一、 环境准备阶段
基本环境:
OS:Centos7.6
Kubernetes:v1.18.20
Docker:19.03.15
查看集群状态:
kubectl get node -o wide
kubectl get pods -n kube-system -owide
二 、配置dns服务端,依次创建namespace、configmap、deployment、svc
- 编写相关资源yaml文件
### 创建namespace
apiVersion: v1
kind: Namespace
metadata:
name: web-coredns
---
### 创建configMap
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: web-coredns
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local. in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
hosts {
### 配置相关解析信息
192.168.10.142 gitlab.zbq.com
10.211.55.19 harbor.zbq.com
10.211.55.20 ntp1.cloud.org
fallthrough
}
forward . "/etc/resolv.conf"
cache 30
loop
reload
loadbalance
}
---
### 创建service
apiVersion: v1
kind: Service
metadata:
name: coredns
namespace: web-coredns
spec:
ports:
- name: dns-udp
nodePort: 20053 #根据实际情况定义宿主机端口
port: 53
protocol: UDP
targetPort: 53
- name: dns-tcp
nodePort: 20053 #根据实际情况定义宿主机端口
port: 53
protocol: TCP
targetPort: 53
selector:
app: coredns
type: NodePort
---
### 创建deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: web-coredns
spec:
replicas: 1
selector:
matchLabels:
app: coredns
template:
metadata:
labels:
app: coredns
spec:
containers:
- name: coredns
image: coredns/coredns:1.9.0
args:
- -conf
- /etc/coredns/Corefile
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
ports:
- containerPort: 53
name: dns-udp
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
- 创建资源,并验证
kubectl apply -f web.yaml
三、配置dns客户端
方法一:通过配置dnsmasq服务
安装服务
yum -y install dnsmasq && rpm -qa | grep dnsmasq
配置服务
添加dns服务端ip及端口
配置解析文件/etc/resolv.conf
nameserver 127.0.0.1
方法二:通过配置iptables服务
添加目的端口nat
iptables -t nat -A OUTPUT -p udp --dport 53 -d 244.254.255.244 -j DNAT --to-destination 192.168.10.141:20053
iptables -t nat -A OUTPUT -p tcp --dport 53 -d 244.254.255.244 -j DNAT --to-destination 192.168.10.141:20053
备注:其中192.168.10.141:20053为服务端地址、端口。244.254.255.244为自定义地址,其实不真实存在。
配置解析文件/etc/resolv.conf
nameserver 244.254.255.244
验证:
ping gitlab.zbq.com