15. 第十四篇 安装CoreDNS
本文是二进制安装kubernetes v1.17.0 最后一篇,本文安装CoreDNS附件,这是集群能够工作的必要附件,这里我们 CoreDNS 是以 Pod 的形式运行,版本选择coredns/coredns:1.4.0。
创建CoreDNS.yaml文件
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.:53 {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
replicas: 2
# replicas: not specified here:
# 1. In order to make Addon Manager do not reconcile this replicas parameter.
# 2. Default is 1.
# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
priorityClassName: system-cluster-critical
serviceAccountName: coredns
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- name: coredns
image: coredns/coredns:1.4.0
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: host-time
mountPath: /etc/localtime
readOnly: true
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
dnsPolicy: Default
volumes:
- name: host-time
hostPath:
path: /etc/localtime
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.254.0.2
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
- name: metrics
port: 9153
protocol: TCP
执行yaml文件并验证
# 执行yaml文件
kubectl apply -f coredns.yaml
# 查看Pod信息
kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-f5dd9fb6b-6mvqw 1/1 Running 0 36d
coredns-f5dd9fb6b-cscqw 1/1 Running 0 36d
# 查看Service
kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.254.0.2 <none> 53/UDP,53/TCP,9153/TCP 38d
测试
创建5副本的deployment与service
[root@master01 work]# cat demo.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-test
namespace: default
spec:
replicas: 5
selector:
matchLabels:
run: nginx-test
template:
metadata:
labels:
run: nginx-test
spec:
containers:
- name: nginx-test
image: nginx:1.7.9
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-deployment-nginx-test
namespace: default
spec:
selector:
run: nginx-test
type: ClusterIP
ports:
- name: svc-deployment-nginx-test
port: 80
targetPort: 80
[root@master01 work]#
创建验证
# 执行demo.yaml
kubectl apply -f demo.yaml
deployment.apps/nginx-test created
service/svc-deployment-nginx-test created
# 获取Pod信息如下
kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-test-78b9c5987f-59kgl 1/1 Running 0 118s 172.19.184.3 master02 <none> <none>
nginx-test-78b9c5987f-92ssp 1/1 Running 0 118s 172.19.56.3 node01 <none> <none>
nginx-test-78b9c5987f-k9bgz 1/1 Running 0 118s 172.19.184.2 master02 <none> <none>
nginx-test-78b9c5987f-t824h 1/1 Running 0 118s 172.19.72.4 master03 <none> <none>
nginx-test-78b9c5987f-wg5pt 1/1 Running 0 3m43s 172.19.120.2 master01.k8s.vip <none> <none>
# 获取ep信息
kubectl get ep
NAME ENDPOINTS AGE
kubernetes 100.73.16.108:6443,100.73.16.109:6443,100.73.16.110:6443 39d
svc-deployment-nginx-test 172.19.120.2:80,172.19.184.2:80,172.19.184.3:80 + 2 more... 3m52s
# 获取service信息
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.254.0.1 <none> 443/TCP 39d
svc-deployment-ng
## 验证Service IP
验证service ClusterIP
[root@master01 work]# curl 10.254.77.208
Welcome to nginx!
body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif }
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
[root@master01 work]#
```
验证域名服务
# cat pod_busybox.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
labels:
app: myapp2
spec:
containers:
- name: busybox
image: busybox
command:
- "/bin/sh"
- "-c"
- "sleep 86400"
# 应用yaml文件
kubectl apply -f pod_busybox.yaml
# 进入pod验证域名(service的名称)
kubectl exec -it pod-demo /bin/sh
/ # wget -O - -q http://svc-deployment-nginx-test
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
/ # ping svc-deployment-nginx-test
PING svc-deployment-nginx-test (10.254.77.208): 56 data bytes
64 bytes from 10.254.77.208: seq=0 ttl=64 time=0.051 ms
64 bytes from 10.254.77.208: seq=1 ttl=64 time=0.089 ms
^C
--- svc-deployment-nginx-test ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.051/0.070/0.089 ms
/ #
/ # cat /etc/resolv.conf
nameserver 10.254.0.2
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
/ #
总结
CoreDNS 通过监听 service 与 endpoints 的变更事件,将域名和Pod IP对应信息同步到CoreDNS配置中;
CoreDNS 中 A记录的IP 或者说Service ClusterIP,这个IP是虚拟的,具有TCP/IP协议栈,所有功能都具备,比如icmp协议也具备,如果你ping不通,请自行查看iptables规则是否允许icmp协议。
本文是二进制安装kubernetes v1.17.0的最后一篇
15. 第十四篇 安装CoreDNS的更多相关文章
- C++第三十四篇 -- 安装Windows Driver后,编译以前项目出现打不开lib文件
VS2017默认是没有安装WDK的,但是我们写驱动文件的话需要用到WDK.不过安装了WDK后,发现以前一些正常的项目在Release模式下编译会报LINK1104,无法打开.lib的错误 针对这个错误 ...
- 解剖SQLSERVER 第十四篇 Vardecimals 存储格式揭秘(译)
解剖SQLSERVER 第十四篇 Vardecimals 存储格式揭秘(译) http://improve.dk/how-are-vardecimals-stored/ 在这篇文章,我将深入研究 ...
- 第十四篇 Integration Services:项目转换
本篇文章是Integration Services系列的第十四篇,详细内容请参考原文. 简介在前一篇,我们查看了SSIS变量,变量配置和表达式管理动态值.在这一篇,我们使用SQL Server数据商业 ...
- 【译】第十四篇 Integration Services:项目转换
本篇文章是Integration Services系列的第十四篇,详细内容请参考原文. 简介在前一篇,我们查看了SSIS变量,变量配置和表达式管理动态值.在这一篇,我们使用SQL Server数据商业 ...
- Python之路【第十四篇】:AngularJS --暂无内容-待更新
Python之路[第十四篇]:AngularJS --暂无内容-待更新
- 跟我学SpringCloud | 第十四篇:Spring Cloud Gateway高级应用
SpringCloud系列教程 | 第十四篇:Spring Cloud Gateway高级应用 Springboot: 2.1.6.RELEASE SpringCloud: Greenwich.SR1 ...
- SpringBoot第二十四篇:应用监控之Admin
作者:追梦1819 原文:https://www.cnblogs.com/yanfei1819/p/11457867.html 版权声明:本文为博主原创文章,转载请附上博文链接! 引言 前一章(S ...
- Egret入门学习日记 --- 第十四篇(书中 5.4~5.6节 内容)
第十四篇(书中 5.4~5.6节 内容) 书中内容: 总结 5.4节 内容重点: 1.如何编写自定义组件? 跟着做: 重点1:如何编写自定义组件? 文中提到了重要的两点. 好,我们来试试看. 第一步, ...
- Spring Cloud第十四篇 | Api网关Zuul
本文是Spring Cloud专栏的第十四篇文章,了解前十三篇文章内容有助于更好的理解本文: Spring Cloud第一篇 | Spring Cloud前言及其常用组件介绍概览 Spring C ...
随机推荐
- 集合-新特性foreach循环遍历集合或项目
1.增强for循环对集合的遍历 点击查看代码 @Test //集合遍历 public void test3(){ Collection coll = new ArrayList(); coll.add ...
- Hash 哈希表和算法思路详解
概述 哈希表是一种可以满足快速查找数据结构,时间复杂度接近O(1). 哈希函数是无限集到有限集的映射. 处理数据量大,查找效率要求高时推荐使用hash容器. 问题: 什么情况下考虑使用哈希容器? 常用 ...
- Assembly.GetManifestResourceStream为null
想把某个项目的某个文件夹里面的ini文件生成的时候顺便生成为网站和服务文件夹项目 string _path = Path.Combine(AppDomain.CurrentDomain.BaseDir ...
- 初次使用 eolink 感受
最近总有前端小伙伴来找我抱怨,"后端接口出来太晚,影响我的任务进度"."后端接口改了也不通知我一下,到冒烟测试的时候报一堆的错".我拉后端小伙伴了解情况,结果问 ...
- 2022-07-09 第六组 润土 CSS学习笔记
HTML:用来描述网页的一种语言. 超文本语言.动画.音频.视频.特效.超链. 用标签定义网页 浏览器 流行浏览器: IE微软宣布永久关闭 firefox火狐 Chrom谷歌 Sarifi vscod ...
- k8s的部署
一.k8s的二进制部署 1.环境准备: IP 节点 172.16.10.1 k8s-master01 172.16.10.3 ...
- Codeforces Round #796 (Div. 2)(A~E题题解)
文章目录 原题链接: A.Cirno's Perfect Bitmasks Classroom 思路 代码 B.Patchouli's Magical Talisman 思路 代码 C.Manipul ...
- 倍增求RMQ
RMQ,即区间最值查询,给定一个序列,求区间l-r的最大值.最小值. st表求RMQ,预处理On*logn,查询O1. 预处理: void init_rmq() { for(rll j=1;j< ...
- 多线程与高并发(三)—— 源码解析 AQS 原理
一.前言 AQS 是一个同步框架,关于同步在操作系统(一)-- 进程同步 中对进程同步做了些概念性的介绍,我们了解到进程(线程同理,本文基于 JVM 讲解,故下文只称线程)同步的工具有很多:Mutex ...
- Border Theory
持续更新中!!!更个屁,无线停更! 前言: KMP 学傻了,看 skyh 说啥 border 树,跑来学 border 理论 洛谷云剪切板:https://www.luogu.com.cn/paste ...