Skip to content

Commit

Permalink
更新安装coredns的yaml配置和说明
Browse files Browse the repository at this point in the history
  • Loading branch information
gjmzj committed Mar 29, 2018
1 parent 566a374 commit 1e3a88d
Show file tree
Hide file tree
Showing 5 changed files with 340 additions and 18 deletions.
25 changes: 12 additions & 13 deletions docs/guide/kubedns.md
Original file line number Diff line number Diff line change
@@ -1,25 +1,24 @@
## 部署 kubedns
## 部署集群 DNS

kubedns 是 k8s 集群首先需要部署的,集群中的其他 pods 使用它提供域名解析服务;主要可以解析 `集群服务名``Pod hostname`
DNS 是 k8s 集群首先需要部署的,集群中的其他 pods 使用它提供域名解析服务;主要可以解析 `集群服务名 SVC``Pod hostname`目前 k8s v1.9+ 版本可以有两个选择:`kube-dns``coredns`,可以选择其中一个部署安装。

配置文件参考 `https://github.com/kubernetes/kubernetes` 项目目录 `kubernetes/cluster/addons/dns`
### 部署 dns

更新 `kube-dns to 1.14.8`,如果集群中已经运行kubedns插件,请使用`RollingUpdate`如下:
配置文件参考 `https://github.com/kubernetes/kubernetes` 项目目录 `kubernetes/cluster/addons/dns`

```
kubectl set image -n kube-system deploy/kube-dns kubedns=mirrorgooglecontainers/k8s-dns-kube-dns-amd64:1.14.8
kubectl set image -n kube-system deploy/kube-dns dnsmasq=mirrorgooglecontainers/k8s-dns-dnsmasq-nanny-amd64:1.14.8
kubectl set image -n kube-system deploy/kube-dns sidecar=mirrorgooglecontainers/k8s-dns-sidecar-amd64:1.14.8
```
+ 安装

### 安装
``` bash
# 安装 kube-dns
$ kubectl create -f /etc/ansible/manifests/kubedns

**kubectl create -f /etc/ansible/manifests/kubedns/[kubedns.yaml](../../manifests/kubedns/kubedns.yaml)**
# 或者选择安装 coredns
$ kubectl create -f /etc/ansible/manifests/coredns
```

+ 注意deploy中使用的 serviceAccount `kube-dns`,该预定义的 ClusterRoleBinding system:kube-dns 将 kube-system 命名空间的 kube-dns ServiceAccount 与 system:kube-dns ClusterRole 绑定, 因此POD 具有访问 kube-apiserver DNS 相关 API 的权限;
+ 集群 pod默认继承 node的dns 解析,修改 kubelet服务启动参数 --resolv-conf="",可以更改这个特性,详见 kubelet 启动参数

### 验证 kubedns
### 验证 dns服务

新建一个测试nginx服务

Expand Down
160 changes: 160 additions & 0 deletions manifests/coredns/coredns.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,160 @@
# __MACHINE_GENERATED_WARNING__

apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.:53 {
errors
health
kubernetes cluster.local. in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
proxy . /etc/resolv.conf
cache 30
}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: coredns
template:
metadata:
labels:
k8s-app: coredns
spec:
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: "CriticalAddonsOnly"
operator: "Exists"
containers:
- name: coredns
image: coredns/coredns:1.0.6
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: coredns
clusterIP: 10.68.0.2
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
3 changes: 3 additions & 0 deletions roles/deploy/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -121,3 +121,6 @@
- name: 准备 kubedns的部署文件 kubedns.yaml
template: src=kubedns.yaml.j2 dest={{ base_dir }}/manifests/kubedns/kubedns.yaml

# coredns.yaml文件中部分参数根据hosts文件设置而定,因此需要用template模块替换参数
- name: 准备 coredns的部署文件 coredns.yaml
template: src=coredns.yaml.j2 dest={{ base_dir }}/manifests/coredns/coredns.yaml
160 changes: 160 additions & 0 deletions roles/deploy/templates/coredns.yaml.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,160 @@
# __MACHINE_GENERATED_WARNING__

apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.:53 {
errors
health
kubernetes {{ CLUSTER_DNS_DOMAIN }} in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
proxy . /etc/resolv.conf
cache 30
}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: coredns
template:
metadata:
labels:
k8s-app: coredns
spec:
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: "CriticalAddonsOnly"
operator: "Exists"
containers:
- name: coredns
image: coredns/coredns:1.0.6
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: coredns
clusterIP: {{ CLUSTER_DNS_SVC_IP }}
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
10 changes: 5 additions & 5 deletions roles/prepare/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,8 @@
when: ansible_distribution == "Ubuntu"
apt: name={{ item }} state=latest
with_items:
- jq # 轻量JSON处理程序,安装docker查询镜像需要
- nfs-common # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
- jq # 轻量JSON处理程序,安装docker查询镜像需要
- nfs-common # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)

- block:
- name: 删除centos默认安装
Expand All @@ -62,9 +62,9 @@
- name: 安装基础软件包
yum: name={{ item }} state=latest
with_items:
- jq # 轻量JSON处理程序,安装docker查询镜像需要
- psmisc # 安装psmisc 才能使用命令killall,它在keepalive的监测脚本中使用到
- nfs-utils # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
- jq # 轻量JSON处理程序,安装docker查询镜像需要
- psmisc # 安装psmisc 才能使用命令killall,它在keepalive的监测脚本中使用到
- nfs-utils # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
- net-tools
- bash-completion
- name: 临时关闭 selinux
Expand Down

0 comments on commit 1e3a88d

Please sign in to comment.