coredns部署(服务发现插件)
服务发现就是服务(应用)之间相互定位的过程
服务发现并非云计算时代独有的,传统的单体架构也有
服务(应用)的动态性强
服务(应用)更新发布频繁
服务(应用)支持自动伸缩
在K8S集群里,pod的ip是不断变化的,如何以不变应万变
抽象出了service资源,通过标签选择器,关联一组pod
抽象出了集群网络,通过相对固定的 “集群IP”,使服务接入点固
自动关联service资源的 “名称” 和 “集群网络IP”,从而达到服务被集群自动发现的目的
部署K8S的内网资源配置清单http服务
rstx-53上:
vim /etc/nginx/conf.d/k8s-yaml.rongbiz.cn.conf
server {
listen 80;
server_name k8s-yaml.rongbiz.cn;
location / {
autoindex on;
default_type text/plain;
root /data/k8s-yaml;
}
}
nginx -s reload
k8s-yaml A 192.168.1.53
mkdir -p /data/k8s-yaml
docker pull coredns/coredns:1.7.0
docker tag bfe3a36ebd25 harbor.rongbiz.cn/public/coredns:v1.7.0
docker push harbor.rongbiz.cn/public/coredns:v1.7.0
mkdir /data/k8s-yaml/coredns -p
创建coredns配置文件
定义集群角色
cat rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
创建配置文件
cat cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
errors
log
health
ready
kubernetes cluster.local 10.254.0.0/16
forward . 192.168.1.201
cache 30
loop
reload
loadbalance
}
创建pod控制器
cat dp.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/name: "CoreDNS"
spec:
replicas: 1
selector:
matchLabels:
k8s-app: coredns
template:
metadata:
labels:
k8s-app: coredns
spec:
priorityClassName: system-cluster-critical
serviceAccountName: coredns
containers:
- name: coredns
image: harbor.rongbiz.cn/public/coredns:v1.7.0
args:
- -conf
- /etc/coredns/Corefile
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
创建svc资源
cat svc.yaml
apiVersion: v1
kind: Service
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: coredns
clusterIP: 10.254.0.2
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
- name: metrics
port: 9153
protocol: TCP
部署coredns
kubectl apply -f http://k8s-yaml.rongbiz.cn/coredns/rbac.yaml
kubectl apply -f http://k8s-yaml.rongbiz.cn/coredns/cm.yaml
kubectl apply -f http://k8s-yaml.rongbiz.cn/coredns/dp.yaml
kubectl apply -f http://k8s-yaml.rongbiz.cn/coredns/svc.yaml
验证
dig -t A kubernetes.default.svc.cluster.local. @10.254.0.2 +short
10.254.0.1