kubernetes实践之九:kube-dns

一:前言
kube-dns是Kubernetes中的一个内置插件,目前作为一个独立的开源项目维护,见 https://github.com/kubernetes/dns。 通过将 Service 注册到 DNS 中,Kuberentes 可以为我们提供一种简单的服务注册发现与负载均衡方式。至此,别的服务就可以通过名称来访问相关的服务。


Kubernetes DNS pod 中包括 3 个容器:
  • kubednskubedns 进程监视 Kubernetes master 中的 Service 和 Endpoint 的变化,并维护内存查找结构来服务DNS请求。
  • dnsmasqdnsmasq 容器添加 DNS 缓存以提高性能。
  • sidecarsidecar 容器在执行双重健康检查(针对 dnsmasq 和 kubedns)时提供单个健康检查端点(监听在10054端口)

二: 部署kube-dns
1.配置文件
官方网址下载需要的yaml部署文件: https://github.com/kubernetes/kubernetes/tree/release-1.8/cluster/addons/dns
kubedns-cm.yaml
kubedns-sa.yaml
kubedns-controller.yaml
kubedns-svc.yaml

kubedns-cm.yaml不需要修改

点击(此处)折叠或打开

  1. # Copyright 2016 The Kubernetes Authors.
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.

  14. apiVersion: v1
  15. kind: ConfigMap
  16. metadata:
  17.   name: kube-dns
  18.   namespace: kube-system
  19.   labels:
  20.     addonmanager.kubernetes.io/mode: EnsureExists
kubedns-sa.yaml不需要修改

点击(此处)折叠或打开

  1. apiVersion: v1
  2. kind: ServiceAccount
  3. metadata:
  4.   name: kube-dns
  5.   namespace: kube-system
  6.   labels:
  7.     kubernetes.io/cluster-service: "true"
  8.     addonmanager.kubernetes.io/mode: Reconcile
kubedns-controller.yaml  主要是$DNS_DOMAIN和image路径的修改

点击(此处)折叠或打开

  1. # Copyright 2016 The Kubernetes Authors.
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.

  14. # Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
  15. # in sync with this file.

  16. # __MACHINE_GENERATED_WARNING__

  17. apiVersion: extensions/v1beta1
  18. kind: Deployment
  19. metadata:
  20.   name: kube-dns
  21.   namespace: kube-system
  22.   labels:
  23.     k8s-app: kube-dns
  24.     kubernetes.io/cluster-service: "true"
  25.     addonmanager.kubernetes.io/mode: Reconcile
  26. spec:
  27.   # replicas: not specified here:
  28.   # 1. In order to make Addon Manager do not reconcile this replicas parameter.
  29.   # 2. Default is 1.
  30.   # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
  31.   strategy:
  32.     rollingUpdate:
  33.       maxSurge: 10%
  34.       maxUnavailable: 0
  35.   selector:
  36.     matchLabels:
  37.       k8s-app: kube-dns
  38.   template:
  39.     metadata:
  40.       labels:
  41.         k8s-app: kube-dns
  42.       annotations:
  43.         scheduler.alpha.kubernetes.io/critical-pod: ''
  44.     spec:
  45.       tolerations:
  46.       - key: "CriticalAddonsOnly"
  47.         operator: "Exists"
  48.       volumes:
  49.       - name: kube-dns-config
  50.         configMap:
  51.           name: kube-dns
  52.           optional: true
  53.       containers:
  54.       - name: kubedns
  55.         image: index.tenxcloud.com/jimmy/k8s-dns-kube-dns-amd64:1.14.1
  56.         resources:
  57.           # TODO: Set memory limits when we've profiled the container for large
  58.           # clusters, then set request = limit to keep this container in
  59.           # guaranteed class. Currently, this container falls into the
  60.           # "burstable" category so the kubelet doesn't backoff from restarting it.
  61.           limits:
  62.             memory: 170Mi
  63.           requests:
  64.             cpu: 100m
  65.             memory: 70Mi
  66.         livenessProbe:
  67.           httpGet:
  68.             path: /healthcheck/kubedns
  69.             port: 10054
  70.             scheme: HTTP
  71.           initialDelaySeconds: 60
  72.           timeoutSeconds: 5
  73.           successThreshold: 1
  74.           failureThreshold: 5
  75.         readinessProbe:
  76.           httpGet:
  77.             path: /readiness
  78.             port: 8081
  79.             scheme: HTTP
  80.           # we poll on pod startup for the Kubernetes master service and
  81.           # only setup the /readiness HTTP server once that's available.
  82.           initialDelaySeconds: 3
  83.           timeoutSeconds: 5
  84.         args:
  85.         - --domain=cluster.local.
  86.         - --dns-port=10053
  87.         - --config-dir=/kube-dns-config
  88.         - --v=2
  89.         #__PILLAR__FEDERATIONS__DOMAIN__MAP__
  90.         env:
  91.         - name: PROMETHEUS_PORT
  92.           value: "10055"
  93.         ports:
  94.         - containerPort: 10053
  95.           name: dns-local
  96.           protocol: UDP
  97.         - containerPort: 10053
  98.           name: dns-tcp-local
  99.           protocol: TCP
  100.         - containerPort: 10055
  101.           name: metrics
  102.           protocol: TCP
  103.         volumeMounts:
  104.         - name: kube-dns-config
  105.           mountPath: /kube-dns-config
  106.       - name: dnsmasq
  107.         image: index.tenxcloud.com/jimmy/k8s-dns-dnsmasq-nanny-amd64:1.14.1
  108.         livenessProbe:
  109.           httpGet:
  110.             path: /healthcheck/dnsmasq
  111.             port: 10054
  112.             scheme: HTTP
  113.           initialDelaySeconds: 60
  114.           timeoutSeconds: 5
  115.           successThreshold: 1
  116.           failureThreshold: 5
  117.         args:
  118.         - -v=2
  119.         - -logtostderr
  120.         - -configDir=/etc/k8s/dns/dnsmasq-nanny
  121.         - -restartDnsmasq=true
  122.         - --
  123.         - -k
  124.         - --cache-size=1000
  125.         - --log-facility=-
  126.         - --server=/cluster.local./127.0.0.1#10053
  127.         - --server=/in-addr.arpa/127.0.0.1#10053
  128.         - --server=/ip6.arpa/127.0.0.1#10053
  129.         ports:
  130.         - containerPort: 53
  131.           name: dns
  132.           protocol: UDP
  133.         - containerPort: 53
  134.           name: dns-tcp
  135.           protocol: TCP
  136.         # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
  137.         resources:
  138.           requests:
  139.             cpu: 150m
  140.             memory: 20Mi
  141.         volumeMounts:
  142.         - name: kube-dns-config
  143.           mountPath: /etc/k8s/dns/dnsmasq-nanny
  144.       - name: sidecar
  145.         image: index.tenxcloud.com/jimmy/k8s-dns-sidecar-amd64:1.14.1
  146.         livenessProbe:
  147.           httpGet:
  148.             path: /metrics
  149.             port: 10054
  150.             scheme: HTTP
  151.           initialDelaySeconds: 60
  152.           timeoutSeconds: 5
  153.           successThreshold: 1
  154.           failureThreshold: 5
  155.         args:
  156.         - --v=2
  157.         - --logtostderr
  158.         - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local.,5,A
  159.         - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local.,5,A
  160.         ports:
  161.         - containerPort: 10054
  162.           name: metrics
  163.           protocol: TCP
  164.         resources:
  165.           requests:
  166.             memory: 20Mi
  167.             cpu: 10m
  168.       dnsPolicy: Default # Don't use cluster DNS.
  169.       serviceAccountName: kube-dns
kubedns-svc.yaml 主要是 clusterIP的修改

点击(此处)折叠或打开

  1. # Copyright 2016 The Kubernetes Authors.
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.

  14. # __MACHINE_GENERATED_WARNING__

  15. apiVersion: v1
  16. kind: Service
  17. metadata:
  18.   name: kube-dns
  19.   namespace: kube-system
  20.   labels:
  21.     k8s-app: kube-dns
  22.     kubernetes.io/cluster-service: "true"
  23.     addonmanager.kubernetes.io/mode: Reconcile
  24.     kubernetes.io/name: "KubeDNS"
  25. spec:
  26.   selector:
  27.     k8s-app: kube-dns
  28.   clusterIP: 10.254.0.2
  29.   ports:
  30.   - name: dns
  31.     port: 53
  32.     protocol: UDP
  33.   - name: dns-tcp
  34.     port: 53
  35.     protocol: TCP
2. 系统预定义的 RoleBinding
预定义的 RoleBinding system:kube-dns 将 kube-system 命名空间的 kube-dns ServiceAccount 与 system:kube-dns Role 绑定, 该 Role 具 有访问 kube-apiserver DNS 相关 API 的权限;


3.执行相关文件
kubectl create -f .

三:验证

1.创建一个 Deployment
my-nginx.yaml

点击(此处)折叠或打开

  1. apiVersion: extensions/v1beta1
  2. kind: Deployment
  3. metadata:
  4.   name: my-nginx
  5. spec:
  6.   replicas: 2
  7.   template:
  8.     metadata:
  9.       labels:
  10.         run: my-nginx
  11.     spec:
  12.       containers:
  13.       - name: my-nginx
  14.         image: docker.io/nginx
  15.         ports:
  16.         - containerPort: 80
kubectl create -f my-nginx.yaml
2. Export 该 Deployment, 生成 my-nginx 服务
kubectl expose deploy my-nginx




3.往其中一个pod中植入ping 工具
kubectl cp /usr/bin/ping my-nginx-58778897c8-c9x2q:/usr/bin/
kubectl cp /usr/lib64/libidn.so.11 my-nginx-58778897c8-c9x2q:/usr/lib/
kubectl cp /usr/lib64/libcrypto.so.10  my-nginx-58778897c8-c9x2q:/usr/lib/
kubectl cp /usr/lib64/libcap.so.2  my-nginx-58778897c8-c9x2q:/usr/lib/

4.进入pod,执行ping命令进行验证

kubectl exec my-nginx-58778897c8-c9x2q -i -t -- /bin/bash
对应的service名称,自动映射到IP。


或者创建一个简单的busybox pod

busybox.yaml

点击(此处)折叠或打开

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   name: busybox
  5.   namespace: default
  6. spec:
  7.   containers:
  8.   - image: busybox
  9.     command:
  10.       - sleep
  11.       - "3600"
  12.     imagePullPolicy: IfNotPresent
  13.     name: busybox
  14.   restartPolicy: Always
创建POD
kubectl create - f busybox.yaml
验证
kubectl exec -ti busybox -- nslookup kubernetes.default


点击(此处)折叠或打开

  1. Server: 10.0.0.10
  2. Address 1: 10.0.0.10

  3. Name: kubernetes.default
  4. Address 1: 10.0.0.1
验证成功。

如果出现 nslookup: can 't resolve ' kubernetes. default '  则说明DNS有问题,通过日志排查错误。



来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/28624388/viewspace-2152243/,如需转载,请注明出处,否则将追究法律责任。

转载于:http://blog.itpub.net/28624388/viewspace-2152243/

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值