zoukankan      html  css  js  c++  java

  • Kubernets二进制安装(15)之安装部署coredns

    在运维主机上(mfyxw50.mfyxw.com)准备Coredns镜像文件,以docker镜像文件的方式部署到Kubernetes集群中去。

    1.下载coredns镜像

    [root@mfyxw50 ~]# docker pull coredns/coredns:1.6.9
[root@mfyxw50 ~]# docker tag faac9e62c0d6 harbor.od.com/public/coredns:v1.6.9

    image-20200511175719455

    2.将打好标签的coredns上传到私有仓库

    [root@mfyxw50 ~]# docker login harbor.od.com
[root@mfyxw50 ~]# docker push harbor.od.com/public/coredns:v1.6.9

    image-20200511181913003

    3.登录harbor.od.com查看是否上传成功

    登录到https://harbor.od.com,使用用户名:admin 密码:Harbor12345来查看coredns是否上传成功

    image-20200511182251216

    4.提供coredns的yaml文件(通过http方式访问,给nginx提供配置文件)

    在运维主机(mfyxw50.mfyxw.com)执行

    [root@mfyxw50 ~]# cat > /etc/nginx/conf.d/k8s-yaml.od.com.conf << EOF
server {
    listen       80;
    server_name  k8s-yaml.od.com;

    location / {
        autoindex on;
        default_type text/plain;
        root /data/k8s-yaml;
    }
}
EOF

    image-20200513105912110

    5.创建k8s-yaml目录并重启nginx服务

    在运维主机(mfyxw50.mfyxw.com)上执行如下命令

    以后所有的资源配置清单统一放置在运维主机的/data/k8s-yaml目录下即可

    [root@mfyxw50 ~]# mkdir -p /data/k8s-yaml/coredns
[root@mfyxw50 ~]# /usr/sbin/nginx -s reload

    image-20200513110015016

    6.在DNS的od配置文件添加记录

    在DNS服务器(mfyxw10.mfyxw.com)主机上执行如下命令

    [root@mfyxw10 ~]# cat > /var/named/od.com.zone << EOF
$ORIGIN od.com.
$TTL 600   ; 10 minutes
@       IN  SOA dns.od.com.   dnsadmin.od.com. (
                             ;序号请加1,表示比之前版本要新
                             2020031304 ; serial
                             10800          ; refresh (3 hours)
                             900              ; retry (15 minutes)
                             604800         ; expire (1 week)
                             86400          ; minimum (1 day)
                              )
                      NS   dns.od.com.
$TTL 60 ;  1 minute
dns             A          192.168.80.10
harbor          A          192.168.80.50   ;添加harbor记录
k8s-yaml        A          192.168.80.50
EOF

    image-20200513104602520

    7.重启DNS服务

    在DNS服务器(mfyxw10.mfyxw.com)主机执行如下命令

    [root@mfyxw10 ~]# systemctl restart named
[root@mfyxw10 ~]# ping k8s-yaml.od.com

    image-20200513105036020

    8.访问k8s-yaml.od.com/coredns

    image-20200513110109895

    9.为coredns提供yaml文件

    在运维主机(mfyxw50.mfyxw.com)上执行

    rbac.yaml文件内容如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/coredns/rbac.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: coredns
  namespace: kube-system
  labels:
      kubernetes.io/cluster-service: "true"
      addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: Reconcile
  name: system:coredns
rules:
- apiGroups:
  - ""
  resources:
  - endpoints
  - services
  - pods
  - namespaces
  verbs:
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: EnsureExists
  name: system:coredns
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:coredns
subjects:
- kind: ServiceAccount
  name: coredns
  namespace: kube-system
EOF

    configMap.yaml文件内容如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/coredns/configMap.yaml << EOF
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        errors
        log
        health
        ready
        kubernetes cluster.local 172.16.0.0/16
        forward . 192.168.80.10
        cache 30
        loop
        reload
        loadbalance
       }
EOF

    deployment.yaml文件内容如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/coredns/deployment.yaml << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: coredns
    kubernetes.io/name: "CoreDNS"
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: coredns
  template:
    metadata:
      labels:
        k8s-app: coredns
    spec:
      priorityClassName: system-cluster-critical
      serviceAccountName: coredns
      containers:
      - name: coredns
        image: harbor.od.com/public/coredns:v1.6.9
        args:
        - -conf
        - /etc/coredns/Corefile
        volumeMounts:
        - name: config-volume
          mountPath: /etc/coredns
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        - containerPort: 9153
          name: metrics
          protocol: TCP
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
      dnsPolicy: Default
      volumes:
        - name: config-volume
          configMap:
            name: coredns
            items:
            - key: Corefile
              path: Corefile
EOF

    svc.yaml文件内容如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/coredns/svc.yaml << EOF
apiVersion: v1
kind: Service
metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: coredns
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "CoreDNS"
spec:
  selector:
    k8s-app: coredns
  clusterIP: 172.16.0.2
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
  - name: metrics
    port: 9153
    protocol: TCP
EOF

    10.执行coredns的yaml文件

    在master主机(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)任意一台执行

    [root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/coredns/rbac.yaml
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/coredns/configMap.yaml
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/coredns/deployment.yaml
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/coredns/svc.yaml

    image-20200513162436199

    11.在宿主机执行dig命令查询(宿主机查询)

    在master主机(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)任意一台执行

    [root@mfyxw30 ~]# kubectl get svc
[root@mfyxw30 ~]# dig -t A nginx-ds.default.svc.cluster.local. @172.16.0.2 +short
[root@mfyxw30 ~]# dig -t A kubernetes.default.svc.cluster.local. @172.16.0.2 +short

    image-20200513135057349

    12.使用curl来访问

    在master主机(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)任意一台执行

    [root@mfyxw30 ~]# curl nginx-ds.default
[root@mfyxw30 ~]# curl nginx-ds.default.svc.cluster.local

    image-20200513162436199

    在集群外面(宿主机上)curl是无法访问到

    进入容器里面curl是否能正常访问到呢?

    [root@mfyxw30 ~]# kubectl get svc
[root@mfyxw30 ~]# kubectl get pod
[root@mfyxw30 ~]# kubectl exec -it nginx-ns-8sgh4 -- /bin/bash
root@nginx-ns-8sgh4:/# curl nginx-ds.default.svc.cluster.local

    image-20200513162654106

    image-20200513162743493

    image-20200513162801463

    总结:在集群外面是无法curl到集群里面的svc的,而在容器就能正常使用curl来访问svc名

    可以在每个容器里面,通过查看 cat /etc/resolv.conf可知,search 是代表缺省域

    image-20200513162933174
  • 相关阅读:
    Atitit 集团与个人的完整入口列表 attilax的完整入口 1. 集团与个人的完整入口列表 1 2. 流量入口概念 2 3. 流量入口的历史与发展 2 1.集团与个人的完整入口列表
    atitit 每季度日程表 每季度流程 v3 qaf.docx Ver history V2 add diary cyar data 3 cate V3 fix detail 3cate ,
    Atitit react 详细使用总结 绑定列表显示 attilax总结 1. 前言 1 1.1. 资料数量在百度内的数量对比 1 1.2. 版本16 v15.6.1 1 1.3. 引入js 2
    Atitit r2017 r3 doc list on home ntpc.docx
    Atitit r2017 ra doc list on home ntpc.docx
    Atiitt attilax掌握的前后技术放在简历里面.docx
    Atitit q2016 qa doc list on home ntpc.docx
    Atitit r7 doc list on home ntpc.docx 驱动器 D 中的卷是 p2soft 卷的序列号是 9AD0D3C8 D:\ati\r2017 v3 r01\
    Atitit 可移植性之道attilax著
    Atitit q2016 q5 doc list on home ntpc.docx
  • 原文地址:https://www.cnblogs.com/Heroge/p/12883241.html
Copyright © 2011-2022 走看看