kubernetes实践之九：kube-dns

一：前言
kube-dns是Kubernetes中的一个内置插件，目前作为一个独立的开源项目维护，见 https://github.com/kubernetes/dns。 通过将 Service 注册到 DNS 中，Kuberentes 可以为我们提供一种简单的服务注册发现与负载均衡方式。至此，别的服务就可以通过名称来访问相关的服务。


Kubernetes DNS pod 中包括 3 个容器：

• kubedns：kubedns 进程监视 Kubernetes master 中的 Service 和 Endpoint 的变化，并维护内存查找结构来服务DNS请求。
• dnsmasq：dnsmasq 容器添加 DNS 缓存以提高性能。
• sidecar：sidecar 容器在执行双重健康检查（针对 dnsmasq 和 kubedns）时提供单个健康检查端点（监听在10054端口）

二： 部署kube-dns
1.配置文件
官方网址下载需要的yaml部署文件： https://github.com/kubernetes/kubernetes/tree/release-1.8/cluster/addons/dns
kubedns-cm.yaml
kubedns-sa.yaml
kubedns-controller.yaml
kubedns-svc.yaml

kubedns-cm.yaml不需要修改

点击(此处)折叠或打开

1. # Copyright 2016 The Kubernetes Authors.
   
2. #
   
3. # Licensed under the Apache License, Version 2.0 (the "License");
   
4. # you may not use this file except in compliance with the License.
   
5. # You may obtain a copy of the License at
   
6. #
   
7. # http://www.apache.org/licenses/LICENSE-2.0
   
8. #
   
9. # Unless required by applicable law or agreed to in writing, software
   
10. # distributed under the License is distributed on an "AS IS" BASIS,
    
11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    
12. # See the License for the specific language governing permissions and
    
13. # limitations under the License.
    
14. 
    
15. apiVersion: v1
    
16. kind: ConfigMap
    
17. metadata:
    
18.   name: kube-dns
    
19.   namespace: kube-system
    
20.   labels:
    
21.     addonmanager.kubernetes.io/mode: EnsureExists

kubedns-sa.yaml不需要修改

点击(此处)折叠或打开

1. apiVersion: v1
   
2. kind: ServiceAccount
   
3. metadata:
   
4.   name: kube-dns
   
5.   namespace: kube-system
   
6.   labels:
   
7.     kubernetes.io/cluster-service: "true"
   
8.     addonmanager.kubernetes.io/mode: Reconcile

kubedns-controller.yaml  主要是$DNS_DOMAIN和image路径的修改

点击(此处)折叠或打开

1. # Copyright 2016 The Kubernetes Authors.
   
2. #
   
3. # Licensed under the Apache License, Version 2.0 (the "License");
   
4. # you may not use this file except in compliance with the License.
   
5. # You may obtain a copy of the License at
   
6. #
   
7. # http://www.apache.org/licenses/LICENSE-2.0
   
8. #
   
9. # Unless required by applicable law or agreed to in writing, software
   
10. # distributed under the License is distributed on an "AS IS" BASIS,
    
11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    
12. # See the License for the specific language governing permissions and
    
13. # limitations under the License.
    
14. 
    
15. # Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
    
16. # in sync with this file.
    
17. 
    
18. # __MACHINE_GENERATED_WARNING__
    
19. 
    
20. apiVersion: extensions/v1beta1
    
21. kind: Deployment
    
22. metadata:
    
23.   name: kube-dns
    
24.   namespace: kube-system
    
25.   labels:
    
26.     k8s-app: kube-dns
    
27.     kubernetes.io/cluster-service: "true"
    
28.     addonmanager.kubernetes.io/mode: Reconcile
    
29. spec:
    
30.   # replicas: not specified here:
    
31.   # 1. In order to make Addon Manager do not reconcile this replicas parameter.
    
32.   # 2. Default is 1.
    
33.   # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
    
34.   strategy:
    
35.     rollingUpdate:
    
36.       maxSurge: 10%
    
37.       maxUnavailable: 0
    
38.   selector:
    
39.     matchLabels:
    
40.       k8s-app: kube-dns
    
41.   template:
    
42.     metadata:
    
43.       labels:
    
44.         k8s-app: kube-dns
    
45.       annotations:
    
46.         scheduler.alpha.kubernetes.io/critical-pod: ''
    
47.     spec:
    
48.       tolerations:
    
49.       - key: "CriticalAddonsOnly"
    
50.         operator: "Exists"
    
51.       volumes:
    
52.       - name: kube-dns-config
    
53.         configMap:
    
54.           name: kube-dns
    
55.           optional: true
    
56.       containers:
    
57.       - name: kubedns
    
58.         image: index.tenxcloud.com/jimmy/k8s-dns-kube-dns-amd64:1.14.1
    
59.         resources:
    
60.           # TODO: Set memory limits when we've profiled the container for large
    
61.           # clusters, then set request = limit to keep this container in
    
62.           # guaranteed class. Currently, this container falls into the
    
63.           # "burstable" category so the kubelet doesn't backoff from restarting it.
    
64.           limits:
    
65.             memory: 170Mi
    
66.           requests:
    
67.             cpu: 100m
    
68.             memory: 70Mi
    
69.         livenessProbe:
    
70.           httpGet:
    
71.             path: /healthcheck/kubedns
    
72.             port: 10054
    
73.             scheme: HTTP
    
74.           initialDelaySeconds: 60
    
75.           timeoutSeconds: 5
    
76.           successThreshold: 1
    
77.           failureThreshold: 5
    
78.         readinessProbe:
    
79.           httpGet:
    
80.             path: /readiness
    
81.             port: 8081
    
82.             scheme: HTTP
    
83.           # we poll on pod startup for the Kubernetes master service and
    
84.           # only setup the /readiness HTTP server once that's available.
    
85.           initialDelaySeconds: 3
    
86.           timeoutSeconds: 5
    
87.         args:
    
88.         - --domain=cluster.local.
    
89.         - --dns-port=10053
    
90.         - --config-dir=/kube-dns-config
    
91.         - --v=2
    
92.         #__PILLAR__FEDERATIONS__DOMAIN__MAP__
    
93.         env:
    
94.         - name: PROMETHEUS_PORT
    
95.           value: "10055"
    
96.         ports:
    
97.         - containerPort: 10053
    
98.           name: dns-local
    
99.           protocol: UDP
    
100.         - containerPort: 10053
     
101.           name: dns-tcp-local
     
102.           protocol: TCP
     
103.         - containerPort: 10055
     
104.           name: metrics
     
105.           protocol: TCP
     
106.         volumeMounts:
     
107.         - name: kube-dns-config
     
108.           mountPath: /kube-dns-config
     
109.       - name: dnsmasq
     
110.         image: index.tenxcloud.com/jimmy/k8s-dns-dnsmasq-nanny-amd64:1.14.1
     
111.         livenessProbe:
     
112.           httpGet:
     
113.             path: /healthcheck/dnsmasq
     
114.             port: 10054
     
115.             scheme: HTTP
     
116.           initialDelaySeconds: 60
     
117.           timeoutSeconds: 5
     
118.           successThreshold: 1
     
119.           failureThreshold: 5
     
120.         args:
     
121.         - -v=2
     
122.         - -logtostderr
     
123.         - -configDir=/etc/k8s/dns/dnsmasq-nanny
     
124.         - -restartDnsmasq=true
     
125.         - --
     
126.         - -k
     
127.         - --cache-size=1000
     
128.         - --log-facility=-
     
129.         - --server=/cluster.local./127.0.0.1#10053
     
130.         - --server=/in-addr.arpa/127.0.0.1#10053
     
131.         - --server=/ip6.arpa/127.0.0.1#10053
     
132.         ports:
     
133.         - containerPort: 53
     
134.           name: dns
     
135.           protocol: UDP
     
136.         - containerPort: 53
     
137.           name: dns-tcp
     
138.           protocol: TCP
     
139.         # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
     
140.         resources:
     
141.           requests:
     
142.             cpu: 150m
     
143.             memory: 20Mi
     
144.         volumeMounts:
     
145.         - name: kube-dns-config
     
146.           mountPath: /etc/k8s/dns/dnsmasq-nanny
     
147.       - name: sidecar
     
148.         image: index.tenxcloud.com/jimmy/k8s-dns-sidecar-amd64:1.14.1
     
149.         livenessProbe:
     
150.           httpGet:
     
151.             path: /metrics
     
152.             port: 10054
     
153.             scheme: HTTP
     
154.           initialDelaySeconds: 60
     
155.           timeoutSeconds: 5
     
156.           successThreshold: 1
     
157.           failureThreshold: 5
     
158.         args:
     
159.         - --v=2
     
160.         - --logtostderr
     
161.         - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local.,5,A
     
162.         - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local.,5,A
     
163.         ports:
     
164.         - containerPort: 10054
     
165.           name: metrics
     
166.           protocol: TCP
     
167.         resources:
     
168.           requests:
     
169.             memory: 20Mi
     
170.             cpu: 10m
     
171.       dnsPolicy: Default # Don't use cluster DNS.
     
172.       serviceAccountName: kube-dns

kubedns-svc.yaml 主要是 clusterIP的修改

点击(此处)折叠或打开

1. # Copyright 2016 The Kubernetes Authors.
   
2. #
   
3. # Licensed under the Apache License, Version 2.0 (the "License");
   
4. # you may not use this file except in compliance with the License.
   
5. # You may obtain a copy of the License at
   
6. #
   
7. # http://www.apache.org/licenses/LICENSE-2.0
   
8. #
   
9. # Unless required by applicable law or agreed to in writing, software
   
10. # distributed under the License is distributed on an "AS IS" BASIS,
    
11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    
12. # See the License for the specific language governing permissions and
    
13. # limitations under the License.
    
14. 
    
15. # __MACHINE_GENERATED_WARNING__
    
16. 
    
17. apiVersion: v1
    
18. kind: Service
    
19. metadata:
    
20.   name: kube-dns
    
21.   namespace: kube-system
    
22.   labels:
    
23.     k8s-app: kube-dns
    
24.     kubernetes.io/cluster-service: "true"
    
25.     addonmanager.kubernetes.io/mode: Reconcile
    
26.     kubernetes.io/name: "KubeDNS"
    
27. spec:
    
28.   selector:
    
29.     k8s-app: kube-dns
    
30.   clusterIP: 10.254.0.2
    
31.   ports:
    
32.   - name: dns
    
33.     port: 53
    
34.     protocol: UDP
    
35.   - name: dns-tcp
    
36.     port: 53
    
37.     protocol: TCP

2. 系统预定义的 RoleBinding
预定义的 RoleBinding system:kube-dns 将 kube-system 命名空间的 kube-dns ServiceAccount 与 system:kube-dns Role 绑定， 该 Role 具 有访问 kube-apiserver DNS 相关 API 的权限；


3.执行相关文件
kubectl create -f .

三：验证

1.创建一个 Deployment
my-nginx.yaml

点击(此处)折叠或打开

1. apiVersion: extensions/v1beta1
   
2. kind: Deployment
   
3. metadata:
   
4.   name: my-nginx
   
5. spec:
   
6.   replicas: 2
   
7.   template:
   
8.     metadata:
   
9.       labels:
   
10.         run: my-nginx
    
11.     spec:
    
12.       containers:
    
13.       - name: my-nginx
    
14.         image: docker.io/nginx
    
15.         ports:
    
16.         - containerPort: 80

kubectl create -f my-nginx.yaml
2. Export 该 Deployment, 生成 my-nginx 服务
kubectl expose deploy my-nginx




3.往其中一个pod中植入ping 工具
kubectl cp /usr/bin/ping my-nginx-58778897c8-c9x2q:/usr/bin/
kubectl cp /usr/lib64/libidn.so.11 my-nginx-58778897c8-c9x2q:/usr/lib/
kubectl cp /usr/lib64/libcrypto.so.10  my-nginx-58778897c8-c9x2q:/usr/lib/
kubectl cp /usr/lib64/libcap.so.2  my-nginx-58778897c8-c9x2q:/usr/lib/

4.进入pod,执行ping命令进行验证

kubectl exec my-nginx-58778897c8-c9x2q -i -t -- /bin/bash
对应的service名称，自动映射到IP。


或者创建一个简单的busybox pod

busybox.yaml

点击(此处)折叠或打开

1. apiVersion: v1
   
2. kind: Pod
   
3. metadata:
   
4.   name: busybox
   
5.   namespace: default
   
6. spec:
   
7.   containers:
   
8.   - image: busybox
   
9.     command:
   
10.       - sleep
    
11.       - "3600"
    
12.     imagePullPolicy: IfNotPresent
    
13.     name: busybox
    
14.   restartPolicy: Always

创建POD
kubectl create - f busybox.yaml
验证
kubectl exec -ti busybox -- nslookup kubernetes.default

点击(此处)折叠或打开

1. Server: 10.0.0.10
   
2. Address 1: 10.0.0.10
   
3. 
   
4. Name: kubernetes.default
   
5. Address 1: 10.0.0.1

验证成功。

如果出现 nslookup: can 't resolve ' kubernetes. default '  则说明DNS有问题，通过日志排查错误。

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/28624388/viewspace-2152243/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/28624388/viewspace-2152243/