kubernetes實踐之九:kube-dns

百聯達發表於2018-03-26
DNS
一:前言
kube-dns是Kubernetes中的一個內建外掛,目前作為一個獨立的開源專案維護,見https://github.com/kubernetes/dns。通過將 Service 註冊到 DNS 中,Kuberentes 可以為我們提供一種簡單的服務註冊發現與負載均衡方式。至此,別的服務就可以通過名稱來訪問相關的服務。


Kubernetes DNS pod 中包括 3 個容器:
  • kubednskubedns 程式監視 Kubernetes master 中的 Service 和 Endpoint 的變化,並維護記憶體查詢結構來服務DNS請求。
  • dnsmasqdnsmasq 容器新增 DNS 快取以提高效能。
  • sidecarsidecar 容器在執行雙重健康檢查(針對 dnsmasq 和 kubedns)時提供單個健康檢查端點(監聽在10054埠)

二: 部署kube-dns
1.配置檔案
官方網址下載需要的yaml部署檔案:https://github.com/kubernetes/kubernetes/tree/release-1.8/cluster/addons/dns
kubedns-cm.yaml
kubedns-sa.yaml
kubedns-controller.yaml
kubedns-svc.yaml

kubedns-cm.yaml不需要修改

點選(此處)摺疊或開啟

  1. # Copyright 2016 The Kubernetes Authors.
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.

  15. apiVersion: v1
  16. kind: ConfigMap
  17. metadata:
  18.   name: kube-dns
  19.   namespace: kube-system
  20.   labels:
  21.     addonmanager.kubernetes.io/mode: EnsureExists
kubedns-sa.yaml不需要修改

點選(此處)摺疊或開啟

  1. apiVersion: v1
  2. kind: ServiceAccount
  3. metadata:
  4.   name: kube-dns
  5.   namespace: kube-system
  6.   labels:
  7.     kubernetes.io/cluster-service: "true"
  8.     addonmanager.kubernetes.io/mode: Reconcile
kubedns-controller.yaml  主要是$DNS_DOMAIN和image路徑的修改

點選(此處)摺疊或開啟

  1. # Copyright 2016 The Kubernetes Authors.
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.

  15. # Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
  16. # in sync with this file.

  18. # __MACHINE_GENERATED_WARNING__

  20. apiVersion: extensions/v1beta1
  21. kind: Deployment
  22. metadata:
  23.   name: kube-dns
  24.   namespace: kube-system
  25.   labels:
  26.     k8s-app: kube-dns
  27.     kubernetes.io/cluster-service: "true"
  28.     addonmanager.kubernetes.io/mode: Reconcile
  29. spec:
  30.   # replicas: not specified here:
  31.   # 1. In order to make Addon Manager do not reconcile this replicas parameter.
  32.   # 2. Default is 1.
  33.   # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
  34.   strategy:
  35.     rollingUpdate:
  36.       maxSurge: 10%
  37.       maxUnavailable: 0
  38.   selector:
  39.     matchLabels:
  40.       k8s-app: kube-dns
  41.   template:
  42.     metadata:
  43.       labels:
  44.         k8s-app: kube-dns
  45.       annotations:
  46.         scheduler.alpha.kubernetes.io/critical-pod: ''
  47.     spec:
  48.       tolerations:
  49.       - key: "CriticalAddonsOnly"
  50.         operator: "Exists"
  51.       volumes:
  52.       - name: kube-dns-config
  53.         configMap:
  54.           name: kube-dns
  55.           optional: true
  56.       containers:
  57.       - name: kubedns
  58.         image: index.tenxcloud.com/jimmy/k8s-dns-kube-dns-amd64:1.14.1
  59.         resources:
  60.           # TODO: Set memory limits when we've profiled the container for large
  61.           # clusters, then set request = limit to keep this container in
  62.           # guaranteed class. Currently, this container falls into the
  63.           # "burstable" category so the kubelet doesn't backoff from restarting it.
  64.           limits:
  65.             memory: 170Mi
  66.           requests:
  67.             cpu: 100m
  68.             memory: 70Mi
  69.         livenessProbe:
  70.           httpGet:
  71.             path: /healthcheck/kubedns
  72.             port: 10054
  73.             scheme: HTTP
  74.           initialDelaySeconds: 60
  75.           timeoutSeconds: 5
  76.           successThreshold: 1
  77.           failureThreshold: 5
  78.         readinessProbe:
  79.           httpGet:
  80.             path: /readiness
  81.             port: 8081
  82.             scheme: HTTP
  83.           # we poll on pod startup for the Kubernetes master service and
  84.           # only setup the /readiness HTTP server once that's available.
  85.           initialDelaySeconds: 3
  86.           timeoutSeconds: 5
  87.         args:
  88.         - --domain=cluster.local.
  89.         - --dns-port=10053
  90.         - --config-dir=/kube-dns-config
  91.         - --v=2
  92.         #__PILLAR__FEDERATIONS__DOMAIN__MAP__
  93.         env:
  94.         - name: PROMETHEUS_PORT
  95.           value: "10055"
  96.         ports:
  97.         - containerPort: 10053
  98.           name: dns-local
  99.           protocol: UDP
  100.         - containerPort: 10053
  101.           name: dns-tcp-local
  102.           protocol: TCP
  103.         - containerPort: 10055
  104.           name: metrics
  105.           protocol: TCP
  106.         volumeMounts:
  107.         - name: kube-dns-config
  108.           mountPath: /kube-dns-config
  109.       - name: dnsmasq
  110.         image: index.tenxcloud.com/jimmy/k8s-dns-dnsmasq-nanny-amd64:1.14.1
  111.         livenessProbe:
  112.           httpGet:
  113.             path: /healthcheck/dnsmasq
  114.             port: 10054
  115.             scheme: HTTP
  116.           initialDelaySeconds: 60
  117.           timeoutSeconds: 5
  118.           successThreshold: 1
  119.           failureThreshold: 5
  120.         args:
  121.         - -v=2
  122.         - -logtostderr
  123.         - -configDir=/etc/k8s/dns/dnsmasq-nanny
  124.         - -restartDnsmasq=true
  125.         - --
  126.         - -k
  127.         - --cache-size=1000
  128.         - --log-facility=-
  129.         - --server=/cluster.local./127.0.0.1#10053
  130.         - --server=/in-addr.arpa/127.0.0.1#10053
  131.         - --server=/ip6.arpa/127.0.0.1#10053
  132.         ports:
  133.         - containerPort: 53
  134.           name: dns
  135.           protocol: UDP
  136.         - containerPort: 53
  137.           name: dns-tcp
  138.           protocol: TCP
  139.         # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
  140.         resources:
  141.           requests:
  142.             cpu: 150m
  143.             memory: 20Mi
  144.         volumeMounts:
  145.         - name: kube-dns-config
  146.           mountPath: /etc/k8s/dns/dnsmasq-nanny
  147.       - name: sidecar
  148.         image: index.tenxcloud.com/jimmy/k8s-dns-sidecar-amd64:1.14.1
  149.         livenessProbe:
  150.           httpGet:
  151.             path: /metrics
  152.             port: 10054
  153.             scheme: HTTP
  154.           initialDelaySeconds: 60
  155.           timeoutSeconds: 5
  156.           successThreshold: 1
  157.           failureThreshold: 5
  158.         args:
  159.         - --v=2
  160.         - --logtostderr
  161.         - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local.,5,A
  162.         - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local.,5,A
  163.         ports:
  164.         - containerPort: 10054
  165.           name: metrics
  166.           protocol: TCP
  167.         resources:
  168.           requests:
  169.             memory: 20Mi
  170.             cpu: 10m
  171.       dnsPolicy: Default # Don't use cluster DNS.
  172.       serviceAccountName: kube-dns
kubedns-svc.yaml 主要是 clusterIP的修改

點選(此處)摺疊或開啟

  1. # Copyright 2016 The Kubernetes Authors.
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.

  15. # __MACHINE_GENERATED_WARNING__

  17. apiVersion: v1
  18. kind: Service
  19. metadata:
  20.   name: kube-dns
  21.   namespace: kube-system
  22.   labels:
  23.     k8s-app: kube-dns
  24.     kubernetes.io/cluster-service: "true"
  25.     addonmanager.kubernetes.io/mode: Reconcile
  26.     kubernetes.io/name: "KubeDNS"
  27. spec:
  28.   selector:
  29.     k8s-app: kube-dns
  30.   clusterIP: 10.254.0.2
  31.   ports:
  32.   - name: dns
  33.     port: 53
  34.     protocol: UDP
  35.   - name: dns-tcp
  36.     port: 53
  37.     protocol: TCP
2.系統預定義的 RoleBinding
預定義的 RoleBinding system:kube-dns 將 kube-system 名稱空間的kube-dns ServiceAccount 與 system:kube-dns Role 繫結, 該 Role 具有訪問 kube-apiserver DNS 相關 API 的許可權;


3.執行相關檔案
kubectl create -f .

三:驗證

1.建立一個Deployment
my-nginx.yaml

點選(此處)摺疊或開啟

  1. apiVersion: extensions/v1beta1
  2. kind: Deployment
  3. metadata:
  4.   name: my-nginx
  5. spec:
  6.   replicas: 2
  7.   template:
  8.     metadata:
  9.       labels:
  10.         run: my-nginx
  11.     spec:
  12.       containers:
  13.       - name: my-nginx
  14.         image: docker.io/nginx
  15.         ports:
  16.         - containerPort: 80
kubectl create -f my-nginx.yaml
2.Export 該 Deployment, 生成 my-nginx 服務
kubectl expose deploy my-nginx




3.往其中一個pod中植入ping 工具
kubectl cp /usr/bin/ping my-nginx-58778897c8-c9x2q:/usr/bin/
kubectl cp /usr/lib64/libidn.so.11 my-nginx-58778897c8-c9x2q:/usr/lib/
kubectl cp /usr/lib64/libcrypto.so.10  my-nginx-58778897c8-c9x2q:/usr/lib/
kubectl cp /usr/lib64/libcap.so.2  my-nginx-58778897c8-c9x2q:/usr/lib/

4.進入pod,執行ping命令進行驗證

kubectl exec my-nginx-58778897c8-c9x2q -i -t -- /bin/bash
對應的service名稱,自動對映到IP。


或者建立一個簡單的busybox pod

busybox.yaml

點選(此處)摺疊或開啟

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   name: busybox
  5.   namespace: default
  6. spec:
  7.   containers:
  8.   - image: busybox
  9.     command:
  10.       - sleep
  11.       - "3600"
  12.     imagePullPolicy: IfNotPresent
  13.     name: busybox
  14.   restartPolicy: Always
建立POD
kubectl create -f busybox.yaml
驗證
kubectl exec -ti busybox -- nslookup kubernetes.default


點選(此處)摺疊或開啟

  1. Server: 10.0.0.10
  2. Address 1: 10.0.0.10

  4. Name: kubernetes.default
  5. Address 1: 10.0.0.1
驗證成功。

如果出現nslookup: can't resolve 'kubernetes.default'  則說明DNS有問題,通過日誌排查錯誤。



來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/28624388/viewspace-2152243/,如需轉載,請註明出處,否則將追究法律責任。

相關文章