在kubernetes1.2的时候,采用了skydns + kube2dns +etcd的方式来部署dns。而从1.3开始,则部署方式有了一点儿变化,将skydns和kube2dns封装到了一个容器镜像中,放弃了etcd,而将dns解析直接放入到了内存之中,同时引入了dnsmasq,进一步利用其缓存,具体的原理,请查阅相关文档。本篇文档,主要阐述新版的dns在kubernetes中的具体部署。

  在Kubernetes的源码目录中,有个cluster/addons/dns目录,下面有几个与dns相关的文件,我们将其中的skydns-rc.yaml.sed以及skydns-svc.yaml.sed文件下载到本地,并去掉后缀。只是拷贝文件的话,可以通过https://rawgit.com这个地址加速,如下:

wget https://rawgit.com/kubernetes/kubernetes/release-1.5/cluster/addons/dns/skydns-rc.yaml.sed -O skydns-rc.yaml

wget https://rawgit.com/kubernetes/kubernetes/release-1.5/cluster/addons/dns/skydns-svc.yaml.sed -O skydns-svc.yaml

下载下来的原文件是用于saltstack自动化安装的,我们手动处理的时候,需要进行相关修改。

修改skydns-rc.yaml内容如下:

# Copyright  The Kubernetes Authors.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

# TODO - At some point, we need to rename all skydns-*.yaml.* files to kubedns-*.yaml.*

# Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml

# in sync with this file.

# __MACHINE_GENERATED_WARNING__

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: kube-dns

  namespace: kube-system

  labels:

    k8s-app: kube-dns

    kubernetes.io/cluster-service: "true"

spec:
 #指定副本数

  replicas:

  # replicas: not specified here:

  # . In order to make Addon Manager do not reconcile this replicas parameter.

  # . Default is .

  # . Will be tuned in real time if DNS horizontal auto-scaling is turned on.

  strategy:

    rollingUpdate:

      maxSurge: %

      maxUnavailable:

  selector:

    matchLabels:

      k8s-app: kube-dns

  template:

    metadata:

      labels:

        k8s-app: kube-dns

      annotations:

        scheduler.alpha.kubernetes.io/critical-pod: ''

        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'

    spec:

      containers:

      - name: kubedns
     #修改image地址,默认是google的仓库地址,如果不担心被墙,可以直接使用,我这里使用的私有仓库地址,如果要使用国内其他仓库地址,推荐使用阿里云镜像库

        image: myhub.fdccloud.com/library/kubedns-amd64:1.9

        resources:

          # TODO: Set memory limits when we've profiled the container for large

          # clusters, then set request = limit to keep this container in

          # guaranteed class. Currently, this container falls into the

          # "burstable" category so the kubelet doesn't backoff from restarting it.

          limits:

            memory: 170Mi

          requests:

            cpu: 100m

            memory: 70Mi

        livenessProbe:

          httpGet:

            path: /healthz-kubedns

            port:

            scheme: HTTP

          initialDelaySeconds:

          timeoutSeconds:

          successThreshold:

          failureThreshold:

        readinessProbe:

          httpGet:

            path: /readiness

            port:

            scheme: HTTP

          # we poll on pod startup for the Kubernetes master service and

          # only setup the /readiness HTTP server once that's available.

          initialDelaySeconds:

          timeoutSeconds:

        args:
     # --domain指定一级域名,可自定义

        - --domain=cluster.local.

        - --dns-port=

        - --config-map=kube-dns
     #增加--kube-master-url,指向kube master的地址

        - --kube-master-url=http://10.5.10.116:8080

        # This should be set to v= only after the new image (cut from 1.5) has

        # been released, otherwise we will flood the logs.

        - --v=

        #__PILLAR__FEDERATIONS__DOMAIN__MAP__

        env:

        - name: PROMETHEUS_PORT

          value: ""

        ports:

        - containerPort:

          name: dns-local

          protocol: UDP

        - containerPort:

          name: dns-tcp-local

          protocol: TCP

        - containerPort:

          name: metrics

          protocol: TCP

      - name: dnsmasq

        image: myhub.fdccloud.com/library/kube-dnsmasq-amd64:1.4

        livenessProbe:

          httpGet:

            path: /healthz-dnsmasq

            port:

            scheme: HTTP

          initialDelaySeconds:

          timeoutSeconds:

          successThreshold:

          failureThreshold:

        args:

        - --cache-size=

        - --no-resolv

        - --server=127.0.0.1#

        #- --log-facility=-  #注释掉该行

        ports:

        - containerPort:

          name: dns

          protocol: UDP

        - containerPort:

          name: dns-tcp

          protocol: TCP

        # see: https://github.com/kubernetes/kubernetes/issues/29055 for details

        resources:

          requests:

            cpu: 150m

            memory: 10Mi

      - name: dnsmasq-metrics

        image: myhub.fdccloud.com/library/dnsmasq-metrics-amd64:1.0

        livenessProbe:

          httpGet:

            path: /metrics

            port:

            scheme: HTTP

          initialDelaySeconds:

          timeoutSeconds:

          successThreshold:

          failureThreshold:

        args:

        - --v=

        - --logtostderr

        ports:

        - containerPort:

          name: metrics

          protocol: TCP

        resources:

          requests:

            memory: 10Mi

      - name: healthz

        image: myhub.fdccloud.com/library/exechealthz-amd64:1.2

        resources:

          limits:

            memory: 50Mi

          requests:

            cpu: 10m

            # Note that this container shouldn't really need 50Mi of memory. The

            # limits are set higher than expected pending investigation on #.

            # The extra memory was stolen from the kubedns container to keep the

            # net memory requested by the pod constant.

            memory: 50Mi

        args:

        - --cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1 >/dev/null

        - --url=/healthz-dnsmasq

        - --cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1: >/dev/null

        - --url=/healthz-kubedns

        - --port=

        - --quiet

        ports:

        - containerPort:

          protocol: TCP

      dnsPolicy: Default  # Don't use cluster DNS.

修改skydns-svc.yaml内容如下:

# Copyright  The Kubernetes Authors.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

# TODO - At some point, we need to rename all skydns-*.yaml.* files to kubedns-*.yaml.*

# __MACHINE_GENERATED_WARNING__

apiVersion: v1

kind: Service

metadata:

  name: kube-dns

  namespace: kube-system

  labels:

    k8s-app: kube-dns

    kubernetes.io/cluster-service: "true"

    kubernetes.io/name: "KubeDNS"

spec:

  selector:

    k8s-app: kube-dns
  #指定clusterIP,后面各pod的dns地址都会指向该地址

  clusterIP: 10.254.0.100

  ports:

  - name: dns

    port:

    protocol: UDP

  - name: dns-tcp

    port:

    protocol: TCP

启动dns:

kubectl create -f skydns-rc.yaml

kubectl create -f skydns-svc.yaml

修改各node节点上的/etc/kubernetes/kubelet配置文件,增加如下行:

KUBELET_ARGS="--cluster_dns=10.254.0.100 --cluster_domain=cluster.local"

重启各节点:

systemctl restart kubelet

添加一个busybox的pod用于测试,busybox.yaml内容如下:

apiVersion: v1

kind: Pod

metadata:

  labels:

    name: busybox

    role: master

  name: busybox

spec:

  containers:

  - name: busybox

    image: myhub.fdccloud.com/library/busybox

    command:

    - sleep

    - ""

执行如下操作:

kubectl exec -it busybox sh

nslookup kubernetes

nslookup kubernetes.default.cluster.local

nslookup kubernetes.default.svc.cluster.local

如果能正常解析,则部署OK。

Kubernetes 1.5 配置dns的更多相关文章

  1. Kubernetes ServiceAccount的配置

    开始配置Kubernetes集群的时候为了少出问题,都是在apiserver配置中去掉ServiceAccount采用非安全连接的方式,但在后面配置FEK日志的过程中,很多时候绕不开这个安全机制,但因 ...

  2. Kubernetes集群部署DNS插件

    准备 kube-dns 相关镜像 准备 kube-dns 相关 yaml 文件 系统预定义的 RoleBinding 配置 kube-dns 相关服务 检查 kube-dns 功能 kube-dns ...

  3. DNSmasq – 配置DNS和DHCP

    DNSmasq是一个小巧且方便地用于配置DNS和DHCP的工具,适用于小型网络.它提供了DNS功能和可选择的DHCP功能可以取代dhcpd(DHCPD服务配置)和bind等服务,配置起来更简单,更适用 ...

  4. 在Debian上用Bind 配置DNS服务器

    1 什么是DNS 初学者可能不理解DNS到底是什么,干什么用.我是在1998年大学毕业时才听说这个词的.那时我在聊天室碰到潍坊信息港的一个网管,我恬不知耻地说我也是个网管,他说也维护DNS吗?我说,D ...

  5. 配置DNS服务器

    一.配置基本的DNS 服务器(包含正向解析和反向解析)域名:abc.com服务器IP:10.1.2.11 1. 编辑主配置文件/etc/named.conf---------------------- ...

  6. 烂泥:centos安装及配置DNS服务器

    本文由秀依林枫提供友情赞助,首发于烂泥行天下. 要在centos配置DNS服务器,要先安装DNS软件BIND.当然我们也可以安装其他的DNS软件,比如国内的开源DNS软件DNSPod. 在此我们以通过 ...

  7. Linux下/etc/resolv.conf 配置DNS客户

    文件/etc/resolv.conf配置DNS客户,它包含了主机的域名搜索顺序和DNS服务器的地址,每一行应包含一个关键字和一个或多个的由空格隔开的参数.下面是一个例子文件: search mydom ...

  8. ubuntu配置DNS

    众所周知,centos配置DNS很简单,修改下/etc/resolv.conf,就可以生效.但是ubuntu中,resolv.conf文件却说明写入会被覆盖,不能写在这里. 方法一: 修改/etc/n ...

  9. 如何配置DNS服务器(局域网——域名指向某个IP地址)

    单击“开始”,指向“管理工具”,然后单击“DNS”,打开 DNS 管理器.   如有必要,向管理单元添加适用的服务器,然后连接该服务器.在控制台树中,单击适用的 DNS 服务器.   在“操作”菜单上 ...

随机推荐

  1. java第三次实验

    北京电子科技学院(BESTI) 实     验    报     告 课程:Java程序设计   班级:1352       姓名:陈实  学号:20135224 成绩:             指导 ...

  2. 寒假学习计划&进度

    学习计划 c语言查缺:这方面的查缺,我觉得我不需要花较多时间,因为老师上课讲的也足够详细,自己学的也自认为没有太多疏漏,所以我假期学习的中心放在了c++上面. c++学习:开始我先看了几集师爷的视频, ...

  3. HTTP&HTTPS、GET&POST

    1.HTTP&HTTPS: HTTP协议传输的数据都是未加密的,也就是明文的,因此使用HTTP协议传输隐私信息非常不安全,为了保证这些隐私数据能加密传输,于是网景公司设计了SSL(Secure ...

  4. Objective-C KVC讲解,包你看懂会用

    KVC:Key Value Coding,取其三个单词首字母浓缩而成.直白翻译过来就是键值编码,什么意思呢?简单来说,就是操作一个对象,也可以像操作字典一样,通过key来取值和赋值. 我们先创建一个H ...

  5. [转帖]HTTPS的简单说明

    HTTPS(全称:Hyper Text Transfer Protocol over SecureSocket Layer),是以安全为目标的 HTTP 通道,简单讲是 HTTP 的安全版,即 HTT ...

  6. [细品java]ThreadLocal源码学习

    ThreadLocal是线程局部变量,其中保存了特定于该线程的值.每个线程都拥有一份独立的副本值,即每个线程修改变量值不影响其他线程该变量的副本值.这些特定于线程的值保存在Thread对象中,当线程终 ...

  7. 程序集里包含多个版本dll引用 ,强制低版本到制定版本dll引用

    在 config 的 <configuration> 节点内加入以下 类似信息 以下是以Newtonsoft.Json 为例子 <runtime> <assemblyBi ...

  8. 卸载Visual Studio最佳方法难道真的是重装系统?

    卸载Visual Studio最佳方法难道真的是重装系统? 卸载Visual Studio最佳方法难道真的是重装系统? 使用TotalUninstaller貌似也没有效果,默认卸载的,程序列表里面还是 ...

  9. 【开发工具IDE】eclipse的SVN提交忽略target等多余文件

    这个build失败的解决方案就是不要把你项目的 target目录放在src repository 里面,还有 .project 和 .classpath最好也别放到src repository 里. ...

  10. DAY5-Python学习笔记

    1.电子邮件: 邮件历程: 发件人 -> MUA -> MTA -> MTA -> 若干个MTA -> MDA <- MUA <- 收件人编写MUA把邮件发到 ...