kubernetes实践之六十四:CoreDNS

一:简介
1.Kubernetes包括用于服务发现的DNS服务器Kube-DNS。 该DNS服务器利用SkyDNS的库来为Kubernetes pod和服务提供DNS请求。SkyDNS2的作者,Miek Gieben,创建了一个新的DNS服务器,CoreDNS,它采用更模块化,可扩展的框架构建。 Infoblox已经与Miek合作,将此DNS服务器作为Kube-DNS的替代品。
2.CoreDNS利用作为Web服务器Caddy的一部分而开发的服务器框架。该框架具有非常灵活,可扩展的模型,用于通过各种中间件组件传递请求。这些中间件组件根据请求提供不同的操作,例如记录,重定向,修改或维护。虽然它一开始作为Web服务器,但是Caddy并不是专门针对HTTP协议的,而是构建了一个基于CoreDNS的理想框架。
3.在这种灵活的模型中添加对Kubernetes的支持,相当于创建了一个Kubernetes中间件。该中间件使用Kubernetes API来满足针对特定Kubernetes pod或服务的DNS请求。而且由于Kube-DNS作为Kubernetes的另一项服务,kubelet和Kube-DNS之间没有紧密的绑定。您只需要将DNS服务的IP地址和域名传递给kubelet,而Kubernetes并不关心谁在实际处理该IP请求。
4.CoreDNS可以在具有标准的Kube-DNS的Kubernetes集群中运行。作为Kubernetes 的插件使用,CoreDNS将从 Kubernetes集群中读取区(zone)数据。它实现了为Kubernetes的DNS服务发现定义的规范:Kubernetes DNS-Based Service Discovery。

二:部署

部署CoreDNS需要使用到官方提供的两个文件 deploy.sh和coredns.yaml.sed

1.deploy.sh 是一个用于在已经运行kube-dns的集群中生成运行CoreDNS部署文件(manifest)的工具脚本。它使用 coredns.yaml.sed文件作为模板,创建一个ConfigMap和CoreDNS的deployment,然后更新集群中已有的kube-dns 服务的selector使用CoreDNS的deployment。重用已有的服务并不会在服务的请求中发生冲突。

2.deploy.sh文件并不会删除kube-dns的deployment或者replication controller。如果要删除kube-dns,你必须在部署CoreDNS后手动的删除kube-dns。

3.使用CoreDNS替换Kube-DNS只需要使用下面的两个命令:

点击(此处)折叠或打开

成都创新互联公司专注于翁源企业网站建设,响应式网站设计,成都商城网站开发。翁源网站建设公司,为翁源等地区提供建站服务。全流程定制设计,专业设计,全程项目跟踪,成都创新互联公司专业和态度为您提供的服务

  1. $./deploy.sh | kubectl apply -f -
  2. $ kubectl delete --namespace=kube-system deployment kube-dns
4.deploy.sh(https://github.com/coredns/deployment/tree/master/kubernetes)

点击(此处)折叠或打开

  1. #!/bin/bash

  2. # Deploys CoreDNS toa cluster currently running Kube-DNS.

  3. show_help() {
  4. cat << USAGE
  5. usage: $0 [ -r REVERSE-CIDR ] [ -i DNS-IP ] [ -d CLUSTER-DOMAIN ] [ -t YAML-TEMPLATE ]
  6.     -r: Definea reverse zone for the given CIDR. You may specifcy thisoption more
  7.          thanonce to add multiple reverse zones. If no reverse CIDRs are defined,
  8.          then thedefault is to handleall reverse zones(i.e. in-addr.arpa and ip6.arpa)
  9.     -i : Specify the cluster DNS IPaddress. If not specificed, the IPaddress of
  10.          the existing"kube-dns" service is used, if present.
  11. USAGE
  12. exit 0
  13. }

  14. # Simple Defaults
  15. CLUSTER_DOMAIN=cluster.local
  16. YAML_TEMPLATE=`pwd`/coredns.yaml.sed


  17. # Get Opts
  18. while getopts"hr:i:d:t:" opt; do
  19.     case"$opt" in
  20.     h) show_help
  21.         ;;
  22.     r) REVERSE_CIDRS="$REVERSE_CIDRS $OPTARG"
  23.         ;;
  24.     i) CLUSTER_DNS_IP=$OPTARG
  25.         ;;
  26.     d) CLUSTER_DOMAIN=$OPTARG
  27.         ;;
  28.     t) YAML_TEMPLATE=$OPTARG
  29.         ;;
  30.     esac
  31. done

  32. # Conditional Defaults
  33. if [[ -z $REVERSE_CIDRS ]]; then
  34.   REVERSE_CIDRS="in-addr.arpa ip6.arpa"
  35. fi
  36. if [[ -z $CLUSTER_DNS_IP ]]; then
  37.   #Default IP to kube-dns IP
  38.   CLUSTER_DNS_IP=$(kubectl get service --namespace kube-system kube-dns -o jsonpath="{.spec.clusterIP}")
  39.   if [ $? -ne 0 ]; then
  40.       >&2 echo"Error! The IP address for DNS service couldn't be determined automatically. Please specify the DNS-IP with the '-i' option."
  41.       exit 2
  42.   fi
  43. fi

  44. sed -es/CLUSTER_DNS_IP/$CLUSTER_DNS_IP/g -es/CLUSTER_DOMAIN/$CLUSTER_DOMAIN/g -e"s?REVERSE_CIDRS?$REVERSE_CIDRS?g" $YAML_TEMPLATE
5.coredns.yaml.sed

点击(此处)折叠或打开

  1. apiVersion: v1
  2. kind: ServiceAccount
  3. metadata:
  4.   name: coredns
  5.   namespace: kube-system
  6. ---
  7. apiVersion: rbac.authorization.k8s.io/v1beta1
  8. kind: ClusterRole
  9. metadata:
  10.   labels:
  11.     kubernetes.io/bootstrapping: rbac-defaults
  12.   name: system:coredns
  13. rules:
  14. - apiGroups:
  15.   -""
  16.   resources:
  17.   - endpoints
  18.   - services
  19.   - pods
  20.   - namespaces
  21.   verbs:
  22.   - list
  23.   - watch
  24. ---
  25. apiVersion: rbac.authorization.k8s.io/v1beta1
  26. kind: ClusterRoleBinding
  27. metadata:
  28.   annotations:
  29.     rbac.authorization.kubernetes.io/autoupdate: "true"
  30.   labels:
  31.     kubernetes.io/bootstrapping: rbac-defaults
  32.   name: system:coredns
  33. roleRef:
  34.   apiGroup: rbac.authorization.k8s.io
  35.   kind: ClusterRole
  36.   name: system:coredns
  37. subjects:
  38. - kind: ServiceAccount
  39.   name: coredns
  40.   namespace: kube-system
  41. ---
  42. apiVersion: v1
  43. kind: ConfigMap
  44. metadata:
  45.   name: coredns
  46.   namespace: kube-system
  47. data:
  48.   Corefile: |
  49.     .:53{
  50.         errors
  51.         health
  52.         kubernetes CLUSTER_DOMAIN REVERSE_CIDRS{
  53.           pods insecure
  54.           upstream
  55.           fallthrough in-addr.arpa ip6.arpa
  56.         }
  57.         prometheus:9153
  58.         proxy. /etc/resolv.conf
  59.         cache 30
  60.         reload
  61.     }
  62. ---
  63. apiVersion: extensions/v1beta1
  64. kind: Deployment
  65. metadata:
  66.   name: coredns
  67.   namespace: kube-system
  68.   labels:
  69.     k8s-app: kube-dns
  70.     kubernetes.io/name: "CoreDNS"
  71. spec:
  72.   replicas: 2
  73.   strategy:
  74.     type: RollingUpdate
  75.     rollingUpdate:
  76.       maxUnavailable: 1
  77.   selector:
  78.     matchLabels:
  79.       k8s-app: kube-dns
  80.   template:
  81.     metadata:
  82.       labels:
  83.         k8s-app: kube-dns
  84.     spec:
  85.       serviceAccountName: coredns
  86.       tolerations:
  87.         - key: "CriticalAddonsOnly"
  88.           operator: "Exists"
  89.       containers:
  90.       - name: coredns
  91.         image: coredns/coredns:1.1.3
  92.         imagePullPolicy: IfNotPresent
  93.         args: ["-conf", "/etc/coredns/Corefile" ]
  94.         volumeMounts:
  95.         - name: config-volume
  96.           mountPath: /etc/coredns
  97.           readOnly: true
  98.         ports:
  99.         - containerPort: 53
  100.           name: dns
  101.           protocol: UDP
  102.         - containerPort: 53
  103.           name: dns-tcp
  104.           protocol: TCP
  105.         - containerPort: 9153
  106.           name: metrics
  107.           protocol: TCP
  108.         securityContext:
  109.           allowPrivilegeEscalation: false
  110.           capabilities:
  111.             add:
  112.             - NET_BIND_SERVICE
  113.             drop:
  114.             -all
  115.           readOnlyRootFilesystem: true
  116.         livenessProbe:
  117.           httpGet:
  118.             path: /health
  119.             port: 8080
  120.             scheme: HTTP
  121.           initialDelaySeconds: 60
  122.           timeoutSeconds: 5
  123.           successThreshold: 1
  124.           failureThreshold: 5
  125.       dnsPolicy: Default
  126.       volumes:
  127.         - name: config-volume
  128.           configMap:
  129.             name: coredns
  130.             items:
  131.             - key: Corefile
  132.               path: Corefile
  133. ---
  134. apiVersion: v1
  135. kind: Service
  136. metadata:
  137.   name: kube-dns
  138.   namespace: kube-system
  139.   annotations:
  140.     prometheus.io/scrape: "true"
  141.   labels:
  142.     k8s-app: kube-dns
  143.     kubernetes.io/cluster-service: "true"
  144.     kubernetes.io/name: "CoreDNS"
  145. spec:
  146.   selector:
  147.     k8s-app: kube-dns
  148.   clusterIP: CLUSTER_DNS_IP
  149.   ports:
  150.   - name: dns
  151.     port: 53
  152.     protocol: UDP
  153.   - name: dns-tcp
  154.     port: 53
  155.     protocol: TCP
三:备注
对于非RBAC部署,你需要编辑生成的结果yaml文件:
1.从yaml文件的Deployment部分删除 serviceAccountName: coredns
2.删除 ServiceAccount、 ClusterRole和 ClusterRoleBinding 部分




当前标题:kubernetes实践之六十四:CoreDNS
本文网址:http://hbruida.cn/article/ihdcih.html