15. 第十四篇 安装CoreDNS
本文是二进制安装kubernetes v1.17.0 最后一篇,本文安装CoreDNS附件,这是集群能够工作的必要附件,这里我们 CoreDNS 是以 Pod 的形式运行,版本选择coredns/coredns:1.4.0。
创建CoreDNS.yaml文件
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.:53 {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
replicas: 2
# replicas: not specified here:
# 1. In order to make Addon Manager do not reconcile this replicas parameter.
# 2. Default is 1.
# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
priorityClassName: system-cluster-critical
serviceAccountName: coredns
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- name: coredns
image: coredns/coredns:1.4.0
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: host-time
mountPath: /etc/localtime
readOnly: true
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
dnsPolicy: Default
volumes:
- name: host-time
hostPath:
path: /etc/localtime
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.254.0.2
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
- name: metrics
port: 9153
protocol: TCP
执行yaml文件并验证
# 执行yaml文件
kubectl apply -f coredns.yaml
# 查看Pod信息
kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-f5dd9fb6b-6mvqw 1/1 Running 0 36d
coredns-f5dd9fb6b-cscqw 1/1 Running 0 36d
# 查看Service
kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.254.0.2 <none> 53/UDP,53/TCP,9153/TCP 38d
测试
创建5副本的deployment与service
[root@master01 work]# cat demo.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-test
namespace: default
spec:
replicas: 5
selector:
matchLabels:
run: nginx-test
template:
metadata:
labels:
run: nginx-test
spec:
containers:
- name: nginx-test
image: nginx:1.7.9
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-deployment-nginx-test
namespace: default
spec:
selector:
run: nginx-test
type: ClusterIP
ports:
- name: svc-deployment-nginx-test
port: 80
targetPort: 80
[root@master01 work]#
创建验证
# 执行demo.yaml
kubectl apply -f demo.yaml
deployment.apps/nginx-test created
service/svc-deployment-nginx-test created
# 获取Pod信息如下
kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-test-78b9c5987f-59kgl 1/1 Running 0 118s 172.19.184.3 master02 <none> <none>
nginx-test-78b9c5987f-92ssp 1/1 Running 0 118s 172.19.56.3 node01 <none> <none>
nginx-test-78b9c5987f-k9bgz 1/1 Running 0 118s 172.19.184.2 master02 <none> <none>
nginx-test-78b9c5987f-t824h 1/1 Running 0 118s 172.19.72.4 master03 <none> <none>
nginx-test-78b9c5987f-wg5pt 1/1 Running 0 3m43s 172.19.120.2 master01.k8s.vip <none> <none>
# 获取ep信息
kubectl get ep
NAME ENDPOINTS AGE
kubernetes 100.73.16.108:6443,100.73.16.109:6443,100.73.16.110:6443 39d
svc-deployment-nginx-test 172.19.120.2:80,172.19.184.2:80,172.19.184.3:80 + 2 more... 3m52s
# 获取service信息
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.254.0.1 <none> 443/TCP 39d
svc-deployment-ng
## 验证Service IP
验证service ClusterIP
[root@master01 work]# curl 10.254.77.208
Welcome to nginx!
body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif }
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
[root@master01 work]#
```
验证域名服务
# cat pod_busybox.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
labels:
app: myapp2
spec:
containers:
- name: busybox
image: busybox
command:
- "/bin/sh"
- "-c"
- "sleep 86400"
# 应用yaml文件
kubectl apply -f pod_busybox.yaml
# 进入pod验证域名(service的名称)
kubectl exec -it pod-demo /bin/sh
/ # wget -O - -q http://svc-deployment-nginx-test
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
/ # ping svc-deployment-nginx-test
PING svc-deployment-nginx-test (10.254.77.208): 56 data bytes
64 bytes from 10.254.77.208: seq=0 ttl=64 time=0.051 ms
64 bytes from 10.254.77.208: seq=1 ttl=64 time=0.089 ms
^C
--- svc-deployment-nginx-test ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.051/0.070/0.089 ms
/ #
/ # cat /etc/resolv.conf
nameserver 10.254.0.2
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
/ #
总结
CoreDNS 通过监听 service 与 endpoints 的变更事件,将域名和Pod IP对应信息同步到CoreDNS配置中;
CoreDNS 中 A记录的IP 或者说Service ClusterIP,这个IP是虚拟的,具有TCP/IP协议栈,所有功能都具备,比如icmp协议也具备,如果你ping不通,请自行查看iptables规则是否允许icmp协议。
本文是二进制安装kubernetes v1.17.0的最后一篇
15. 第十四篇 安装CoreDNS的更多相关文章
- C++第三十四篇 -- 安装Windows Driver后,编译以前项目出现打不开lib文件
VS2017默认是没有安装WDK的,但是我们写驱动文件的话需要用到WDK.不过安装了WDK后,发现以前一些正常的项目在Release模式下编译会报LINK1104,无法打开.lib的错误 针对这个错误 ...
- 解剖SQLSERVER 第十四篇 Vardecimals 存储格式揭秘(译)
解剖SQLSERVER 第十四篇 Vardecimals 存储格式揭秘(译) http://improve.dk/how-are-vardecimals-stored/ 在这篇文章,我将深入研究 ...
- 第十四篇 Integration Services:项目转换
本篇文章是Integration Services系列的第十四篇,详细内容请参考原文. 简介在前一篇,我们查看了SSIS变量,变量配置和表达式管理动态值.在这一篇,我们使用SQL Server数据商业 ...
- 【译】第十四篇 Integration Services:项目转换
本篇文章是Integration Services系列的第十四篇,详细内容请参考原文. 简介在前一篇,我们查看了SSIS变量,变量配置和表达式管理动态值.在这一篇,我们使用SQL Server数据商业 ...
- Python之路【第十四篇】:AngularJS --暂无内容-待更新
Python之路[第十四篇]:AngularJS --暂无内容-待更新
- 跟我学SpringCloud | 第十四篇:Spring Cloud Gateway高级应用
SpringCloud系列教程 | 第十四篇:Spring Cloud Gateway高级应用 Springboot: 2.1.6.RELEASE SpringCloud: Greenwich.SR1 ...
- SpringBoot第二十四篇:应用监控之Admin
作者:追梦1819 原文:https://www.cnblogs.com/yanfei1819/p/11457867.html 版权声明:本文为博主原创文章,转载请附上博文链接! 引言 前一章(S ...
- Egret入门学习日记 --- 第十四篇(书中 5.4~5.6节 内容)
第十四篇(书中 5.4~5.6节 内容) 书中内容: 总结 5.4节 内容重点: 1.如何编写自定义组件? 跟着做: 重点1:如何编写自定义组件? 文中提到了重要的两点. 好,我们来试试看. 第一步, ...
- Spring Cloud第十四篇 | Api网关Zuul
本文是Spring Cloud专栏的第十四篇文章,了解前十三篇文章内容有助于更好的理解本文: Spring Cloud第一篇 | Spring Cloud前言及其常用组件介绍概览 Spring C ...
随机推荐
- resultMap自定义映射(一对多)
collection:处理一对多和多对多的关系 1) POJO中的属性可能会是一个集合对象,我们可以使用联合查询,并以级联属性的方式封装对象.使用collection标签定义对象的封装规则 publi ...
- C++指针探究
周五听实习师父指点了一下C++的强制类型转换概念,师父说了一句"强制类型转换其实就是告诉编译器不用检查当前位置的类型,程序猿自己知道类型". 今天整理之前的学习笔记的时候又发现,在 ...
- docker快速安装openvas
项目地址 1.更换国内docker源 2.docker run -d -p 443:443 -e PUBLIC_HOSTNAME=此处填你宿主机IP --name openvas mikesplain ...
- Kafka 部署完在服务器端可以访问,而在外部其它电脑访问不了
Kafka 部署完在服务器端可以访问,而在外部其它电脑访问不了 原因:config/server.properties的listeners和advertised.listeners 不配置的话默认的l ...
- 阈值PSI代码
阈值PSI 若交集数量超过某个给定阈值时,允许分布式的各个参与方在自己集合中找到交集,且除了交集外,得不到其他额外信息. 实现论文: Multi-Party Threshold Private Set ...
- Vue 路由懒加载, VueRouter一步完成Vue的路由懒加载 一行代码搞定懒加载
Vue Router路由配置中的component里面配置即可 1 // 路由懒加载的方式加载组件 2 3 component: () => import('@/views/Detail'), ...
- AtCoder Beginner Contest 247 F - Cards // dp + 并查集
原题链接:F - Cards (atcoder.jp) 题意: 给定N张牌,每张牌正反面各有一个数,所有牌的正面.反面分别构成大小为N的排列P,Q. 求有多少种摆放方式,使得N张牌朝上的数字构成一个1 ...
- 详解 Apache Hudi Schema Evolution(模式演进)
Schema Evolution(模式演进)允许用户轻松更改 Hudi 表的当前模式,以适应随时间变化的数据. 从 0.11.0 版本开始,支持 Spark SQL(spark3.1.x 和 spar ...
- python 操作json数据
简介 JSON(JavaScript Object Notation, JS对象简谱)是一种轻量级的数据交换格式,通常是以键值对的方式呈现,其简洁和清晰的层次结构使得JSON成为理想的数据交换语言,而 ...
- Shell 编程基础语法
# shell脚本 # 如何运行shell脚本 sh test.sh source test.sh ./test.sh # 需要有执行权限 # source和其他两种的区别是.source不会开新进程 ...