下载kubernetes二进制 yaml文件
kubernetes/CHANGELOG-1.23.md at master · kubernetes/kubernetes · GitHub
分别下载 Source Code Client Binaries Server Binaries Node Binaries 第一个文件
下载完成后 上传到目标机器 并解压
tar zxvf kubernetes-1.23.5-client-darwin-amd64.tar.gz -C /usr/local/src
tar zxvf kubernetes-1.23.5-node-linux-amd64.tar.g -C /usr/local/src
tar zxvf kubernetes-1.23.5-node-linux-amd64.tar.gz -C /usr/local/src
tar zxvf kubernetes-1.23.5-server-linux-amd64.tar.gz -C /usr/local/src
tar zxvf kubernetes-1.23.5 -C /usr/local/src
编写配置文件
cp /usr/local/src/kubernetes/cluster/addons/dns/coredns/coredns.yaml.base /root #复制文件到/目录下
cd
mv coredns.yaml.base coredns.yaml #改名
#[root@master1 ~]# kubectl get pod
#NAME READY STATUS RESTARTS AGE
#net-test1 1/1 Running 1 (119m ago) 17h
#net-test2 1/1 Running 1 (119m ago) 17h
#[root@master1 ~]# kubectl exec -it net-test1 bash
#kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use #kubectl exec [POD] -- [COMMAND] instead.
#[root@net-test1 /]# cat /etc/resolv.conf
#nameserver 10.100.0.2 #记住 这是service 的ip该地址等下要用
#search default.svc.zjx.local svc.zjx.local zjx.local
#options ndots:5
vim coredns.yaml #编辑配置文件 77行 改为kubernetes zjx.local in-addr.arpa ip6.arpa { coredns默认解析 zjx.local 以这个结尾的域名
#编辑82行为 指定本公司内部dns 例如 forward . 223.6.6.6
# cache 30 30秒的缓存。如果 coredns 宕机 30秒内 容器间访问还行超过就不行了
# loop
# reload
# loadbalance
#以上为 缓存设置
#146行 为限制内存使用大小 memory: __DNS__MEMORY__LIMIT__ 改为200Mi 等价于5分之一个cpu 生产中可以添加多个cpu 多加一排 cpu 即可 例如 cpu 2000m 内存可以改为3000Mi
#142行 镜像地址由于国内无法访问,可更改为国内可以访问的地址 例如docker hub地址 image: coredns/coredns:1.8.7
#215行 修改dns地址 为 10.100.0.2
配置文件仅供参考
cat > coredns.yaml <<EOF
# __MACHINE_GENERATED_WARNING__
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes zjx.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
prometheus :9153
forward . 223.6.6.6 {
max_concurrent 1000
}
cache 30
loop
reload
loadbalance
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
# replicas: not specified here:
# 1. In order to make Addon Manager do not reconcile this replicas parameter.
# 2. Default is 1.
# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
priorityClassName: system-cluster-critical
serviceAccountName: coredns
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: k8s-app
operator: In
values: ["kube-dns"]
topologyKey: kubernetes.io/hostname
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
nodeSelector:
kubernetes.io/os: linux
containers:
- name: coredns
image: coredns/coredns:1.8.7
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /ready
port: 8181
scheme: HTTP
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.100.0.2
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
- name: metrics
port: 9153
protocol: TCP
EOF
改好后执行安装
kubectl apply -f coredns.yaml
测试 是否成功
kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default net-test1 1/1 Running 1 (147m ago) 18h
default net-test2 1/1 Running 1 (147m ago) 18h
kube-system calico-kube-controllers-754966f84c-bjlzc 1/1 Running 1 (18h ago) 18h
kube-system calico-node-bpz5z 1/1 Running 2 (18h ago) 18h
kube-system calico-node-lrfzf 1/1 Running 4 (147m ago) 18h
kube-system calico-node-ncws8 1/1 Running 1 (147m ago) 18h
kube-system calico-node-xkwrd 1/1 Running 2 (146m ago) 18h
kube-system coredns-7db6b45f67-k64x6 1/1 Running 0 61s
有以上信息即为成功
开启容器 测试
kubectl exec -it net-test1 bash
ping www.baidu.com #能ping通即可
设置coredns高可用 仅对当前容器生效 其他容器需要重新拉取镜像
kubectl get deployment -n kube-system #查看
kubectl edit deployment coredns -n kube-system 修改
#spec:
# progressDeadlineSeconds: 600
# replicas: 2 该处改为2即可 看生产实际情况 3 4 5.。。
容器里
不同namespace ping
名称.namespace.svc. zjx.local zjx.local 域名后缀
kubectl get svc -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 19h
kube-system kube-dns ClusterIP 10.100.0.2 <none> 53/UDP,53/TCP,9153/TCP 55m
kubectl exec -it net-test1 bash
ping kube-dns.kube-system.svc.zjx.local
PING kube-dns.kube-system.svc.zjx.local (10.100.0.2) 56(84) bytes of data.
64 bytes from kube-dns.kube-system.svc.zjx.local (10.100.0.2): icmp_seq=1 ttl=64 time=30.7 ms
64 bytes from kube-dns.kube-system.svc.zjx.local (10.100.0.2): icmp_seq=2 ttl=64 time=0.052 ms
添加指定域名 DNS解析
myserver.online{ #指定域名
forward.172.11.11.11.11 # 后面跟自己公司的dns
kubectl delete -f coredns.yaml
kubectl apply -f coredns.yaml
kubectl get pod -A -o wide #删了重建在看效果