k8s之Addons插件-coreDNS

coreDNS解析格式:

pod_name.service_name.ns_name.svc.cluster.local

解释:

资源记录:POD_NAME.SVC_NAME.NAMESPACE_NAME.DOMAIN.LTD
集群默认后缀是svc.cluster.local
比如创建的redis默认名称就是redis.defalut.svc.cluster.local
 
一、修改部署文件环境变量
配置文件主要是deploy.sh和coredns.yam.sed,由于不是从kube-dns转到coredns,所以要注释掉kubectl相关操作,修改REVERSE_CIDRS、DNS_DOMAIN、CLUSTER_DNS_IP等变量为实际值,具体命令:./deploy.sh -s -r 10.0.0.0/24 -i 10.0.0.10 -d cluster.local > coredns.yaml

 
操作方法:
下载了这两个文件以后,拷贝一份coredns.yam.sed为coredns.yaml然后执行具体的deploy.sh命令

wget https://raw.githubusercontent.com/coredns/deployment/master/kubernetes/coredns.yaml.sed
wget https://raw.githubusercontent.com/coredns/deployment/master/kubernetes/deploy.sh

cp coredns.yaml.sed  coredns.yaml
chmod +x deploy.sh
./deploy.sh -s -r 10.0.0.0/24 -i 10.0.0.10 -d cluster.local >coredns.yaml
对比原始的coredns.yaml.sed

[root@k8s-master coreDNS]# ./deploy.sh -h
usage: ./deploy.sh [ -r REVERSE-CIDR ] [ -i DNS-IP ] [ -d CLUSTER-DOMAIN ] [ -t YAML-TEMPLATE ]

    -r : Define a reverse zone for the given CIDR. You may specifcy this option more
         than once to add multiple reverse zones. If no reverse CIDRs are defined,
         then the default is to handle all reverse zones (i.e. in-addr.arpa and ip6.arpa)
    -i : Specify the cluster DNS IP address. If not specificed, the IP address of
         the existing "kube-dns" service is used, if present.
    -s : Skips the translation of kube-dns configmap to the corresponding CoreDNS Corefile configuration.

[root@k8s-master coreDNS]# diff coredns.yaml coredns.yaml.sed 
58c58
<         kubernetes cluster.local  10.0.0.0/24 {
---
>         kubernetes CLUSTER_DOMAIN REVERSE_CIDRS {
62c62
<         }
---
>         }FEDERATIONS
64c64
<         forward . /etc/resolv.conf
---
>         forward . UPSTREAMNAMESERVER
69c69
<     }
---
>     }STUBDOMAINS
171c171
<   clusterIP: 10.0.0.10
---
>   clusterIP: CLUSTER_DNS_IP
注意:
10.0.0.0/24 是配置文件中 services 网段的地址,参数如下所示,怎么配置就怎么写

[root@k8s-master cfg]# grep '\-\-service\-cluster\-ip\-range' /usr/local/kubernetes/cfg/kube-apiserver
--service-cluster-ip-range=10.0.0.0/24 \
[root@k8s-master cfg]# grep '\-\-service\-cluster\-ip\-range' /usr/local/kubernetes/cfg/kube-controller-manager
--service-cluster-ip-range=10.0.0.0/24 \

[root@k8s-node01 cfg]# grep '\-\-cluster\-cidr' /usr/local/kubernetes/cfg/kube-proxy
--cluster-cidr=10.0.0.0/24 \
[root@k8s-node02 cfg]# grep '\-\-cluster\-cidr' /usr/local/kubernetes/cfg/kube-proxy
--cluster-cidr=10.0.0.0/24 \
clusterIP 的值修改为node节点上/usr/local/kubernetes/cfg/kubelet.config中配置的 clusterDNS 的值。如果kubelet.config中没配置,则需要配置一下然后重启kubelet服务

[root@k8s-node01 cfg]# grep 'clusterDNS' /usr/local/kubernetes/cfg/kubelet.config
clusterDNS: ["10.0.0.2"]

[root@k8s-node02 cfg]# grep 'clusterDNS' /usr/local/kubernetes/cfg/kubelet.config 
clusterDNS: ["10.0.0.2"]
二、部署coredns

[root@k8s-master coreDNS]# kubectl apply -f coredns.yaml 
serviceaccount/coredns created
clusterrole.rbac.authorization.k8s.io/system:coredns created
clusterrolebinding.rbac.authorization.k8s.io/system:coredns created
configmap/coredns created
deployment.apps/coredns created
service/kube-dns created
[root@k8s-master coreDNS]# kubectl get po,svc,deploy,rc -n kube-system
NAME                                        READY   STATUS    RESTARTS   AGE
pod/coredns-5d668bd598-b6wrp                1/1     Running   0          32m
pod/coredns-5d668bd598-sfq5r                1/1     Running   0          32m

NAME               TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
service/kube-dns   ClusterIP   10.0.0.10    <none>        53/UDP,53/TCP,9153/TCP   10m

NAME                                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.extensions/coredns                2/2     2            2           32m
三、修改kubelet dns服务参数并重启kubelet服务
所有node节点上都需要更改,新增最后的三行参数

[root@k8s-node01 cfg]# vim /usr/local/kubernetes/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=192.168.1.6 \
--kubeconfig=/usr/local/kubernetes/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/usr/local/kubernetes/cfg/bootstrap.kubeconfig \
--config=/usr/local/kubernetes/cfg/kubelet.config \
--cert-dir=/usr/local/kubernetes/ssl \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 \
--cluster-dns=10.0.0.10 \
--cluster-domain=cluster.local. \
--resolv-conf=/etc/resolv.conf"

[root@k8s-node02 cfg]# vim /usr/local/kubernetes/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=192.168.1.7 \
--kubeconfig=/usr/local/kubernetes/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/usr/local/kubernetes/cfg/bootstrap.kubeconfig \
--config=/usr/local/kubernetes/cfg/kubelet.config \
--cert-dir=/usr/local/kubernetes/ssl \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 \
--cluster-dns=10.0.0.10 \
--cluster-domain=cluster.local. \
--resolv-conf=/etc/resolv.conf"
分别重启两台node上的kubelet服务,并查看状态

systemctl restart kubelet
systemctl status kubelet
四、使用dnstools测试效果
注意:拿SVC服务来测试

[root@k8s-master manifests]# kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
dnstools# nslookup kubernetes
Server:         10.0.0.10
Address:        10.0.0.10#53

Name:   kubernetes.default.svc.cluster.local
Address: 10.0.0.1

dnstools# nslookup kubernetes.default
Server:         10.0.0.10
Address:        10.0.0.10#53

Non-authoritative answer:
Name:   kubernetes.default.svc.cluster.local
Address: 10.0.0.1
创建nginx来测试如下:

vim nginx.yml
---
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  containers:
  - name: nginx
    image: nginx:1.12
    ports:
    - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx
spec:
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
  selector:
    app: nginx
[root@k8s-master ~]# kubectl get po
NAME    READY   STATUS    RESTARTS   AGE
nginx   1/1     Running   1          85m
[root@k8s-master ~]# kubectl get po -n kube-system
NAME                     READY   STATUS    RESTARTS   AGE
coredns-f99ff45d-9kkhs   1/1     Running   0          39m
coredns-f99ff45d-vprrj   1/1     Running   0          39m
[root@k8s-master ~]# kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
If you don't see a command prompt, try pressing enter.
dnstools# nslookup nginx
Server:         10.0.0.10
Address:        10.0.0.10#53

Name:   nginx.default.svc.cluster.local
Address: 10.0.0.193

dnstools# nslookup nginx.default
Server:         10.0.0.10
Address:        10.0.0.10#53

Non-authoritative answer:
Name:   nginx.default.svc.cluster.local
Address: 10.0.0.193

dnstools# nslookup nginx.default.svc.cluster.local
Server:         10.0.0.10
Address:        10.0.0.10#53

Name:   nginx.default.svc.cluster.local
Address: 10.0.0.193
看到以上操作是能够正常解析了
 
如果使用dig命令需要安装dig的依赖包

yum -y install bind-utils
在node上测试,发现 ANSWER SECTION: 下面已经是能成功解析了。其中10.0.0.193是nginx的svc的IP

[root@k8s-node02 ~]# dig nginx.default.svc.cluster.local @10.0.0.10

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> nginx.default.svc.cluster.local @10.0.0.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38172
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nginx.default.svc.cluster.local. IN    A

;; ANSWER SECTION:
nginx.default.svc.cluster.local. 5 IN   A       10.0.0.193

;; Query time: 1 msec
;; SERVER: 10.0.0.10#53(10.0.0.10)
;; WHEN: Mon Apr 15 00:49:24 CST 2019
;; MSG SIZE  rcvd: 107
 
 

版权声明:
作者:allenjol
链接:https://www.ayunw.cn/archives/493
来源:爱生活,爱运维
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>