k8s v1.9.9 二进制部署 （9）部署coredns

创建存放yaml文件的目录并创建yaml文件。

mkdir /root/pod

cd /root/pod

vim coredns.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

 name: coredns

 namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRole

metadata:

 labels:

   kubernetes.io/bootstrapping: rbac-defaults

 name: system:coredns

rules:

- apiGroups:

 - ""

 resources:

 - endpoints

 - services

 - pods

 - namespaces

 verbs:

 - list

 - watch

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

 annotations:

   rbac.authorization.kubernetes.io/autoupdate: "true"

 labels:

   kubernetes.io/bootstrapping: rbac-defaults

 name: system:coredns

roleRef:

 apiGroup: rbac.authorization.k8s.io

 kind: ClusterRole

 name: system:coredns

subjects:

- kind: ServiceAccount

 name: coredns

 namespace: kube-system

---

apiVersion: v1

kind: ConfigMap

metadata:

 name: coredns

 namespace: kube-system

data:

 Corefile: |

   .:53 {

       errors

       health

       kubernetes cluster.local 10.254.0.0/16 {

         pods insecure

         upstream

         fallthrough in-addr.arpa ip6.arpa

       }

       prometheus :9153

       proxy . /etc/resolv.conf

       cache 30

       reload

       loadbalance

   }

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

 name: coredns

 namespace: kube-system

 labels:

   k8s-app: kube-dns

   kubernetes.io/name: "CoreDNS"

spec:

 replicas: 1

 strategy:

   type: RollingUpdate

   rollingUpdate:

     maxUnavailable: 1

 selector:

   matchLabels:

     k8s-app: kube-dns

 template:

   metadata:

     labels:

       k8s-app: kube-dns

   spec:

     serviceAccountName: coredns

     tolerations:

       - key: "CriticalAddonsOnly"

         operator: "Exists"

     containers:

     - name: coredns

       image: 192.168.7.131:5000/coredns:v1.2  #写入自己的仓库地址，或者用公网的。

       imagePullPolicy: IfNotPresent

       args: [ "-conf", "/etc/coredns/Corefile" ]

       volumeMounts:

       - name: config-volume

         mountPath: /etc/coredns

         readOnly: true

       ports:

       - containerPort: 53

         name: dns

         protocol: UDP

       - containerPort: 53

         name: dns-tcp

         protocol: TCP

       - containerPort: 9153

         name: metrics

         protocol: TCP

       securityContext:

         allowPrivilegeEscalation: false

         capabilities:

           add:

           - NET_BIND_SERVICE

           drop:

           - all

         readOnlyRootFilesystem: true

       livenessProbe:

         httpGet:

           path: /health

           port: 8080

           scheme: HTTP

         initialDelaySeconds: 60

         timeoutSeconds: 5

         successThreshold: 1

         failureThreshold: 5

     dnsPolicy: Default

     volumes:

       - name: config-volume

         configMap:

           name: coredns

           items:

           - key: Corefile

             path: Corefile

---

apiVersion: v1

kind: Service

metadata:

 name: kube-dns

 namespace: kube-system

 annotations:

   prometheus.io/port: "9153"

   prometheus.io/scrape: "true"

 labels:

   k8s-app: kube-dns

   kubernetes.io/cluster-service: "true"

   kubernetes.io/name: "CoreDNS"

spec:

 selector:

   k8s-app: kube-dns

 clusterIP: 10.254.10.20

 ports:

 - name: dns

   port: 53

   protocol: UDP

 - name: dns-tcp

   port: 53

   protocol: TCP

 

$kubectl create -f coredns.yaml

$kubectl get pod -n kube-system -o wide