第三课：部署Coredns服务

12. 部署DNS（master01）

12.1 部署coredns

mkdir -p /root/dns && cd /root/dns
kubectl create -f coredns.yaml

[root@master01 dns]# kubectl create -f coredns.yaml
serviceaccount/coredns created
clusterrole.rbac.authorization.k8s.io/system:coredns created
clusterrolebinding.rbac.authorization.k8s.io/system:coredns created
configmap/coredns created
deployment.extensions/coredns created
service/coredns created
[root@master01 dns]# kubectl get pods
No resources found.
[root@master01 dns]# kubectl get pod -A
NAMESPACE     NAME                       READY   STATUS              RESTARTS   AGE
kube-system   coredns-66db855d4d-l2h66   0/1     ContainerCreating   0          13s


[root@master01 dns]# kubectl get pod -n kube-system
NAME                       READY   STATUS    RESTARTS   AGE
coredns-66db855d4d-l2h66   1/1     Running   0          116s

[root@master01 dns]# kubectl describe pod coredns-66db855d4d-l2h66 -n kube-system

12.2 查看svc

[root@master01 dns]#  kubectl get svc -o wide -n=kube-system
NAME      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE    SELECTOR
coredns   ClusterIP   10.0.0.2     <none>        53/UDP,53/TCP,9153/TCP   3m8s   k8s-app=coredns

12.3 验证DNS是否有效

12.3.1 启动dnstools容器

kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools

[root@master01 config]# kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
If you don't see a command prompt, try pressing enter.
Error attaching, falling back to logs: unable to upgrade connection: Forbidden (user=system:anonymous, verb=create, resource=nodes, subresource=proxy)
pod "dnstools" deleted
Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy) ( pods/log dnstools)

出现错误Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy) ( pods/log dnstools)的解决方法

kubectl create clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:anonymous

[root@master01 config]# kubectl create clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:anonymous
clusterrolebinding.rbac.authorization.k8s.io/system:anonymous created

重新创建dnstools

kubectl delete pod dnstools
kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools

创建成功可以测试dns解析
dns解析的是svc（service）的name，而不是pod的name。

dnstools# nslookup www.baidu.com
Server:         10.0.0.2
Address:        10.0.0.2#53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com.
Name:   www.a.shifen.com
Address: 61.135.169.121
Name:   www.a.shifen.com
Address: 61.135.169.125
Name:   www.a.shifen.com
Address: 2408:80f0:410c:1c::ff:b00e:347f
Name:   www.a.shifen.com
Address: 2408:80f0:410c:1d::ff:b07a:39af

12.3.2 创建nginx容器测试dns解析

kubectl run nginx --image=nginx --replicas=2
kubectl expose deployment nginx --port=88 --target-port=80 --type=NodePort

12.3.3 查看svc

kubectl get svc
[root@master01 ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.0.0.1     <none>        443/TCP        11h
nginx        NodePort    10.0.0.156   <none>        88:31836/TCP   7s

12.3.4 测试解析nginx

通过我们安装的dns服务，可以解析同一个namespace下其他服务。
解析名规则：[SVC-name].[namespace].svc.clouster.local

dnstools# nslookup nginx
Server:         10.0.0.2
Address:        10.0.0.2#53

Name:   nginx.default.svc.cluster.local
Address: 10.0.0.156