09-部署配置kubedns插件
安装和配置 kubedns 插件
官方的yaml文件在:kubernetes/cluster/addons/dns
。
该插件直接使用kubernetes部署,官方的配置文件中包含以下镜像:
gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.1
gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.1
gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.1
我这使用时速云上的镜像:
index.tenxcloud.com/jimmy/k8s-dns-kube-dns-amd64:1.14.1
index.tenxcloud.com/jimmy/k8s-dns-dnsmasq-nanny-amd64:1.14.1
index.tenxcloud.com/jimmy/k8s-dns-sidecar-amd64:1.14.1
以下yaml配置文件中使用的是时速云中的镜像。
kubedns-cm.yaml
kubedns-sa.yaml
kubedns-controller.yaml
kubedns-svc.yaml
已经修改好的 yaml 文件见:dns
系统预定义的 RoleBinding
预定义的 RoleBinding system:kube-dns
将 kube-system 命名空间的 kube-dns
ServiceAccount 与 system:kube-dns
Role 绑定, 该 Role 具有访问 kube-apiserver DNS 相关 API 的权限;
$ kubectl get clusterrolebindings system:kube-dns -o yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:annotations:rbac.authorization.kubernetes.io/autoupdate: "true"creationTimestamp: 2017-04-11T11:20:42Zlabels:kubernetes.io/bootstrapping: rbac-defaultsname: system:kube-dnsresourceVersion: "58"selfLink: /apis/rbac.authorization.k8s.io/v1beta1/clusterrolebindingssystem%3Akube-dnsuid: e61f4d92-1ea8-11e7-8cd7-f4e9d49f8ed0
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: system:kube-dns
subjects:
- kind: ServiceAccountname: kube-dnsnamespace: kube-system
kubedns-controller.yaml
中定义的 Pods 时使用了 kubedns-sa.yaml
文件定义的 kube-dns
ServiceAccount,所以具有访问 kube-apiserver DNS 相关 API 的权限。
配置 kube-dns ServiceAccount
无需修改。
配置 kube-dns
服务
# cat kubedns-svc.yaml
# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.# __MACHINE_GENERATED_WARNING__apiVersion: v1
kind: Service
metadata:name: kube-dnsnamespace: kube-systemlabels:k8s-app: kube-dnskubernetes.io/cluster-service: "true"addonmanager.kubernetes.io/mode: Reconcilekubernetes.io/name: "KubeDNS"
spec:selector:k8s-app: kube-dnsclusterIP: 10.254.0.2ports:- name: dnsport: 53protocol: UDP- name: dns-tcpport: 53protocol: TCP
- spec.clusterIP = 10.254.0.2,即明确指定了 kube-dns Service IP,这个 IP 需要和 kubelet 的
--cluster-dns
参数值一致;
配置 kube-dns
Deployment
# cat kubedns-controller.yaml# # Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.# Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
# in sync with this file.# __MACHINE_GENERATED_WARNING__apiVersion: extensions/v1beta1
kind: Deployment
metadata:name: kube-dnsnamespace: kube-systemlabels:k8s-app: kube-dnskubernetes.io/cluster-service: "true"addonmanager.kubernetes.io/mode: Reconcile
spec:# replicas: not specified here:# 1. In order to make Addon Manager do not reconcile this replicas parameter.# 2. Default is 1.# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.strategy:rollingUpdate:maxSurge: 10%maxUnavailable: 0selector:matchLabels:k8s-app: kube-dnstemplate:metadata:labels:k8s-app: kube-dnsannotations:scheduler.alpha.kubernetes.io/critical-pod: ''spec:tolerations:- key: "CriticalAddonsOnly"operator: "Exists"volumes:- name: kube-dns-configconfigMap:name: kube-dnsoptional: truecontainers:- name: kubednsimage: index.tenxcloud.com/jimmy/k8s-dns-kube-dns-amd64:1.14.1resources:# TODO: Set memory limits when we've profiled the container for large# clusters, then set request = limit to keep this container in# guaranteed class. Currently, this container falls into the# "burstable" category so the kubelet doesn't backoff from restarting it.limits:memory: 170Mirequests:cpu: 100mmemory: 70MilivenessProbe:httpGet:path: /healthcheck/kubednsport: 10054scheme: HTTPinitialDelaySeconds: 60timeoutSeconds: 5successThreshold: 1failureThreshold: 5readinessProbe:httpGet:path: /readinessport: 8081scheme: HTTP# we poll on pod startup for the Kubernetes master service and# only setup the /readiness HTTP server once that's available.initialDelaySeconds: 3timeoutSeconds: 5args:- --domain=cluster.local.- --dns-port=10053- --config-dir=/kube-dns-config- --v=2#__PILLAR__FEDERATIONS__DOMAIN__MAP__env:- name: PROMETHEUS_PORTvalue: "10055"ports:- containerPort: 10053name: dns-localprotocol: UDP- containerPort: 10053name: dns-tcp-localprotocol: TCP- containerPort: 10055name: metricsprotocol: TCPvolumeMounts:- name: kube-dns-configmountPath: /kube-dns-config- name: dnsmasqimage: index.tenxcloud.com/jimmy/k8s-dns-dnsmasq-nanny-amd64:1.14.1livenessProbe:httpGet:path: /healthcheck/dnsmasqport: 10054scheme: HTTPinitialDelaySeconds: 60timeoutSeconds: 5successThreshold: 1failureThreshold: 5args:- -v=2- -logtostderr- -configDir=/etc/k8s/dns/dnsmasq-nanny- -restartDnsmasq=true- --- -k- --cache-size=1000- --log-facility=-- --server=/cluster.local./127.0.0.1#10053- --server=/in-addr.arpa/127.0.0.1#10053- --server=/ip6.arpa/127.0.0.1#10053ports:- containerPort: 53name: dnsprotocol: UDP- containerPort: 53name: dns-tcpprotocol: TCP# see: https://github.com/kubernetes/kubernetes/issues/29055 for detailsresources:requests:cpu: 150mmemory: 20MivolumeMounts:- name: kube-dns-configmountPath: /etc/k8s/dns/dnsmasq-nanny- name: sidecarimage: index.tenxcloud.com/jimmy/k8s-dns-sidecar-amd64:1.14.1livenessProbe:httpGet:path: /metricsport: 10054scheme: HTTPinitialDelaySeconds: 60timeoutSeconds: 5successThreshold: 1failureThreshold: 5args:- --v=2- --logtostderr- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local.,5,A- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local.,5,Aports:- containerPort: 10054name: metricsprotocol: TCPresources:requests:memory: 20Micpu: 10mdnsPolicy: Default # Don't use cluster DNS.serviceAccountName: kube-dns
- 主要也就更改image的地址,根据各自的镜像地址而更改
- 使用系统已经做了 RoleBinding 的
kube-dns
ServiceAccount,该账户具有访问 kube-apiserver DNS 相关 API 的权限;
执行所有定义文件
# pwd
/root/yaml/dns
# ls *.yaml
kubedns-cm.yaml kubedns-controller.yaml kubedns-sa.yaml kubedns-svc.yaml
# kubectl create -f .
configmap "kube-dns" created
deployment "kube-dns" created
serviceaccount "kube-dns" created
service "kube-dns" created
# 使用kubectl get deployment -n kube-system查看deployment状态
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
kube-dns 1 1 1 1 12m#使用kubectl get pods --all-namespaces| grep kube-dns查看dns pods是否都正常启动
kube-system kube-dns-351402727-vcvpc 3/3 Running 0 10m
#使用kubectl get services --all-namespaces| grep kube-dns查看服务端口
kube-system kube-dns 10.254.0.2 <none> 53/UDP,53/TCP 14m
开始测试 kubedns 功能
新建一个nginx Deployment
# cat my-nginx.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:name: my-nginx
spec:replicas: 2template:metadata:labels:run: my-nginxspec:containers:- name: my-nginximage: index.tenxcloud.com/docker_library/nginx:1.9.0ports:- containerPort: 80# kubectl create -f my-nginx.yaml
deployment "my-nginx" created
# kubectl get pods --all-namespaces|grep my-nginx
default my-nginx-925637600-4sr5g 1/1 Running 0 19m
default my-nginx-925637600-6f9w7 1/1 Running 0 19m
Export 该 Deployment, 生成 my-nginx
服务
# kubectl expose deploy my-nginx
# kubectl get services --all-namespaces |grep my-nginx
default my-nginx 10.254.101.236 <none> 80/TCP 10s
创建另一个 Pod,查看 /etc/resolv.conf
是否包含 kubelet
配置的 --cluster-dns
和 --cluster-domain
,是否能够将服务 my-nginx
解析到 Cluster IP 10.254.101.236
# cat nginxnew.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:name: nginxnew
spec:replicas: 2template:metadata:labels:run: nginxnewspec:containers:- name: nginxnewimage: index.tenxcloud.com/docker_library/nginx:1.9.0ports:- containerPort: 80# kubectl create -f nginxnew.yaml
deployment "nginxnew" created
# kubectl get pods --all-namespaces|grep nginxnew
default nginxnew-248912974-bwqrx 1/1 Running 0 4m
default nginxnew-248912974-c881p 1/1 Running 0 4m
# kubectl exec nginxnew-248912974-bwqrx -i -t -- /bin/bash
root@nginxnew-248912974-bwqrx:/# cat /etc/resolv.conf
nameserver 10.254.0.2
search default.svc.cluster.local. svc.cluster.local. cluster.local.
options ndots:5root@nginxnew-248912974-bwqrx:/# ping my-nginx
PING my-nginx.default.svc.cluster.local (10.254.101.236): 56 data bytes
^C--- my-nginx.default.svc.cluster.local ping statistics ---
2 packets transmitted, 0 packets received, 100% packet lossroot@nginxnew-248912974-bwqrx:/# ping kubernetes
PING kubernetes.default.svc.cluster.local (10.254.0.1): 56 data bytes
^C--- kubernetes.default.svc.cluster.local ping statistics ---
2 packets transmitted, 0 packets received, 100% packet lossroot@nginxnew-248912974-bwqrx:/# ping kube-dns.kube-system.svc.cluster.local
PING kube-dns.kube-system.svc.cluster.local (10.254.0.2): 56 data bytes
^C--- kube-dns.kube-system.svc.cluster.local ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
从结果来看,service名称可以正常解析到对应ip
转载于:https://www.cnblogs.com/guigujun/p/8366543.html
09-部署配置kubedns插件相关推荐
- [Linux实用工具]munin-node插件配置和插件编写
前面介绍了2篇munin使用的相关文章: [Linux实用工具]Linux监控工具munin的安装和配置 [Linux实用工具]Linux监控工具munin的展示(Nginx) 这次介绍一下munin ...
- jenkins自动部署配置
jenkins自动部署配置 新建item 在jenkins首页新建item->选择构建一个maven项目->确定 新页面中: 源码管理:选择Git-> Repository URL: ...
- SpringBoot项目热部署配置
SpringBoot配置热部署后修改代码, 无需重启即可看到修改效果. pom引入spring-boot-devtools依赖 <!--SpringBoot热部署配置 --> <de ...
- Jenkins——持续集成及Jenkins介绍和安装配置(插件,用户权限,凭据,Maven安装打包,配置tomcat用户权限)
持续集成及Jenkins介绍和安装配置 持续集成及Jenkins介绍 软件开发生命周期 持续集成 持续集成的组成要素 持续集成的好处 Jenkins介绍 Jenkins安装和持续集成环境配置 Gitl ...
- Jenkins——Jenkins介绍+基于云平台的Jenkins安装和持续集成环境配置(插件+用户权限+凭据+Maven打包)
Jenkins--Jenkins介绍+基于云平台的Jenkins安装和持续集成环境配置(插件+用户权限+凭据+Maven打包) 持续集成及Jenkins介绍 软件开发生命周期 什么是持续集成? 持续集 ...
- 如何在 Amazon EKS 中部署 SR-IOV 设备插件
前言 随着云技术和容器的发展,越来越多的基于容器集群的通信负载开始在公有云上运行,通信负载对网络性能要求极高,因此广泛使用 SR-IOV 技术来提升网络的吞吐量和减少抖动,同时降低应用的 CPU 开销 ...
- 记录下自己常用IDEA的配置及插件
注明: 本文为学习记录笔记,不喜勿喷.有问题请留言. 贴一下自己IDEA的配置及插件 一.配置项 Settings: 1.编写代码字体设置: Editor-->Font ...
- 第二篇:kubernetes部署calico网络插件
说明: 总的目标是在k8s集群部署gitlab.jenkins,并且在本地提交代码到gitlab后jenkin流水线可以自动编译打包成为docker镜像然后部署到k8s中并实现客户端外部域名访问,在文 ...
- 09 部署k3s和Helm-Rancher
部署k3s和Helm-Rancher 文章目录 部署k3s和Helm-Rancher 一.部署k3s server节点 1.1 下载安装包 1.2 部署程序 1.3 系统设置 1.3.1 关闭防火墙 ...
- Shell(一):功能、配置和插件
http://www.jianshu.com/p/f51b178237c8 Shell(一):功能.配置和插件 作者 Sam_Lau 关注 2015.05.09 17:25* 字数 2923 ...
最新文章
- UIView常用的一些方法小记之setNeedsDisplay和setNeedsLayout
- boa支持https_Boa: 在 Node.js 中使用 Python
- 网站模糊测试爆破工具Wfuzz
- 天津海尔扫地机器人维修点_女神好帮手!海尔扫地机器人 让生活化繁为简
- 每个程序员都应该经历一次软考
- stm32链接电脑提示无法识别的驱动设备
- centos7安装sftp服务器
- 10树莓派Samba的安装与配置
- SAP社区改版之前的一些截图,怀旧啊
- php flush nginx,Nginx+phpfastcgi下flush输出问题
- Mysql知识总结(二)
- 华为平板电脑_华为MatePad Pro 5G:云游戏、云电脑加持,这台平板不只是平板
- n2n(Pear-to-pear) 内网穿透
- 大野耐一的十条管理训诫|优思学院
- 数据库复杂查询,左联右联 聚合 计数 时间查询等,持续更新
- IT项目经理的基本条件
- 支付宝、微信(pc+h5)支付
- 检测用户中的异常--UEBA方法
- 美团App用户界面分析
- 【基金量化研究系列】大类资产配置研究(一)——股债二八配置策略与股债风险平价策略