Coredns 解析组件

15. Coredns

#这原先使用的一个v1.24.3的源码包 里面有提供对应的YAML修改之后即可使用

root@deploy-harbor:~/nginx-tomcat-case# cp ../kubernetes-v1.24.3/kubernetes/cluster/addons/dns/coredns/coredns.yaml.base .

#查看以下coredns的地址 好填写到配置文件中
root@deploy-harbor:~# kubectl get svc -A
NAMESPACE   NAME                          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
default     kubernetes                    ClusterIP   10.100.0.1       <none>        443/TCP                      2d21h
linux60     linux60-tomcat-app1-service   NodePort    10.100.31.84     <none>        80:30005/TCP                 10m
myserver    kube-dns                      ClusterIP   10.100.0.2       <none>        53/UDP,53/TCP,9153/TCP       6m49s
myserver    linux70-nginx-service         NodePort    10.100.142.118   <none>        80:30004/TCP,443:30443/TCP   10m


15.1 更改后的calico配置文件

#先打标签上传一下
docker tag easzlab.io.local:5000/coredns/coredns:1.9.3 harbor.nbrhce.com/baseimages/coredns:1.9.3
docker push harbor.nbrhce.com/baseimages/coredns:1.9.3

root@deploy-harbor:~/nginx-tomcat-case# cat coredns-1.9.3.yaml 
# __MACHINE_GENERATED_WARNING__

apiVersion: v1
kind: ServiceAccount
metadata:
  name: coredns
  namespace: myserver
  labels:
      kubernetes.io/cluster-service: "true"
      addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: Reconcile
  name: system:coredns
rules:
- apiGroups:
  - ""
  resources:
  - endpoints
  - services
  - pods
  - namespaces
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
- apiGroups:
  - discovery.k8s.io
  resources:
  - endpointslices
  verbs:
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: EnsureExists
  name: system:coredns
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:coredns
subjects:
- kind: ServiceAccount
  name: coredns
  namespace: myserver
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: myserver
  labels:
      addonmanager.kubernetes.io/mode: EnsureExists
data:
  Corefile: |
    .:53 {
        errors
        health {
            lameduck 5s
        }
        ready
 #这里的大写换成你ansible里hosts文件的 DO MAIN 所写的 内容 我这里写的是cluster.local
        kubernetes cluster.local in-addr.arpa ip6.arpa {
            pods insecure
            fallthrough in-addr.arpa ip6.arpa
            ttl 30
        }
        prometheus :9153
        forward . /etc/resolv.conf {
            max_concurrent 1000
        }
        cache 30
        loop
        reload
        loadbalance
    }
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: coredns
  namespace: myserver
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    kubernetes.io/name: "CoreDNS"
spec:
  # replicas: not specified here:
  # 1. In order to make Addon Manager do not reconcile this replicas parameter.
  # 2. Default is 1.
  # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
  selector:
    matchLabels:
      k8s-app: kube-dns
  template:
    metadata:
      labels:
        k8s-app: kube-dns
    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      priorityClassName: system-cluster-critical
      serviceAccountName: coredns
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                  - key: k8s-app
                    operator: In
                    values: ["kube-dns"]
              topologyKey: kubernetes.io/hostname
      tolerations:
        - key: "CriticalAddonsOnly"
          operator: "Exists"
      nodeSelector:
        kubernetes.io/os: linux
      containers:
      - name: coredns
        image: harbor.nbrhce.com/baseimages/coredns:1.9.3
        imagePullPolicy: IfNotPresent
        resources:
          limits:
 #真正生产4G
 #cpu 2核
            memory: 256Mi
            cpu: 200m
          requests:
            cpu: 100m
            memory: 70Mi
        args: [ "-conf", "/etc/coredns/Corefile" ]
        volumeMounts:
        - name: config-volume
          mountPath: /etc/coredns
          readOnly: true
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        - containerPort: 9153
          name: metrics
          protocol: TCP
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        readinessProbe:
          httpGet:
            path: /ready
            port: 8181
            scheme: HTTP
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            add:
            - NET_BIND_SERVICE
            drop:
            - all
          readOnlyRootFilesystem: true
      dnsPolicy: Default
      volumes:
        - name: config-volume
          configMap:
            name: coredns
            items:
            - key: Corefile
              path: Corefile
---
apiVersion: v1
kind: Service
metadata:
  name: kube-dns
  namespace: myserver
  annotations:
    prometheus.io/port: "9153"
    prometheus.io/scrape: "true"
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    kubernetes.io/name: "CoreDNS"
spec:
  selector:
    k8s-app: kube-dns
  #这里设置一下kube-coredns的IP地址 他是集群中的第二个svc的地址
  clusterIP: 10.100.0.2
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
    protocol: TCP
  - name: metrics
    port: 9153
    protocol: TCP
  • 然后链接到一个容器中去访问一下百度
root@deploy-harbor:~# kubectl exec -it -n myserver net-test1 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
[root@net-test1 /]# cat /etc/resolv.conf 
search myserver.svc.cluster.local svc.cluster.local cluster.local mydomain otherdomain
nameserver 10.100.0.2
options ndots:5
[root@net-test1 /]# ping www.baidu.com
PING www.a.shifen.com (110.242.68.3) 56(84) bytes of data.
64 bytes from 110.242.68.3 (110.242.68.3): icmp_seq=1 ttl=127 time=11.6 ms
64 bytes from 110.242.68.3 (110.242.68.3): icmp_seq=2 ttl=127 time=11.6 ms
64 bytes from 110.242.68.3 (110.242.68.3): icmp_seq=3 ttl=127 time=11.7 ms
64 bytes from 110.242.68.3 (110.242.68.3): icmp_seq=4 ttl=127 time=11.7 ms
64 bytes from 110.242.68.3 (110.242.68.3): icmp_seq=5 ttl=127 time=11.7 ms

15.2 CoreDNS-Plugin

#在coredns配置文件中一些输出的信息
root@deploy-harbor:~/nginx-tomcat-case# vim coredns-1.9.3.yaml 
  Corefile: |
    .:53 {
        errors
        health {
            lameduck 5s
        }
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
            pods insecure
            fallthrough in-addr.arpa ip6.arpa
            ttl 30
        }
        prometheus :9153
        forward . /etc/resolv.conf {
            max_concurrent 1000
        }
        cache 30
        loop
        reload
        loadbalance
    }
    
  errors: 错误信息标准输出
  health:在CoreDNS的 http://localhost:8080/health 端口提供CoreDNS服务的健康报告
  
  ready:监听8181端口,当coredns的插件都已就绪时,访问该接口会返回200OK
  
  kubernetes: CoreDNS将基于kubernetes service name进行DNS查询并返回查询记录给客户端
  
  prometheus: CoreDNS的度量指标数据以Prometheus的key-value的格式在http://localhost:9153/metrics URI上提供
  
  forward:不是Kubernetes集群内的其它任何域名查询都将转发到预定义的目的server,如(/etc/resolv.conf或IP(如8.8.8.8))
  
  cache:启用service解析缓存单位为秒
  
  loop:检测域名解析是否有死循环,如coredns转发给内网DNS服务器,而内网DNS服务器又转发给coredns,如果发现解析时死循环,则强制中止CoreDNS进程(Kubernetes会重建)
  
  reload:检测corefile是否更改,在重新编辑configmap配置后,默认2分钟后会优雅的自动加载
  
  loadbalance: 轮询DNS域名解析,如果一个域名存在多个记录则轮询解析

15.3 kube-coredns解析流程

#api-server是集群中第一个svc
#kube-coredns是集群中第二个svc
root@deploy-harbor:~# kubectl get svc -A
NAMESPACE              NAME                          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
default                kubernetes                    ClusterIP   10.100.0.1       <none>        443/TCP                      3d
myserver               kube-dns                      ClusterIP   10.100.0.2       <none>        53/UDP,53/TCP,9153/TCP       3h36m

posted @ 2022-12-05 21:41  YIDADA-SRE  阅读(68)  评论(0编辑  收藏  举报