zoukankan      html  css  js  c++  java

  • Kubernets二进制安装(15)之安装部署coredns

    在运维主机上(mfyxw50.mfyxw.com)准备Coredns镜像文件,以docker镜像文件的方式部署到Kubernetes集群中去。

    1.下载coredns镜像

    [root@mfyxw50 ~]# docker pull coredns/coredns:1.6.9
[root@mfyxw50 ~]# docker tag faac9e62c0d6 harbor.od.com/public/coredns:v1.6.9

    image-20200511175719455

    2.将打好标签的coredns上传到私有仓库

    [root@mfyxw50 ~]# docker login harbor.od.com
[root@mfyxw50 ~]# docker push harbor.od.com/public/coredns:v1.6.9

    image-20200511181913003

    3.登录harbor.od.com查看是否上传成功

    登录到https://harbor.od.com,使用用户名:admin 密码:Harbor12345来查看coredns是否上传成功

    image-20200511182251216

    4.提供coredns的yaml文件(通过http方式访问,给nginx提供配置文件)

    在运维主机(mfyxw50.mfyxw.com)执行

    [root@mfyxw50 ~]# cat > /etc/nginx/conf.d/k8s-yaml.od.com.conf << EOF
server {
    listen       80;
    server_name  k8s-yaml.od.com;

    location / {
        autoindex on;
        default_type text/plain;
        root /data/k8s-yaml;
    }
}
EOF

    image-20200513105912110

    5.创建k8s-yaml目录并重启nginx服务

    在运维主机(mfyxw50.mfyxw.com)上执行如下命令

    以后所有的资源配置清单统一放置在运维主机的/data/k8s-yaml目录下即可

    [root@mfyxw50 ~]# mkdir -p /data/k8s-yaml/coredns
[root@mfyxw50 ~]# /usr/sbin/nginx -s reload

    image-20200513110015016

    6.在DNS的od配置文件添加记录

    在DNS服务器(mfyxw10.mfyxw.com)主机上执行如下命令

    [root@mfyxw10 ~]# cat > /var/named/od.com.zone << EOF
$ORIGIN od.com.
$TTL 600   ; 10 minutes
@       IN  SOA dns.od.com.   dnsadmin.od.com. (
                             ;序号请加1,表示比之前版本要新
                             2020031304 ; serial
                             10800          ; refresh (3 hours)
                             900              ; retry (15 minutes)
                             604800         ; expire (1 week)
                             86400          ; minimum (1 day)
                              )
                      NS   dns.od.com.
$TTL 60 ;  1 minute
dns             A          192.168.80.10
harbor          A          192.168.80.50   ;添加harbor记录
k8s-yaml        A          192.168.80.50
EOF

    image-20200513104602520

    7.重启DNS服务

    在DNS服务器(mfyxw10.mfyxw.com)主机执行如下命令

    [root@mfyxw10 ~]# systemctl restart named
[root@mfyxw10 ~]# ping k8s-yaml.od.com

    image-20200513105036020

    8.访问k8s-yaml.od.com/coredns

    image-20200513110109895

    9.为coredns提供yaml文件

    在运维主机(mfyxw50.mfyxw.com)上执行

    rbac.yaml文件内容如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/coredns/rbac.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: coredns
  namespace: kube-system
  labels:
      kubernetes.io/cluster-service: "true"
      addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: Reconcile
  name: system:coredns
rules:
- apiGroups:
  - ""
  resources:
  - endpoints
  - services
  - pods
  - namespaces
  verbs:
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: EnsureExists
  name: system:coredns
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:coredns
subjects:
- kind: ServiceAccount
  name: coredns
  namespace: kube-system
EOF

    configMap.yaml文件内容如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/coredns/configMap.yaml << EOF
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        errors
        log
        health
        ready
        kubernetes cluster.local 172.16.0.0/16
        forward . 192.168.80.10
        cache 30
        loop
        reload
        loadbalance
       }
EOF

    deployment.yaml文件内容如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/coredns/deployment.yaml << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: coredns
    kubernetes.io/name: "CoreDNS"
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: coredns
  template:
    metadata:
      labels:
        k8s-app: coredns
    spec:
      priorityClassName: system-cluster-critical
      serviceAccountName: coredns
      containers:
      - name: coredns
        image: harbor.od.com/public/coredns:v1.6.9
        args:
        - -conf
        - /etc/coredns/Corefile
        volumeMounts:
        - name: config-volume
          mountPath: /etc/coredns
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        - containerPort: 9153
          name: metrics
          protocol: TCP
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
      dnsPolicy: Default
      volumes:
        - name: config-volume
          configMap:
            name: coredns
            items:
            - key: Corefile
              path: Corefile
EOF

    svc.yaml文件内容如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/coredns/svc.yaml << EOF
apiVersion: v1
kind: Service
metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: coredns
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "CoreDNS"
spec:
  selector:
    k8s-app: coredns
  clusterIP: 172.16.0.2
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
  - name: metrics
    port: 9153
    protocol: TCP
EOF

    10.执行coredns的yaml文件

    在master主机(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)任意一台执行

    [root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/coredns/rbac.yaml
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/coredns/configMap.yaml
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/coredns/deployment.yaml
[root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/coredns/svc.yaml

    image-20200513162436199

    11.在宿主机执行dig命令查询(宿主机查询)

    在master主机(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)任意一台执行

    [root@mfyxw30 ~]# kubectl get svc
[root@mfyxw30 ~]# dig -t A nginx-ds.default.svc.cluster.local. @172.16.0.2 +short
[root@mfyxw30 ~]# dig -t A kubernetes.default.svc.cluster.local. @172.16.0.2 +short

    image-20200513135057349

    12.使用curl来访问

    在master主机(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)任意一台执行

    [root@mfyxw30 ~]# curl nginx-ds.default
[root@mfyxw30 ~]# curl nginx-ds.default.svc.cluster.local

    image-20200513162436199

    在集群外面(宿主机上)curl是无法访问到

    进入容器里面curl是否能正常访问到呢?

    [root@mfyxw30 ~]# kubectl get svc
[root@mfyxw30 ~]# kubectl get pod
[root@mfyxw30 ~]# kubectl exec -it nginx-ns-8sgh4 -- /bin/bash
root@nginx-ns-8sgh4:/# curl nginx-ds.default.svc.cluster.local

    image-20200513162654106

    image-20200513162743493

    image-20200513162801463

    总结:在集群外面是无法curl到集群里面的svc的,而在容器就能正常使用curl来访问svc名

    可以在每个容器里面,通过查看 cat /etc/resolv.conf可知,search 是代表缺省域

    image-20200513162933174
  • 相关阅读:
    js基础学习
    线程安全与锁
    JS浏览器检测工具方法、url参数读取
    【转载】JS时间工具类收藏(时间转换、倒计时)
    使用JQuery插件Jcrop进行图片截取
    记录小文件上传的几个例子(含进度条效果,附源码下载)
    T-SQL分页查询语句
    记录JavaScript中使用keyup事件做输入验证(附event.keyCode表)
    知识记录:ASP.NET 应用程序生命周期概述及Global.asax文件中的事件
    记录FormsAuthentication的使用方法
  • 原文地址:https://www.cnblogs.com/Heroge/p/12883241.html
Copyright © 2011-2022 走看看