CoreDNS簡介
CoreDNS 其實就是一個 DNS 服務,而 DNS 作為一種常見的服務發現手段,是以很多開源項目以及工程師都會使用 CoreDNS 為叢集提供服務發現的功能,Kubernetes 就在叢集中使用 CoreDNS 解決服務發現的問題。
如果想要在分布式系統實作服務發現的功能,CoreDNS 其實是一個非常好的選擇,CoreDNS作為一個已經進入CNCF并且在Kubernetes中作為DNS服務使用的應用,其本身的穩定性和可用性已經得到了證明,同時它基于插件實作的方式非常輕量并且易于使用,插件鍊的使用也使得第三方插件的定義變得非常的友善。
Coredns 架構
整個 CoreDNS 服務都建立在一個使用 Go 編寫的 HTTP/2 Web 伺服器 Caddy 。
叢集資訊介紹
Kubernetes
v1.13
k8s-master
172.20.101.157
172.20.101.165
172.20.101.164
CLUSTER_CIDR
10.254.0.0/16
CLUSTER_DNS
10.254.0.10
Coredns 項目下載下傳
下載下傳位址1:
wget https://github.com/coredns/deployment/archive/master.zip
unzip master.zip
下載下傳位址2:
git clone https://github.com/coredns/deployment.git
安裝部署
确認是否存在已運作dns服務
kubectl get pods -o wide -n=kube-system
#删除指令
kubectl delete --namespace=kube-system deployment ****-dns
安裝主目錄
cd /workspace/
下載下傳
git clone https://github.com/coredns/deployment.git
安裝目錄
cd /workspace/deployment/kubernetes
檢視項目檔案
[root@node01 kubernetes]# ll
CoreDNS-k8s_version.md
coredns.yaml.sed
deploy.sh
README.md
rollback.sh
Scaling_CoreDNS.md
Upgrading_CoreDNS.md
重要檔案介紹
deploy.sh 是一個用于在已經運作kube-dns的叢集中生成運作CoreDNS部署檔案(manifest)的工具腳本。它使用 coredns.yaml.sed檔案作為模闆,建立一個ConfigMap和CoreDNS的deployment,然後更新叢集中已有的kube-dns 服務的selector使用CoreDNS的deployment。重用已有的服務并不會在服務的請求中發生沖突。
deploy 腳本使用方法
usage: ./deploy.sh [ -r REVERSE-CIDR ] [ -i DNS-IP ] [ -d CLUSTER-DOMAIN ] [ -t YAML-TEMPLATE ]
-r : Define a reverse zone for the given CIDR. You may specifcy this option more
than once to add multiple reverse zones. If no reverse CIDRs are defined,
then the default is to handle all reverse zones (i.e. in-addr.arpa and ip6.arpa)
-i : Specify the cluster DNS IP address. If not specificed, the IP address of
the existing "kube-dns" service is used, if present.
-s : Skips the translation of kube-dns configmap to the corresponding CoreDNS Corefile configuration.
Coredns 與 kubernetes 版本比對:
參考位址:
https://github.com/coredns/deployment/blob/master/kubernetes/CoreDNS-k8s_version.md
Kubernetes v1.14 ==> CoreDNS v1.3.1
Kubernetes v1.13 ==> CoreDNS v1.2.6 <<===本環境使用版本
生成安裝配置檔案
./deploy.sh -r 10.254.0.0/16 -i 10.254.0.10 -d cluster.local -t coredns.yaml.sed -s >coredns.yaml
驗證配置檔案核心配置
[root@node01 kubernetes]# more coredns.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
errors
health
kubernetes cluster.local 10.254.0.0/16 { 《+====監聽域名和CIDR
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
---
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
containers:
- name: coredns
image: coredns/coredns:1.3.1 《===修改鏡像版本:image: coredns/coredns:1.2.6
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
執行安裝:
kubectl apply -f coredns.yaml
serviceaccount/coredns unchanged
clusterrole.rbac.authorization.k8s.io/system:coredns unchanged
clusterrolebinding.rbac.authorization.k8s.io/system:coredns unchanged
configmap/coredns configured
deployment.apps/coredns configured
service/kube-dns created
直接安裝方法
首先要确定使用鏡像是對的,執行方法如下:
./deploy.sh -r 10.254.0.0/16 -i 10.254.0.10 -t coredns.yaml -d | kubectl apply -f -
驗證服務
kubectl get svc -o wide -n=kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kube-dns ClusterIP 10.254.0.10 <none> 53/UDP,53/TCP,9153/TCP 84s k8s-app=kube-dns
檢視 coredns 詳細資訊
kubectl get pods -o wide -n=kube-system
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-b97f7df6d-gwjzj 1/1 Running 0 15h 10.254.100.3 172.20.101.166 <none> <none>
coredns-b97f7df6d-jq7q6 1/1 Running 0 15h 10.254.87.3 172.20.101.160 <none>
登陸node節點驗證coredns 版本
[root@node04 ~]# docker logs 2076a98b7461
.:53
2019-03-14T10:58:53.9Z [INFO] CoreDNS-1.2.6
2019-03-14T10:58:53.9Z [INFO] linux/amd64, go1.11.2, 756749c
CoreDNS-1.2.6
linux/amd64, go1.11.2, 756749c
[INFO] plugin/reload: Running configuration MD5 = 2f886b3d3ac0d768123559b4705a7dbb
測試DNS解析
修改master節點和所有node節點的/etc/systemd/system/kube-kubelet.service,
修改内容如紅色所注,與Corefile中的值對應。
CLUSTER_CIDR
10.254.0.0/16
CLUSTER_DNS
10.254.0.10
修改 kubelet 啟動配置檔案
vi /k8s/kubnode/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=172.20.101.166 \
--kubeconfig=/k8s/kubnode/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/k8s/kubnode/cfg/bootstrap.kubeconfig \
--config=/k8s/kubnode/cfg/kubelet.config \
--cert-dir=/k8s/kubnode/ssl \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
#添加内容如下
--cluster-dns=10.3.0.10 \
--cluster-domain=cluster.local.
#或者添加配置到 /etc/systemd/system/kube-kubelet.service
### 重新開機 kubelet 服務
systemctl daemon-reload
systemctl enable kubelet
systemctl restart kubelet
systemctl status kubelet -l
啟動 nginx 測試服務
kubectl run nginx --replicas=2 --image=nginx:alpine --port=80
kubectl expose deployment nginx --type=NodePort --name=example-service-nodeport
kubectl expose deployment nginx --name=example-service
啟動一個工具鏡像
kubectl run curl --image=radial/busyboxplus:curl
驗證服務啟動成功
kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
curl-66959f6557-879c6 1/1 Running 0 4m52s 10.254.87.4 172.20.101.160 <none> <none>
nginx-665764c8c9-dgjgv 1/1 Running 0 7m19s 10.254.100.2 172.20.101.166 <none> <none>
nginx-665764c8c9-z9rrm 1/1 Running 0 7m19s 10.254.87.2 172.20.101.160 <none> <none>
[root@node01 kubernetes]#
kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
example-service ClusterIP 10.254.210.43 <none> 80/TCP 9s run=nginx
example-service-nodeport NodePort 10.254.204.43 <none> 80:36136/TCP 14s run=nginx
kubernetes ClusterIP 10.254.0.1 <none> 443/TCP 105m <none>
登陸curl鏡像 (node節點執行)
[root@node04 ~]# docker exec -it f18900873efe sh
驗證外網解析
ping qq.com
PING qq.com (111.161.64.48): 56 data bytes
64 bytes from 111.161.64.48: seq=0 ttl=47 time=6.331 ms
64 bytes from 111.161.64.48: seq=1 ttl=47 time=6.293 ms
驗證内部解析:
[ root@curl-66959f6557-879c6:/ ]$ nslookup kubernetes
Server: 10.254.0.10
Address 1: 10.254.0.10 kube-dns.kube-system.svc.cluster.local
Name: kubernetes
Address 1: 10.254.0.1 kubernetes.default.svc.cluster.local
使用 curl測試域名解析
[ root@curl-66959f6557-879c6:/ ]$
curl example-service
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
...........................
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
清理服務
删除測試服務
kubectl get svc
kubectl delete svc example-service example-service-nodeport
删除部署空間
kubectl get deployment
kubectl delete deploy nginx curl
如果想删除 coredns執行如下操作:
kubectl delete svc kube-dns -n=kube-system
curl 報錯 排查解決
[root@node01 kubernetes]#
curl example-service
curl: (6) Could not resolve host: example-service; Unknown error
[root@node01 kubernetes]# curl example-service
解決辦法:
修改 kubelet 啟動配置檔案 (node節點)
vi /k8s/kubnode/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=172.20.101.166 \
--kubeconfig=/k8s/kubnode/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/k8s/kubnode/cfg/bootstrap.kubeconfig \
--config=/k8s/kubnode/cfg/kubelet.config \
--cert-dir=/k8s/kubnode/ssl \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
--cluster-dns=10.3.0.10 \
--cluster-domain=cluster.local.
#或者添加配置到 /etc/systemd/system/kube-kubelet.service
重新開機 kubelet 服務
systemctl daemon-reload
systemctl enable kubelet
systemctl restart kubelet
systemctl status kubelet -l
報錯2:
[root@node01 coredns]# ./deploy.sh 10.254.0.0/16 cluster.local | kubectl apply -f -
Error from server (NotFound): services "kube-dns" not found
error: no objects passed to apply
報錯:
./deploy.sh: line 39: jq: command not found
解決辦法:
因為項目使用了jq指令,需要安裝jq程式
yum -y install jq conntrack-tools