原创内容,转载请注明出处
前言
在经过上一篇章Calico集成kubernetes的CNI网络部署全过程、启用CA自签名之后,kubernetes每台node节点的状态已经是ready状态了,那么下一步就是需要解决kubernetes集群中pod的域名解析问题。
为什么要解决这个问题呢?
因为kuberntes中的所有pod都是基于service域名解析后,再负载均衡分发到service后端的各个pod服务中,那么如果没有DNS解析,则无法查到各个服务对应的service服务,以下举个例子。
1.首先上传一个基于centos的工具镜像
[root@server81 registry]# docker push 172.16.5.181:5000/networkboxThe push refers to repository [172.16.5.181:5000/networkbox]6793eb3b0692: Pushed 4b398ee02e06: Pushed b91100adb338: Pushed 5f70bf18a086: Pushed 479d1ea9f888: Pushed latest: digest: sha256:0159b2282815ecd59809dcca4d74cffd5b75a9ca5deec8a220080c254cc43ff2 size: 1987[root@server81 registry]#
2.创建pod以及svc
[root@server81 test_yaml]# vim networkbox.yaml apiVersion: extensions/v1beta1kind: Deploymentmetadata: name: networkbox labels: app: networkboxspec: replicas: 10 template: metadata: labels: app: networkbox spec: terminationGracePeriodSeconds: 60 containers: - name: networkbox image: 172.16.5.181:5000/networkbox ---apiVersion: v1kind: Servicemetadata: name: networkbox labels: name: networkboxspec: ports: - port: 8008 selector: name: networkbox [root@server81 test_yaml]# vim networkbox.yaml [root@server81 test_yaml]# [root@server81 test_yaml]# kubectl apply -f networkbox.yaml deployment.extensions/networkbox configured service/networkbox unchanged [root@server81 test_yaml]# [root@server81 test_yaml]# kubectl get pod -o wideNAME READY STATUS RESTARTS AGE IP NODE networkbox-85bd85cd54-7hsgp 1/1 Terminating 0 1m 10.1.0.196 172.16.5.181networkbox-85bd85cd54-7sr5f 1/1 Terminating 0 1m 10.1.0.65 172.16.5.87networkbox-85bd85cd54-9j8cg 1/1 Running 0 1m 10.1.0.194 172.16.5.181networkbox-85bd85cd54-btcvz 1/1 Terminating 0 1m 10.1.0.198 172.16.5.181networkbox-85bd85cd54-btmwm 1/1 Terminating 0 1m 10.1.0.200 172.16.5.181networkbox-85bd85cd54-dfngz 1/1 Terminating 0 1m 10.1.0.197 172.16.5.181networkbox-85bd85cd54-gp525 1/1 Terminating 0 1m 10.1.0.66 172.16.5.87networkbox-85bd85cd54-llrw6 1/1 Running 0 1m 10.1.0.193 172.16.5.181networkbox-85bd85cd54-psh4r 1/1 Running 0 1m 10.1.0.195 172.16.5.181networkbox-85bd85cd54-zsg8m 1/1 Terminating 0 1m 10.1.0.199 172.16.5.181[root@server81 test_yaml]# [root@server81 test_yaml]# kubectl get svcNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.0.6.1 <none> 443/TCP 1h networkbox ClusterIP 10.0.6.138 <none> 8008/TCP 1m [root@server81 test_yaml]#
3.进入networkbox的容器内,ping service域名,确认是否返回IP地址
[root@server81 test_yaml]# kubectl get svcNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.0.6.1 <none> 443/TCP 1h networkbox ClusterIP 10.0.6.138 <none> 8008/TCP 1m [root@server81 test_yaml]# [root@server81 test_yaml]# kubectl exec -it networkbox-85bd85cd54-9j8cg bash[root@networkbox-85bd85cd54-9j8cg /]# [root@networkbox-85bd85cd54-9j8cg /]# ping networkboxping: unknown host networkbox [root@networkbox-85bd85cd54-9j8cg /]# [root@networkbox-85bd85cd54-9j8cg /]# ping kubernetesping: unknown host kubernetes [root@networkbox-85bd85cd54-9j8cg /]#
可以看出在容器内由于没有kubernetes的DNS服务解析,容器是找不到service的IP地址,那么也就找不到后面的服务了,所以CoreDNS的解析服务是必须要安装好的。
CoreDNS在kubernetes中的部署
1.查看CoreDNS的官网
点击这里访问CoreDNS的官网。
在CoreDns官网可以查看相关版本以及功能介绍,还可以进入CoreDns的github。
2.查看CoreDNS的github
点击这里访问CoreDNS的github地址。
选择进入deployment,查看如何进行部署的。
3.进入github的deployment
进入deployment页面。
选择进入kubernetes的部署yaml文件
4.查看CoreDNS在kubernetes部署的github脚本文件
查看kuberntes部署CoreDNS的文件
找到了这里,通过github的介绍说明,基本就可以知道上面的四个文件就是部署所需要的文件,以及如何进行部署的。下面我将文件下载下来,修改一下之后进行部署。
5.下载部署文件
从上面github中,将文件都下载到服务器中。
apiVersion: v1 kind: ServiceAccount metadata: name: coredns namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: labels: kubernetes.io/bootstrapping: rbac-defaults name: system:coredns rules: - apiGroups: - "" resources: - endpoints - services - pods - namespaces verbs: - list - watch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" labels: kubernetes.io/bootstrapping: rbac-defaults name: system:coredns roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:coredns subjects: - kind: ServiceAccount name: coredns namespace: kube-system --- apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system data: Corefile: | .:53 { errors health kubernetes CLUSTER_DOMAIN REVERSE_CIDRS { pods insecure upstream fallthrough in-addr.arpa ip6.arpa }FEDERATIONS prometheus :9153 proxy . UPSTREAMNAMESERVER cache 30 loop reload loadbalance }STUBDOMAINS --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: coredns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/name: "CoreDNS"spec: replicas: 2 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 selector: matchLabels: k8s-app: kube-dns template: metadata: labels: k8s-app: kube-dns spec: serviceAccountName: coredns tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - key: "CriticalAddonsOnly" operator: "Exists" containers: - name: coredns image: coredns/coredns:1.2.2 imagePullPolicy: IfNotPresent resources: limits: memory: 170Mi requests: cpu: 100m memory: 70Mi args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: - name: config-volume mountPath: /etc/coredns readOnly: true ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP - containerPort: 9153 name: metrics protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_BIND_SERVICE drop: - all readOnlyRootFilesystem: true livenessProbe: httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 dnsPolicy: Default volumes: - name: config-volume configMap: name: coredns items: - key: Corefile path: Corefile --- apiVersion: v1 kind: Service metadata: name: kube-dns namespace: kube-system annotations: prometheus.io/port: "9153" prometheus.io/scrape: "true" labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS"spec: selector: k8s-app: kube-dns clusterIP: CLUSTER_DNS_IP ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53 protocol: TCP
#!/bin/bash# Deploys CoreDNS to a cluster currently running Kube-DNS.show_help () { cat << USAGE usage: $0 [ -r REVERSE-CIDR ] [ -i DNS-IP ] [ -d CLUSTER-DOMAIN ] [ -t YAML-TEMPLATE ] [ -k KUBECONFIG ] -r : Define a reverse zone for the given CIDR. You may specifcy this option more than once to add multiple reverse zones. If no reverse CIDRs are defined, then the default is to handle all reverse zones (i.e. in-addr.arpa and ip6.arpa) -i : Specify the cluster DNS IP address. If not specificed, the IP address of the existing "kube-dns" service is used, if present. -s : Skips the translation of kube-dns configmap to the corresponding CoreDNS Corefile configuration. USAGEexit 0 }# Simple DefaultsCLUSTER_DOMAIN=cluster.local YAML_TEMPLATE=`pwd`/coredns.yaml.sed STUBDOMAINS=""UPSTREAM=\\/etc\\/resolv\.conf FEDERATIONS=""# Translates the kube-dns ConfigMap to equivalent CoreDNS Configuration.function translate-kube-dns-configmap { kube-dns-federation-to-coredns kube-dns-upstreamnameserver-to-coredns kube-dns-stubdomains-to-coredns }function kube-dns-federation-to-coredns { fed=$(kubectl -n kube-system get configmap kube-dns -ojsonpath='{.data.federations}' 2> /dev/null | jq . | tr -d '":,') if [[ ! -z ${fed} ]]; then FEDERATIONS=$(sed -e '1s/^/federation /' -e 's/^/ /' -e '1i\\' <<< "${fed}") # add federation to the stanza fi}function kube-dns-upstreamnameserver-to-coredns { up=$(kubectl -n kube-system get configmap kube-dns -ojsonpath='{.data.upstreamNameservers}' 2> /dev/null | tr -d '[",]') if [[ ! -z ${up} ]]; then UPSTREAM=${up} fi}function kube-dns-stubdomains-to-coredns { STUBDOMAIN_TEMPLATE=' SD_DOMAIN:53 { errors cache 30 loop proxy . SD_DESTINATION }' function dequote { str=${1#\"} # delete leading quote str=${str%\"} # delete trailing quote echo ${str} } function parse_stub_domains() { sd=$1 # get keys - each key is a domain sd_keys=$(echo -n $sd | jq keys[]) # For each domain ... for dom in $sd_keys; do dst=$(echo -n $sd | jq '.['$dom'][0]') # get the destination dom=$(dequote $dom) dst=$(dequote $dst) sd_stanza=${STUBDOMAIN_TEMPLATE/SD_DOMAIN/$dom} # replace SD_DOMAIN sd_stanza=${sd_stanza/SD_DESTINATION/$dst} # replace SD_DESTINATION echo "$sd_stanza" done} sd=$(kubectl -n kube-system get configmap kube-dns -ojsonpath='{.data.stubDomains}' 2> /dev/null) STUBDOMAINS=$(parse_stub_domains "$sd") }# Get Optswhile getopts "hsr:i:d:t:k:" opt; do case "$opt" in h) show_help ;; s) SKIP=1 ;; r) REVERSE_CIDRS="$REVERSE_CIDRS $OPTARG" ;; i) CLUSTER_DNS_IP=$OPTARG ;; d) CLUSTER_DOMAIN=$OPTARG ;; t) YAML_TEMPLATE=$OPTARG ;; k) KUBECONFIG=$OPTARG ;; esacdone# Set kubeconfig flag if config specifiedif [[ ! -z $KUBECONFIG ]]; then if [[ -f $KUBECONFIG ]]; then KUBECONFIG="--kubeconfig $KUBECONFIG" else KUBECONFIG="" fifi# Conditional Defaultsif [[ -z $REVERSE_CIDRS ]]; then REVERSE_CIDRS="in-addr.arpa ip6.arpa"fiif [[ -z $CLUSTER_DNS_IP ]]; then # Default IP to kube-dns IP CLUSTER_DNS_IP=$(kubectl get service --namespace kube-system kube-dns -o jsonpath="{.spec.clusterIP}" $KUBECONFIG) if [ $? -ne 0 ]; then >&2 echo "Error! The IP address for DNS service couldn't be determined automatically. Please specify the DNS-IP with the '-i' option." exit 2 fifiif [[ "${SKIP}" -ne 1 ]] ; then translate-kube-dns-configmapfiorig=$'\n'replace=$'\\\n'sed -e "s/CLUSTER_DNS_IP/$CLUSTER_DNS_IP/g" \ -e "s/CLUSTER_DOMAIN/$CLUSTER_DOMAIN/g" \ -e "s?REVERSE_CIDRS?$REVERSE_CIDRS?g" \ -e "s@STUBDOMAINS@${STUBDOMAINS//$orig/$replace}@g" \ -e "s@FEDERATIONS@${FEDERATIONS//$orig/$replace}@g" \ -e "s/UPSTREAMNAMESERVER/$UPSTREAM/g" \ "${YAML_TEMPLATE}"
6.配置文件并部署服务
首先第一步要知道集群使用的DNS的IP地址
从kubelet配置中可以得知集群配置的clusterIP地址是10.0.6.200
查看delpoy脚本,确定执行过程
总结需要修改下面几个配置:
sed -e s/CLUSTER_DNS_IP/$CLUSTER_DNS_IP/g -e s/CLUSTER_DOMAIN/$CLUSTER_DOMAIN/g -e "s?REVERSE_CIDRS?$REVERSE_CIDRS?g" $YAML_TEMPLATE其中REVERSE_CIDRS就是上游的IP地址。in-addr.arpa ip6.arpa
查看配置在模板yaml文件的位置
编写自定义配置脚本
代码如下:
[root@server81 install_CoreDNS]# vim set_coredns_param.sh #!/bin/bashbasedir=$(cd `dirname $0`;pwd) REVERSE_CIDRS="10.0.6.0/24" ## 配置 kubernetes svc 网段CLUSTER_DNS_IP="10.0.6.200" ## 配置 kubernetes DNS IPCLUSTER_DOMAIN="cluster.local" ## 配置 kubernetes 的域名YAML_TEMPLATE=$basedir/coredns.yaml.sed ## coredns 的模板yaml文件## functionfunction create_coredns_yaml(){local TEMPLATE=$basedir/coredns.yaml.simplelocal YAML=$basedir/coredns.yaml cat $YAML_TEMPLATE > $TEMPLATEsed -e s/CLUSTER_DNS_IP/$CLUSTER_DNS_IP/g -e s/CLUSTER_DOMAIN/$CLUSTER_DOMAIN/g -e "s?REVERSE_CIDRS?$REVERSE_CIDRS?g" $TEMPLATE > $YAML} create_coredns_yaml
执行配置脚本,生成部署coreDNS.yaml文件
下载镜像,并推送至本地的私有仓库
image: coredns/coredns:1.2.0
这里就不说明如何推送镜像到仓库的步骤了。
修改coredns.yaml文件中的镜像地址
执行部署
查看部署服务是否正常
服务已经正常运行,那么下面进入容器内ping一下域名,确认是否解析成功了。
再次进入容器内ping域名,确认是否解析成功
留下一个问题
在经过上面的一系列部署之后,kuberntes的虚拟集群网络的DNS解析的确是可以的了。但是kubernetes之外的物理机node也是需要DNS解析的,那么该怎么去管理呢?
下面后续一个篇章,我会介绍使用dnsmasq的部署,方便管理kuberntes集群以及多台物理机服务器的DNS统一管理。
作者:DevOps海洋的渔夫
链接:https://www.jianshu.com/p/e7ea9e0e690b