colben/www.colben.cn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
www.colben.cn/content/post/k8s-coredns.md
colben b0f6120151 update
2021-11-14 14:32:08 +08:00

277 lines
6.9 KiB
Markdown
Raw Blame History

---
title: "K8s 部署 Coredns 组件"
date: 2019-10-30T01:06:56+08:00
lastmod: 2020-02-10T14:36:00+08:00
keywords: []
tags: ["kubernetes", "k8s", "coredns"]
categories: ["container"]
---
# 环境
- [二进制部署的 kubernetes v1.17.2 集群](https://colben.cn/post/k8s-install/)
- coreDNS 1.6.6
# 生成 service account 文件
- 创建 0.coredns-sa.yml
```bash
cat > 0.coredns-sa.yml <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
EOF
```
# 生成 rbac 文件
- 创建 1.coredns-rbac.yml
```bash
curl > 1.coredns-rbac.yml <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
EOF
```
# 生成 configmap 文件
- 创建 2.coredns-configmap.yml
```bash
cat > 2.coredns-configmap.yml <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local 10.10.9.0/24 {
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
EOF
```
- 这里的 10.10.9.0/24 应与 kube-apiserver 配置文件中的 service-cluster-ip-range 一致
- 这里的 cluster.local 应与 kubelet 配置文件中的 clusterDomain 一致
# 生成 deployment 文件
- 创建 3.coredns-deployment.yml
```bash
cat > 3.coredns-deployment.yml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/name: "CoreDNS"
spec:
# replicas: not specified here:
# 1. Default is 1.
# 2. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
spec:
priorityClassName: system-cluster-critical
serviceAccountName: coredns
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
nodeSelector:
beta.kubernetes.io/os: linux
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: k8s-app
operator: In
values: ["kube-dns"]
topologyKey: kubernetes.io/hostname
containers:
- name: coredns
image: coredns/coredns:1.6.6
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /ready
port: 8181
scheme: HTTP
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
EOF
```
- coredns/coredns:1.2.2 该镜像可以提前导入本地局域网中的私有 docker 仓库中
- 查看 k8s 对应的 coredns 版本,参考 [coredns](https://github.com/coredns/deployment/blob/master/kubernetes/CoreDNS-k8s_version.md)
# 生成 service 文件
- 创建 4.coredns-service.yml
```bash
cat > 4.coredns-service.yml <<EOF
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.10.9.2
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
- name: metrics
port: 9153
protocol: TCP
EOF
```
- 这里的 clusterIP 需与 kubelet 配置文件中的 clusterDNS 一致
# 部署到 kubernetes 中
- 使用 kubectl 直接应用
```bash
kubectl apply -f 0.coredns-sa.yml
kubectl apply -f 1.coredns-rbac.yml
kubectl apply -f 2.coredns-configmap.yml
kubectl apply -f 3.coredns-deployment.yml
kubectl apply -f 4.coredns-service.yml
```
# 查看 coredns 状态
- 查看 service 状态
```bash
kubectl get svc -n kube-system
```
- service 地址应是之前指定的 clusterIP(10.10.9.2)
- 查看 coredns pods 状态
```bash
kubectl get pods -n kube-system
```
- 正常时都是 running
- 查看 coredns pods 输出
```bash
kubectl logs <pod_name> -n kube-system
```
# 参考
- [coredns 部署](https://github.com/coredns/deployment/tree/master/kubernetes)
Reference in New Issue View Git Blame Copy Permalink