Kubernetes 部署集群内部DNS服务

Kubernetes 部署集群内部DNS服务

部署官网：https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns/coredns

为服务提供名称域名的访问。

- DNS服务监视Kubernetes API，为每一个Service创建DNS记录用于域名解析。
- ClusterIP A记录格式：<service-name>.<namespace-name>.svc.cluster.local
示例：my-svc.my-namespace.svc.cluster.local

coredns

1、创建dns Yaml配置文件

apiVersion: v1 kind: ServiceAccount metadata:   name: coredns   namespace: kube-system   labels:       kubernetes.io/cluster-service: "true"       addonmanager.kubernetes.io/mode: Reconcile --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:   labels:     kubernetes.io/bootstrapping: rbac-defaults     addonmanager.kubernetes.io/mode: Reconcile   name: system:coredns rules: - apiGroups:   - ""   resources:   - endpoints   - services   - pods   - namespaces   verbs:   - list   - watch - apiGroups:   - ""   resources:   - nodes   verbs:   - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   annotations:     rbac.authorization.kubernetes.io/autoupdate: "true"   labels:     kubernetes.io/bootstrapping: rbac-defaults     addonmanager.kubernetes.io/mode: EnsureExists   name: system:coredns roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: system:coredns subjects: - kind: ServiceAccount   name: coredns   namespace: kube-system --- apiVersion: v1 kind: ConfigMap metadata:   name: coredns   namespace: kube-system   labels:       addonmanager.kubernetes.io/mode: EnsureExists data:   Corefile: |     .:53 {         errors         health         # 更改dns域         kubernetes cluster.local in-addr.arpa ip6.arpa {             pods insecure             upstream         }         cache 30         loop         reload         loadbalance     } --- apiVersion: apps/v1 kind: Deployment metadata:   name: coredns   namespace: kube-system   labels:     k8s-app: kube-dns     kubernetes.io/cluster-service: "true"     addonmanager.kubernetes.io/mode: Reconcile     kubernetes.io/name: "CoreDNS" spec:   # replicas: not specified here:   # 2. Default is 1.   strategy:     type: RollingUpdate     rollingUpdate:       maxUnavailable: 1   selector:     matchLabels:       k8s-app: kube-dns   template:     metadata:       labels:         k8s-app: kube-dns       annotations:         seccomp.security.alpha.kubernetes.io/pod: 'docker/default'     spec:       priorityClassName: system-cluster-critical       serviceAccountName: coredns       tolerations:         - key: "CriticalAddonsOnly"           operator: "Exists"       nodeSelector:         beta.kubernetes.io/os: linux       containers:       - name: coredns         # 更改DNS地址         image: coredns/coredns:1.2.6         imagePullPolicy: IfNotPresent         resources:           limits:             # 内存自定义             memory: 170Mi           requests:             cpu: 100m             memory: 70Mi         args: [ "-conf", "/etc/coredns/Corefile" ]         volumeMounts:         - name: config-volume           mountPath: /etc/coredns           readOnly: true         ports:         - containerPort: 53           name: dns           protocol: UDP         - containerPort: 53           name: dns-tcp           protocol: TCP         - containerPort: 9153           name: metrics           protocol: TCP         livenessProbe:           httpGet:             path: /health             port: 8080             scheme: HTTP           initialDelaySeconds: 60           timeoutSeconds: 5           successThreshold: 1           failureThreshold: 5         readinessProbe:           httpGet:             path: /health             port: 8080             scheme: HTTP         securityContext:           allowPrivilegeEscalation: false           capabilities:             add:             - NET_BIND_SERVICE             drop:             - all           readOnlyRootFilesystem: true       dnsPolicy: Default       volumes:         - name: config-volume           configMap:             name: coredns             items:             - key: Corefile               path: Corefile --- apiVersion: v1 kind: Service metadata:   name: kube-dns   namespace: kube-system   annotations:     prometheus.io/port: "9153"     prometheus.io/scrape: "true"   labels:     k8s-app: kube-dns     kubernetes.io/cluster-service: "true"     addonmanager.kubernetes.io/mode: Reconcile     kubernetes.io/name: "CoreDNS" spec:   selector:     k8s-app: kube-dns   # 更改为kube配置的DNS地址   clusterIP: 10.0.0.2   ports:   - name: dns     port: 53     protocol: UDP   - name: dns-tcp     port: 53     protocol: TCP   - name: metrics     port: 9153     protocol: TCP

2、执行命令创建dns

kubectl apply -f coredns.yaml 

3、查看pod状态

NAME READY STATUS RESTARTS AGE coredns-6765c879f8-lwtwt 1/1 Running 0 25s

4、测试dns是否正常
4.1 启用一个临时容器

kubectl run -it --image=busybox:1.28.4 --rm --restart=Never sh

4.2 进入容器并进行解析

/ # nslookup kubernetes / # nslookup kubernetes Server: 10.0.0.2 Address 1: 10.0.0.2 kube-dns.kube-system.svc.cluster.local

4.3 创建另一个容器测试

kubectl run -it --image=busybox:1.28.4 --rm --restart=Never sh -n kube-system / # nslookup my-service.default Server: 10.0.0.2 Address 1: 10.0.0.2 kube-dns.kube-system.svc.cluster.local  Name: my-service.default Address 1: 10.0.0.123 my-service.default.svc.cluster.local

查看已有解析service

kubectl get ep NAME ENDPOINTS AGE kubernetes 192.168.1.108:6443,192.168.1.109:6443 3d my-service <none> 7h54m nginx-service 172.17.1.2:80,172.17.1.3:80,172.17.1.6:80 2d4h nginx-service2 <none> 25h

 

# 注意事项
注：在api的service证书签发内留下dns的ip地址
# 报错：Failed to list *v1.Namespace: Get https://10.0.0.1:443/api/v1/namespaces?limit=500&resourceVersion=0: dial tcp 10.0.0.1:443: i/o timeout
解决方案：重启Node上的kube-proxy、重新创建coredns。

 

来源：博客园

作者：kevin.Xiang

链接：https://www.cnblogs.com/xiangsikai/p/11413970.html