zoukankan      html  css  js  c++  java
  • Kubernets二进制安装(15)之安装部署coredns

    在运维主机上(mfyxw50.mfyxw.com)准备Coredns镜像文件,以docker镜像文件的方式部署到Kubernetes集群中去。

    1.下载coredns镜像

    [root@mfyxw50 ~]# docker pull coredns/coredns:1.6.9
    [root@mfyxw50 ~]# docker tag faac9e62c0d6 harbor.od.com/public/coredns:v1.6.9
    

    image-20200511175719455

    2.将打好标签的coredns上传到私有仓库

    [root@mfyxw50 ~]# docker login harbor.od.com
    [root@mfyxw50 ~]# docker push harbor.od.com/public/coredns:v1.6.9
    

    image-20200511181913003

    3.登录harbor.od.com查看是否上传成功

    登录到https://harbor.od.com,使用用户名:admin 密码:Harbor12345来查看coredns是否上传成功

    image-20200511182251216

    4.提供coredns的yaml文件(通过http方式访问,给nginx提供配置文件)

    在运维主机(mfyxw50.mfyxw.com)执行

    [root@mfyxw50 ~]# cat > /etc/nginx/conf.d/k8s-yaml.od.com.conf << EOF
    server {
        listen       80;
        server_name  k8s-yaml.od.com;
    
        location / {
            autoindex on;
            default_type text/plain;
            root /data/k8s-yaml;
        }
    }
    EOF
    

    image-20200513105912110

    5.创建k8s-yaml目录并重启nginx服务

    在运维主机(mfyxw50.mfyxw.com)上执行如下命令

    以后所有的资源配置清单统一放置在运维主机的/data/k8s-yaml目录下即可

    [root@mfyxw50 ~]# mkdir -p /data/k8s-yaml/coredns
    [root@mfyxw50 ~]# /usr/sbin/nginx -s reload
    

    image-20200513110015016

    6.在DNS的od配置文件添加记录

    在DNS服务器(mfyxw10.mfyxw.com)主机上执行如下命令

    [root@mfyxw10 ~]# cat > /var/named/od.com.zone << EOF
    $ORIGIN od.com.
    $TTL 600   ; 10 minutes
    @       IN  SOA dns.od.com.   dnsadmin.od.com. (
                                 ;序号请加1,表示比之前版本要新
                                 2020031304 ; serial
                                 10800          ; refresh (3 hours)
                                 900              ; retry (15 minutes)
                                 604800         ; expire (1 week)
                                 86400          ; minimum (1 day)
                                  )
                          NS   dns.od.com.
    $TTL 60 ;  1 minute
    dns             A          192.168.80.10
    harbor          A          192.168.80.50   ;添加harbor记录
    k8s-yaml        A          192.168.80.50
    EOF
    

    image-20200513104602520

    7.重启DNS服务

    在DNS服务器(mfyxw10.mfyxw.com)主机执行如下命令

    [root@mfyxw10 ~]# systemctl restart named
    [root@mfyxw10 ~]# ping k8s-yaml.od.com
    

    image-20200513105036020

    8.访问k8s-yaml.od.com/coredns

    image-20200513110109895

    9.为coredns提供yaml文件

    在运维主机(mfyxw50.mfyxw.com)上执行

    rbac.yaml文件内容如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/coredns/rbac.yaml << EOF
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: coredns
      namespace: kube-system
      labels:
          kubernetes.io/cluster-service: "true"
          addonmanager.kubernetes.io/mode: Reconcile
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      labels:
        kubernetes.io/bootstrapping: rbac-defaults
        addonmanager.kubernetes.io/mode: Reconcile
      name: system:coredns
    rules:
    - apiGroups:
      - ""
      resources:
      - endpoints
      - services
      - pods
      - namespaces
      verbs:
      - list
      - watch
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      annotations:
        rbac.authorization.kubernetes.io/autoupdate: "true"
      labels:
        kubernetes.io/bootstrapping: rbac-defaults
        addonmanager.kubernetes.io/mode: EnsureExists
      name: system:coredns
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: system:coredns
    subjects:
    - kind: ServiceAccount
      name: coredns
      namespace: kube-system
    EOF
    

    configMap.yaml文件内容如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/coredns/configMap.yaml << EOF
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: coredns
      namespace: kube-system
    data:
      Corefile: |
        .:53 {
            errors
            log
            health
            ready
            kubernetes cluster.local 172.16.0.0/16
            forward . 192.168.80.10
            cache 30
            loop
            reload
            loadbalance
           }
    EOF
    

    deployment.yaml文件内容如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/coredns/deployment.yaml << EOF
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: coredns
      namespace: kube-system
      labels:
        k8s-app: coredns
        kubernetes.io/name: "CoreDNS"
    spec:
      replicas: 1
      selector:
        matchLabels:
          k8s-app: coredns
      template:
        metadata:
          labels:
            k8s-app: coredns
        spec:
          priorityClassName: system-cluster-critical
          serviceAccountName: coredns
          containers:
          - name: coredns
            image: harbor.od.com/public/coredns:v1.6.9
            args:
            - -conf
            - /etc/coredns/Corefile
            volumeMounts:
            - name: config-volume
              mountPath: /etc/coredns
            ports:
            - containerPort: 53
              name: dns
              protocol: UDP
            - containerPort: 53
              name: dns-tcp
              protocol: TCP
            - containerPort: 9153
              name: metrics
              protocol: TCP
            livenessProbe:
              httpGet:
                path: /health
                port: 8080
                scheme: HTTP
              initialDelaySeconds: 60
              timeoutSeconds: 5
              successThreshold: 1
              failureThreshold: 5
          dnsPolicy: Default
          volumes:
            - name: config-volume
              configMap:
                name: coredns
                items:
                - key: Corefile
                  path: Corefile
    EOF
    

    svc.yaml文件内容如下:

    [root@mfyxw50 ~]# cat > /data/k8s-yaml/coredns/svc.yaml << EOF
    apiVersion: v1
    kind: Service
    metadata:
      name: coredns
      namespace: kube-system
      labels:
        k8s-app: coredns
        kubernetes.io/cluster-service: "true"
        kubernetes.io/name: "CoreDNS"
    spec:
      selector:
        k8s-app: coredns
      clusterIP: 172.16.0.2
      ports:
      - name: dns
        port: 53
        protocol: UDP
      - name: dns-tcp
        port: 53
      - name: metrics
        port: 9153
        protocol: TCP
    EOF
    

    10.执行coredns的yaml文件

    在master主机(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)任意一台执行

    [root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/coredns/rbac.yaml
    [root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/coredns/configMap.yaml
    [root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/coredns/deployment.yaml
    [root@mfyxw30 ~]# kubectl apply -f http://k8s-yaml.od.com/coredns/svc.yaml
    

    image-20200513162436199

    11.在宿主机执行dig命令查询(宿主机查询)

    在master主机(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)任意一台执行

    [root@mfyxw30 ~]# kubectl get svc
    [root@mfyxw30 ~]# dig -t A nginx-ds.default.svc.cluster.local. @172.16.0.2 +short
    [root@mfyxw30 ~]# dig -t A kubernetes.default.svc.cluster.local. @172.16.0.2 +short
    

    image-20200513135057349

    12.使用curl来访问

    在master主机(mfyxw30.mfyxw.com或mfyxw40.mfyxw.com)任意一台执行

    [root@mfyxw30 ~]# curl nginx-ds.default
    [root@mfyxw30 ~]# curl nginx-ds.default.svc.cluster.local
    

    image-20200513162436199

    在集群外面(宿主机上)curl是无法访问到

    进入容器里面curl是否能正常访问到呢?

    [root@mfyxw30 ~]# kubectl get svc
    [root@mfyxw30 ~]# kubectl get pod
    [root@mfyxw30 ~]# kubectl exec -it nginx-ns-8sgh4 -- /bin/bash
    root@nginx-ns-8sgh4:/# curl nginx-ds.default.svc.cluster.local
    

    image-20200513162654106

    image-20200513162743493

    image-20200513162801463

    总结:在集群外面是无法curl到集群里面的svc的,而在容器就能正常使用curl来访问svc名

    可以在每个容器里面,通过查看 cat /etc/resolv.conf可知,search 是代表缺省域

    image-20200513162933174

  • 相关阅读:
    Atitit 集团与个人的完整入口列表 attilax的完整入口 1. 集团与个人的完整入口列表 1 2. 流量入口概念 2 3. 流量入口的历史与发展 2 1.集团与个人的完整入口列表
    atitit 每季度日程表 每季度流程 v3 qaf.docx Ver history V2 add diary cyar data 3 cate V3 fix detail 3cate ,
    Atitit react 详细使用总结 绑定列表显示 attilax总结 1. 前言 1 1.1. 资料数量在百度内的数量对比 1 1.2. 版本16 v15.6.1 1 1.3. 引入js 2
    Atitit r2017 r3 doc list on home ntpc.docx
    Atitit r2017 ra doc list on home ntpc.docx
    Atiitt attilax掌握的前后技术放在简历里面.docx
    Atitit q2016 qa doc list on home ntpc.docx
    Atitit r7 doc list on home ntpc.docx 驱动器 D 中的卷是 p2soft 卷的序列号是 9AD0D3C8 D:\ati\r2017 v3 r01\
    Atitit 可移植性之道attilax著
    Atitit q2016 q5 doc list on home ntpc.docx
  • 原文地址:https://www.cnblogs.com/Heroge/p/12883241.html
Copyright © 2011-2022 走看看