环境
- 二进制部署的 kubernetes v1.12.6 集群
- coreDNS 1.2.2
生成 service account 文件
- 创建 0.coredns-sa.yml
cat > 0.coredns-sa.yml <<EOF apiVersion: v1 kind: ServiceAccount metadata: name: coredns namespace: kube-system EOF
生成 rbac 文件
- 创建 1.coredns-rbac.yml
curl > 1.coredns-rbac.yml <<EOF apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: kubernetes.io/bootstrapping: rbac-defaults addonmanager.kubernetes.io/mode: Reconcile name: system:coredns rules: - apiGroups: - "" resources: - endpoints - services - pods - namespaces verbs: - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" labels: kubernetes.io/bootstrapping: rbac-defaults addonmanager.kubernetes.io/mode: EnsureExists name: system:coredns roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:coredns subjects: - kind: ServiceAccount name: coredns namespace: kube-system EOF
生成 configmap 文件
- 创建 2.coredns-configmap.yml
cat > 2.coredns-configmap.yml <<EOF apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system labels: addonmanager.kubernetes.io/mode: EnsureExists data: Corefile: | .:53 { errors log stdout health kubernetes cluster.local 10.10.9.0/24 proxy . /etc/resolv.conf cache 30 } EOF - 这里的 10.10.9.0/24 应与 kube-apiserver 配置文件中的 service-cluster-ip-range 一致
- 这里的 cluster.local 应与 kubelet 配置文件中的 clusterDomain 一致
生成 deployment 文件
- 创建 3.coredns-deployment.yml
cat > 3.coredns-deployment.yml <<EOF apiVersion: extensions/v1beta1 kind: Deployment metadata: name: coredns namespace: kube-system labels: k8s-app: coredns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "CoreDNS" spec: replicas: 2 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 selector: matchLabels: k8s-app: coredns template: metadata: labels: k8s-app: coredns spec: serviceAccountName: coredns containers: - name: coredns image: coredns/coredns:1.2.2 imagePullPolicy: IfNotPresent resources: limits: memory: 170Mi requests: cpu: 100m memory: 70Mi args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: - name: config-volume mountPath: /etc/coredns readOnly: true - name: tmp mountPath: /tmp ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP livenessProbe: httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 dnsPolicy: Default volumes: - name: tmp emptyDir: {} - name: config-volume configMap: name: coredns items: - key: Corefile path: Corefile EOF - coredns/coredns:1.2.2 该镜像可以提前导入本地局域网中的私有 docker 仓库中
- 查看 k8s 对应的 coredns 版本,参考 coredns
生成 service 文件
- 创建 4.coredns-service.yml
cat > 4.coredns-service.yml <<EOF apiVersion: v1 kind: Service metadata: name: coredns namespace: kube-system labels: k8s-app: coredns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "CoreDNS" spec: selector: k8s-app: coredns clusterIP: 10.10.9.2 ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53 protocol: TCP EOF - 这里的 clusterIP 需与 kubelet 配置文件中的 clusterDNS 一致
部署到 kubernetes 中
- 使用 kubectl 直接应用
kubectl apply -f 0.coredns-sa.yml kubectl apply -f 1.coredns-rbac.yml kubectl apply -f 2.coredns-configmap.yml kubectl apply -f 3.coredns-deployment.yml kubectl apply -f 4.coredns-service.yml
查看 coredns 状态
-
查看 service 状态
kubectl get svc -n kube-system- service 地址应是之前指定的 clusterIP(10.10.9.2)
-
查看 coredns pods 状态
kubectl get pods -n kube-system -l k8s-app=coredns- 正常时都是 running
-
查看 coredns pods 输出
kubectl logs <pod_name> -n kube-system- 正常输出类似如下
.:53 2019/04/14 12:20:09 [INFO] CoreDNS-1.2.2 2019/04/14 12:20:09 [INFO] linux/amd64, go1.11, eb51e8b CoreDNS-1.2.2 linux/amd64, go1.11, eb51e8b
- 正常输出类似如下
来源:oschina
链接:https://my.oschina.net/u/2298475/blog/3036742