You've already forked www.colben.cn
277 lines
6.9 KiB
Markdown
277 lines
6.9 KiB
Markdown
---
|
|
title: "K8s 部署 Coredns 组件"
|
|
date: 2019-10-30T01:06:56+08:00
|
|
lastmod: 2020-02-10T14:36:00+08:00
|
|
keywords: []
|
|
tags: ["kubernetes", "k8s", "coredns"]
|
|
categories: ["container"]
|
|
---
|
|
|
|
# 环境
|
|
|
|
- [二进制部署的 kubernetes v1.17.2 集群](https://colben.cn/post/k8s-install/)
|
|
- coreDNS 1.6.6
|
|
|
|
# 生成 service account 文件
|
|
- 创建 0.coredns-sa.yml
|
|
```bash
|
|
cat > 0.coredns-sa.yml <<EOF
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: coredns
|
|
namespace: kube-system
|
|
EOF
|
|
```
|
|
|
|
# 生成 rbac 文件
|
|
- 创建 1.coredns-rbac.yml
|
|
```bash
|
|
curl > 1.coredns-rbac.yml <<EOF
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
kubernetes.io/bootstrapping: rbac-defaults
|
|
name: system:coredns
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- endpoints
|
|
- services
|
|
- pods
|
|
- namespaces
|
|
verbs:
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes
|
|
verbs:
|
|
- get
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
annotations:
|
|
rbac.authorization.kubernetes.io/autoupdate: "true"
|
|
labels:
|
|
kubernetes.io/bootstrapping: rbac-defaults
|
|
name: system:coredns
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: system:coredns
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: coredns
|
|
namespace: kube-system
|
|
EOF
|
|
```
|
|
|
|
# 生成 configmap 文件
|
|
- 创建 2.coredns-configmap.yml
|
|
```bash
|
|
cat > 2.coredns-configmap.yml <<EOF
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: coredns
|
|
namespace: kube-system
|
|
data:
|
|
Corefile: |
|
|
.:53 {
|
|
errors
|
|
health {
|
|
lameduck 5s
|
|
}
|
|
ready
|
|
kubernetes cluster.local 10.10.9.0/24 {
|
|
fallthrough in-addr.arpa ip6.arpa
|
|
}
|
|
prometheus :9153
|
|
forward . /etc/resolv.conf
|
|
cache 30
|
|
loop
|
|
reload
|
|
loadbalance
|
|
}
|
|
EOF
|
|
```
|
|
- 这里的 10.10.9.0/24 应与 kube-apiserver 配置文件中的 service-cluster-ip-range 一致
|
|
- 这里的 cluster.local 应与 kubelet 配置文件中的 clusterDomain 一致
|
|
|
|
# 生成 deployment 文件
|
|
- 创建 3.coredns-deployment.yml
|
|
```bash
|
|
cat > 3.coredns-deployment.yml <<EOF
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: coredns
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: kube-dns
|
|
kubernetes.io/name: "CoreDNS"
|
|
spec:
|
|
# replicas: not specified here:
|
|
# 1. Default is 1.
|
|
# 2. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxUnavailable: 1
|
|
selector:
|
|
matchLabels:
|
|
k8s-app: kube-dns
|
|
template:
|
|
metadata:
|
|
labels:
|
|
k8s-app: kube-dns
|
|
spec:
|
|
priorityClassName: system-cluster-critical
|
|
serviceAccountName: coredns
|
|
tolerations:
|
|
- key: "CriticalAddonsOnly"
|
|
operator: "Exists"
|
|
nodeSelector:
|
|
beta.kubernetes.io/os: linux
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchExpressions:
|
|
- key: k8s-app
|
|
operator: In
|
|
values: ["kube-dns"]
|
|
topologyKey: kubernetes.io/hostname
|
|
containers:
|
|
- name: coredns
|
|
image: coredns/coredns:1.6.6
|
|
imagePullPolicy: IfNotPresent
|
|
resources:
|
|
limits:
|
|
memory: 170Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 70Mi
|
|
args: [ "-conf", "/etc/coredns/Corefile" ]
|
|
volumeMounts:
|
|
- name: config-volume
|
|
mountPath: /etc/coredns
|
|
readOnly: true
|
|
ports:
|
|
- containerPort: 53
|
|
name: dns
|
|
protocol: UDP
|
|
- containerPort: 53
|
|
name: dns-tcp
|
|
protocol: TCP
|
|
- containerPort: 9153
|
|
name: metrics
|
|
protocol: TCP
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
add:
|
|
- NET_BIND_SERVICE
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 8080
|
|
scheme: HTTP
|
|
initialDelaySeconds: 60
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /ready
|
|
port: 8181
|
|
scheme: HTTP
|
|
dnsPolicy: Default
|
|
volumes:
|
|
- name: config-volume
|
|
configMap:
|
|
name: coredns
|
|
items:
|
|
- key: Corefile
|
|
path: Corefile
|
|
EOF
|
|
```
|
|
- coredns/coredns:1.2.2 该镜像可以提前导入本地局域网中的私有 docker 仓库中
|
|
- 查看 k8s 对应的 coredns 版本,参考 [coredns](https://github.com/coredns/deployment/blob/master/kubernetes/CoreDNS-k8s_version.md)
|
|
|
|
# 生成 service 文件
|
|
- 创建 4.coredns-service.yml
|
|
```bash
|
|
cat > 4.coredns-service.yml <<EOF
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: kube-dns
|
|
namespace: kube-system
|
|
annotations:
|
|
prometheus.io/port: "9153"
|
|
prometheus.io/scrape: "true"
|
|
labels:
|
|
k8s-app: kube-dns
|
|
kubernetes.io/cluster-service: "true"
|
|
kubernetes.io/name: "CoreDNS"
|
|
spec:
|
|
selector:
|
|
k8s-app: kube-dns
|
|
clusterIP: 10.10.9.2
|
|
ports:
|
|
- name: dns
|
|
port: 53
|
|
protocol: UDP
|
|
- name: dns-tcp
|
|
port: 53
|
|
protocol: TCP
|
|
- name: metrics
|
|
port: 9153
|
|
protocol: TCP
|
|
EOF
|
|
```
|
|
- 这里的 clusterIP 需与 kubelet 配置文件中的 clusterDNS 一致
|
|
|
|
# 部署到 kubernetes 中
|
|
|
|
- 使用 kubectl 直接应用
|
|
```bash
|
|
kubectl apply -f 0.coredns-sa.yml
|
|
kubectl apply -f 1.coredns-rbac.yml
|
|
kubectl apply -f 2.coredns-configmap.yml
|
|
kubectl apply -f 3.coredns-deployment.yml
|
|
kubectl apply -f 4.coredns-service.yml
|
|
```
|
|
|
|
# 查看 coredns 状态
|
|
|
|
- 查看 service 状态
|
|
```bash
|
|
kubectl get svc -n kube-system
|
|
```
|
|
- service 地址应是之前指定的 clusterIP(10.10.9.2)
|
|
|
|
- 查看 coredns pods 状态
|
|
```bash
|
|
kubectl get pods -n kube-system
|
|
```
|
|
- 正常时都是 running
|
|
|
|
- 查看 coredns pods 输出
|
|
```bash
|
|
kubectl logs <pod_name> -n kube-system
|
|
```
|
|
|
|
# 参考
|
|
- [coredns 部署](https://github.com/coredns/deployment/tree/master/kubernetes)
|
|
|