本文是二进制安装kubernetes v1.17.0 最后一篇,本文安装CoreDNS附件,这是集群能够工作的必要附件,这里我们 CoreDNS 是以 Pod 的形式运行,版本选择coredns/coredns:1.4.0。
创建CoreDNS.yaml文件
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.:53 {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
replicas: 2
# replicas: not specified here:
# 1. In order to make Addon Manager do not reconcile this replicas parameter.
# 2. Default is 1.
# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
priorityClassName: system-cluster-critical
serviceAccountName: coredns
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- name: coredns
image: coredns/coredns:1.4.0
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: host-time
mountPath: /etc/localtime
readOnly: true
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
dnsPolicy: Default
volumes:
- name: host-time
hostPath:
path: /etc/localtime
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.254.0.2
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
- name: metrics
port: 9153
protocol: TCP
执行yaml文件并验证
# 执行yaml文件
kubectl apply -f coredns.yaml
# 查看Pod信息
kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-f5dd9fb6b-6mvqw 1/1 Running 0 36d
coredns-f5dd9fb6b-cscqw 1/1 Running 0 36d
# 查看Service
kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.254.0.2 <none> 53/UDP,53/TCP,9153/TCP 38d
测试
创建5副本的deployment与service
[root@master01 work]# cat demo.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-test
namespace: default
spec:
replicas: 5
selector:
matchLabels:
run: nginx-test
template:
metadata:
labels:
run: nginx-test
spec:
containers:
- name: nginx-test
image: nginx:1.7.9
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: svc-deployment-nginx-test
namespace: default
spec:
selector:
run: nginx-test
type: ClusterIP
ports:
- name: svc-deployment-nginx-test
port: 80
targetPort: 80
[root@master01 work]#
创建验证
# 执行demo.yaml
kubectl apply -f demo.yaml
deployment.apps/nginx-test created
service/svc-deployment-nginx-test created
# 获取Pod信息如下
kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-test-78b9c5987f-59kgl 1/1 Running 0 118s 172.19.184.3 master02 <none> <none>
nginx-test-78b9c5987f-92ssp 1/1 Running 0 118s 172.19.56.3 node01 <none> <none>
nginx-test-78b9c5987f-k9bgz 1/1 Running 0 118s 172.19.184.2 master02 <none> <none>
nginx-test-78b9c5987f-t824h 1/1 Running 0 118s 172.19.72.4 master03 <none> <none>
nginx-test-78b9c5987f-wg5pt 1/1 Running 0 3m43s 172.19.120.2 master01.k8s.vip <none> <none>
# 获取ep信息
kubectl get ep
NAME ENDPOINTS AGE
kubernetes 100.73.16.108:6443,100.73.16.109:6443,100.73.16.110:6443 39d
svc-deployment-nginx-test 172.19.120.2:80,172.19.184.2:80,172.19.184.3:80 + 2 more... 3m52s
# 获取service信息
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.254.0.1 <none> 443/TCP 39d
svc-deployment-ng
## 验证Service IP
验证service ClusterIP
[root@master01 work]# curl 10.254.77.208
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
[root@master01 work]# ```验证域名服务
# cat pod_busybox.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
labels:
app: myapp2
spec:
containers:
- name: busybox
image: busybox
command:
- "/bin/sh"
- "-c"
- "sleep 86400"
# 应用yaml文件
kubectl apply -f pod_busybox.yaml
# 进入pod验证域名(service的名称)
kubectl exec -it pod-demo /bin/sh
/ # wget -O - -q http://svc-deployment-nginx-test
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
/ # ping svc-deployment-nginx-test
PING svc-deployment-nginx-test (10.254.77.208): 56 data bytes
64 bytes from 10.254.77.208: seq=0 ttl=64 time=0.051 ms
64 bytes from 10.254.77.208: seq=1 ttl=64 time=0.089 ms
^C
--- svc-deployment-nginx-test ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.051/0.070/0.089 ms
/ #
/ # cat /etc/resolv.conf
nameserver 10.254.0.2
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
/ #
总结
CoreDNS 通过监听 service 与 endpoints 的变更事件,将域名和Pod IP对应信息同步到CoreDNS配置中;
CoreDNS 中 A记录的IP 或者说Service ClusterIP,这个IP是虚拟的,具有TCP/IP协议栈,所有功能都具备,比如icmp协议也具备,如果你ping不通,请自行查看iptables规则是否允许icmp协议。
本文是二进制安装kubernetes v1.17.0的最后一篇