【好文收藏】K8S集群部署CoreDNS服务
K8S集群部署CoreDNS服務(wù)
k8s集群中的應(yīng)用通常是通過ingress實(shí)現(xiàn)微服務(wù)發(fā)布的,前文介紹過在K8S集群中使用traefik實(shí)現(xiàn)服務(wù)的自動(dòng)發(fā)布,其實(shí)現(xiàn)方式是traefik通過集群的DNS服務(wù)來解析service對(duì)應(yīng)的集群地址(clusterip),從而將用戶的訪問請(qǐng)求轉(zhuǎn)發(fā)到集群地址上。因此,在部署完集群后的第一件事情應(yīng)該是配置DNS服務(wù),目前可選的方案有skydns, kube-dns, coredns。
kube-dns是Kubernetes中的一個(gè)內(nèi)置插件,目前作為一個(gè)獨(dú)立的開源項(xiàng)目維護(hù),見https://github.com/kubernetes/dns。該DNS服務(wù)器利用SkyDNS的庫來為Kubernetes pod和服務(wù)提供DNS請(qǐng)求。
CoreDNS項(xiàng)目是SkyDNS2的作者,Miek Gieben采用更模塊化,可擴(kuò)展的框架構(gòu)建,將此DNS服務(wù)器作為Kube-DNS的替代品。CoreDNS作為CNCF中的托管的一個(gè)項(xiàng)目,在Kuberentes1.9版本中,使用kubeadm方式安裝的集群可以通過以下命令直接安裝CoreDNS。
kubeadm init --feature-gates=CoreDNS=true。
本文將介紹coredns的配置
關(guān)于在1.5.2 rpm集群版本上配置skydns服務(wù)請(qǐng)參考:
https://blog.51cto.com/ylw6006/2067923
關(guān)于traefik實(shí)現(xiàn)微服務(wù)發(fā)布請(qǐng)參考:
https://blog.51cto.com/ylw6006/2072667
https://blog.51cto.com/ylw6006/2073718
關(guān)于kube-dns的詳細(xì)介紹可以參考大牛博客:
https://jimmysong.io/posts/configuring-kubernetes-kube-dns/
一、準(zhǔn)備yaml配置文件
1、coredns-sa.yaml文件,創(chuàng)建ServiceAccount
2、coredns-rbac.yaml文件,創(chuàng)建rbac ClusterRole和ClusterRoleBinding
# cat coredns-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:labels:kubernetes.io/bootstrapping: rbac-defaultsaddonmanager.kubernetes.io/mode: Reconcilename: system:coredns rules: - apiGroups:- ""resources:- endpoints- services- pods- namespacesverbs:- list- watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:annotations:rbac.authorization.kubernetes.io/autoupdate: "true"labels:kubernetes.io/bootstrapping: rbac-defaultsaddonmanager.kubernetes.io/mode: EnsureExistsname: system:coredns roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: system:coredns subjects: - kind: ServiceAccountname: corednsnamespace: kube-system3、coredns-configmap.yaml文件,定義Corefile配置文件的參數(shù)配置
# cat coredns-configmap.yaml apiVersion: v1 kind: ConfigMap metadata:name: corednsnamespace: kube-system data:Corefile: |.:53 {errorsloghealthkubernetes cluster.local 10.254.0.0/18proxy . /etc/resolv.confcache 30}4、coredns-deployment.yaml文件,定義pod的創(chuàng)建模板
# cat coredns-deployment.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata:name: corednsnamespace: kube-systemlabels:k8s-app: corednskubernetes.io/cluster-service: "true"kubernetes.io/name: "CoreDNS" spec:replicas: 1selector:matchLabels:k8s-app: corednstemplate:metadata:labels:k8s-app: corednsannotations:scheduler.alpha.kubernetes.io/critical-pod: ''scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'spec:serviceAccountName: corednscontainers:- name: corednsimage: coredns/coredns:latestimagePullPolicy: Alwaysargs: [ "-conf", "/etc/coredns/Corefile" ]volumeMounts:- name: config-volumemountPath: /etc/corednsports:- containerPort: 53name: dnsprotocol: UDP- containerPort: 53name: dns-tcpprotocol: TCPlivenessProbe:httpGet:path: /healthport: 8080scheme: HTTPinitialDelaySeconds: 60timeoutSeconds: 5successThreshold: 1failureThreshold: 5dnsPolicy: Defaultvolumes:- name: config-volumeconfigMap:name: corednsitems:- key: Corefilepath: Corefile5、 coredns-service.yaml文件,定義服務(wù)的名稱
# cat coredns-service.yaml apiVersion: v1 kind: Service metadata:name: corednsnamespace: kube-systemlabels:k8s-app: corednskubernetes.io/cluster-service: "true"kubernetes.io/name: "CoreDNS" spec:selector:k8s-app: corednsclusterIP: 10.254.0.2ports:- name: dnsport: 53protocol: UDP- name: dns-tcpport: 53 protocol: TCP二、通過yaml配置文件創(chuàng)建coredns
# kubectl get node # kubectl get pod,svc,deployment,rc # kubectl get pod,svc,deployment,rc -n kube-system # cd yaml/coredns/ # ls -l # kubectl create -f . # kubectl get pod,svc,deployment,rc -n kube-system
三、創(chuàng)建一個(gè)nginx服務(wù)用于測(cè)試
參考鏈接:
https://blog.51cto.com/ylw6006/2108426
總結(jié)
以上是生活随笔為你收集整理的【好文收藏】K8S集群部署CoreDNS服务的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 【好文收藏】k8s中Pod 无法正常解析
- 下一篇: k8s部署ingress:使用hepti