Kubernetes部署DNS
前言
阅读地址 http://thoreauz.com/2017/04/16/docker/Kubernetes%E9%83%A8%E7%BD%B2DNS%E5%92%8CDashboard/
Kubernetes中的dns是什么?
k8s的服务发现有两种,第一种是基于环境变量,第二种是基于DNS。
第一种环境变量
1.比如生成个pod的容器,默认情况,外部是不能访问容器内部的。
2.我们生成service的资源对象,绑定第一步的pod容器,后生成的pod容器的环境变量会增加第一步的service生成的集群IP。
3.这种方式缺点明显,第一个pod容器是找不到后面pod容器生成的service对象。
第二种基于DNS.
1.首先整个kube-dns的容器,它负责去获取service对应的服务
2.再整个kube-dnsmasq-amd64:1.4容器,它是个dns服务端
3.第一步检测的service的变化就自动更新到第二部的dns服务端
4.其他业务容器启动时的dns指定第二步容器的集群IP,我们可以通过cat /etc/resolv.conf 查看是否生效.
实战,如果按照作者的方法去做,dns一会就死了,改进版
1.线生成kube-dns和kube-dnsmasq容器的配置文件skydns-rc.yaml
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: kube-dns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" spec: # replicas: not specified here: # 1. In order to make Addon Manager do not reconcile this replicas parameter. # 2. Default is 1. # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. strategy: rollingUpdate: maxSurge: 10% maxUnavailable: 0 selector: matchLabels: k8s-app: kube-dns template: metadata: labels: k8s-app: kube-dns annotations: scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' spec: containers: - name: kubedns # image: gcr.io/google_containers/kubedns-amd64:1.9 image: registry.cn-hangzhou.aliyuncs.com/google-containers/kubedns-amd64:1.9 args: # - --domain=cluster.local. - --domain=cluster.local. - --dns-port=10053 - --config-map=kube-dns # This should be set to v=2 only after the new image (cut from 1.5) has # been released, otherwise we will flood the logs. - --v=2 - --kube-master-url=http://192.168.122.94:8080 # 指定api env: - name: PROMETHEUS_PORT value: "10055" ports: - containerPort: 10053 name: dns-local protocol: UDP - containerPort: 10053 name: dns-tcp-local protocol: TCP - containerPort: 10055 name: metrics protocol: TCP - name: dnsmasq # image: gcr.io/google_containers/kube-dnsmasq-amd64:1.4.1 image: registry.cn-hangzhou.aliyuncs.com/google-containers/kube-dnsmasq-amd64:1.4 args: - --cache-size=1000 - --no-resolv - --server=127.0.0.1#10053 # - --log-facility=- ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
2.生成service,容器内部通过集群IP来访问dns,这里固定了个集群IP地址,不然会动态生成一个。配置文件名skydns-svc.yaml
apiVersion: v1 kind: Service metadata: name: kube-dns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" kubernetes.io/name: "KubeDNS" spec: selector: k8s-app: kube-dns # clusterIP: $DNS_SERVER_IP clusterIP: 10.10.10.254 ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53 protocol: TCP
3.启动
kubectl create -f skydns-rc.yaml
kubectl create -f skydns-svc.yaml
4.修改各个node节点的kubelet配置并重启
vim /etc/kubernetes/kubelet
# 添加这一行
KUBELET_ARGS="--cluster_dns=10.254.0.100 --cluster_domain=cluster.local"
systemctl restart kubelet
5.验证
所有pod容器重新生成,进入容器检测 cat /etc/resolv.conf 配置的dns是否有集群IP
