: 192.168.0.2指定coredns暴露svc的ip, 此ip要和 kubelet 启动参数--cluster-dns 192.168.0.2对应上
三.交付coredns
上述文件拷贝到node200:/data/k8s-yaml目录下
node21或node22上应用上述资源
kubectl apply -f http://k8s-yaml.hzwod.com/coredns_rbac.yaml
kubectl apply -f http://k8s-yaml.hzwod.com/coredns_configmap.yaml
kubectl apply -f http://k8s-yaml.hzwod.com/coredns_dp.yaml
kubectl apply -f http://k8s-yaml.hzwod.com/coredns_service.yaml
查看效果
[root@node21 ~]# kubectl get all -n kube-system
NAME READY STATUS RESTARTS AGE
pod/coredns-786565dc55-qpwpd 1/1 Running 0 <invalid>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kube-dns ClusterIP 192.168.0.2 <none> 53/UDP,53/TCP,9153/TCP 65m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/coredns 1/1 1 1 99m
NAME DESIRED CURRENT READY AGE
replicaset.apps/coredns-786565dc55 1 1 1 99m
[root@node21 ~]# dig -t A nginx-dp.hzwns.svc.cluster.local. @192.168.0.2 +short
192.168.182.94
留下一个问题,看上图服务端nginx收到的数据包源地址不是容器ip,这个问题如何解决?
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献9条内容
所有评论(0)