欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

kubernetes1.5.2--部署DNS服务

程序员文章站 2022-07-13 21:30:24
...

本文基于kubernetes 1.5.2版本编写

在kubernetes1.2之前,采用skydns+kube2dns+etcd的方式来部署dns。而从1.3开始,则部署方式有了一点儿变化,将skydns和kube2dns封装到了一个容器镜像中,放弃了etcd,而将dns解析直接放入到了内存之中,同时引入了dnsmasq,进一步利用其缓存。

使用DaemonSet方式部署,在每台宿主机上均有一个DNS服务。

使用http方式访问api server

cat skydns-rc.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: kube-dns
  namespace: kube-system
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
spec:
  template:
    metadata:
      labels:
        k8s-app: kube-dns
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
    spec:
      containers:
      - name: kubedns
        image: docker.io/googlecontainer/kubedns-amd64:1.9
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            memory: 170Mi
          requests:
            cpu: 100m
            memory: 70Mi
        livenessProbe:
          httpGet:
            path: /healthz-kubedns
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        readinessProbe:
          httpGet:
            path: /readiness
            port: 8081
            scheme: HTTP
          initialDelaySeconds: 3
          timeoutSeconds: 5
        args:
        - --domain=lykops.net.
        #域名
        - --dns-port=10053
        - --config-map=kube-dns
        - --kube-master-url=http://192.168.20.128:8080
        - --v=0
        env:
        - name: PROMETHEUS_PORT
          value: "10055"
        ports:
        - containerPort: 10053
          name: dns-local
          protocol: UDP
        - containerPort: 10053
          name: dns-tcp-local
          protocol: TCP
        - containerPort: 10055
          name: metrics
          protocol: TCP
      - name: dnsmasq
        image: docker.io/googlecontainer/kube-dnsmasq-amd64:1.4.1
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
            path: /healthz-dnsmasq
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        args:
        - --cache-size=1000
        - --no-resolv
        - --server=127.0.0.1#10053
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        resources:
          requests:
            cpu: 150m
            memory: 10Mi
      - name: dnsmasq-metrics
        image:  docker.io/googlecontainer/dnsmasq-metrics-amd64:1.0.1
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
            path: /metrics
            port: 10054
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        args:
        - --v=2
        - --logtostderr
        ports:
        - containerPort: 10054
          name: metrics
          protocol: TCP
        resources:
          requests:
            memory: 10Mi
      - name: healthz
        image: docker.io/googlecontainer/exechealthz-amd64:1.2
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            memory: 50Mi
          requests:
            cpu: 10m
            memory: 50Mi
        args:
        - --cmd=nslookup kubernetes.default.svc.lykops.net 127.0.0.1 >/dev/null
        - --url=/healthz-dnsmasq
        - --cmd=nslookup kubernetes.default.svc.lykops.net 127.0.0.1:10053 >/dev/null
        - --url=/healthz-kubedns
        - --port=8080
        - --quiet
        ports:
        - containerPort: 8080
          protocol: TCP
      dnsPolicy: Default

kubectl create -f skydns-rc.yaml 

使用https方式访问apiserver接口

cat skydns-rc.yaml
......
        args:
        - --domain=lykops.net.
        - --dns-port=10053
        - --config-map=kube-dns
        - --kube-master-url=https://192.168.20.128:6443
        #这里修改为https
        - --kubecfg-file=/etc/kubernetes/kubelet-config
        #添加认证信息配置文件
        - --v=0
        #挂载认证需要的信息配置文件和证书
        volumeMounts:
        - name: config
          mountPath: /etc/kubernetes/kubelet-config
          readOnly: True
        - name: certs
          mountPath: /etc/ssl/kube
          readOnly: True
        env:
        - name: PROMETHEUS_PORT
          value: "10055"
      .......
      #挂载宿主机的信息配置文件和证书
      volumes:
      - name: certs
        hostPath:
          path: /etc/ssl/kube
      - name: config
        hostPath:
          path: /etc/kubernetes/kubelet-config
      dnsPolicy: Default

kubectl create -f skydns-rc.yaml

配置service

cat skydns-svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: kube-dns
  namespace: kube-system
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "KubeDNS"
spec:
  selector:
    k8s-app: kube-dns
  clusterIP: 172.17.114.114
  #固定IP地址
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
protocol: TCP

kubectl create -f skydns-svc.yaml

配置kubelet--实现服务发现

等待服务部署完成,在集群宿主机上执行telnet 172.17.114.114 53,能通表示部署完成

在客户端上执行修改/etc/kubernetes/kubelet

KUBELET_ARGS="--cluster-domain=lykops.net --cluster_dns=172.17.114.114"

重启服务

service kubelet restart