一：簡介
1.Kubernetes包括用於服務發現的DNS伺服器Kube-DNS。該DNS伺服器利用SkyDNS的庫來為Kubernetes pod和服務提供DNS請求。SkyDNS2的作者，Miek Gieben，建立了一個新的DNS伺服器，CoreDNS，它採用更模組化，可擴充套件的框架構建。 Infoblox已經與Miek合作，將此DNS伺服器作為Kube-DNS的替代品。
2.CoreDNS利用作為Web伺服器Caddy的一部分而開發的伺服器框架。該框架具有非常靈活，可擴充套件的模型，用於透過各種中介軟體元件傳遞請求。這些中介軟體元件根據請求提供不同的操作，例如記錄，重定向，修改或維護。雖然它一開始作為Web伺服器，但是Caddy並不是專門針對HTTP協議的，而是構建了一個基於CoreDNS的理想框架。
3.在這種靈活的模型中新增對Kubernetes的支援，相當於建立了一個Kubernetes中介軟體。該中介軟體使用Kubernetes API來滿足針對特定Kubernetes pod或服務的DNS請求。而且由於Kube-DNS作為Kubernetes的另一項服務，kubelet和Kube-DNS之間沒有緊密的繫結。您只需要將DNS服務的IP地址和域名傳遞給kubelet，而Kubernetes並不關心誰在實際處理該IP請求。
4.CoreDNS可以在具有標準的Kube-DNS的Kubernetes叢集中執行。作為Kubernetes 的外掛使用，CoreDNS將從 Kubernetes叢集中讀取區（zone）資料。它實現了為Kubernetes的DNS服務發現定義的規範：。

二：部署

部署CoreDNS需要使用到官方提供的兩個檔案 deploy.sh和coredns.yaml.sed

1.deploy.sh 是一個用於在已經執行kube-dns的叢集中生成執行CoreDNS部署檔案（manifest）的工具指令碼。它使用 coredns.yaml.sed檔案作為模板，建立一個ConfigMap和CoreDNS的deployment，然後更新叢集中已有的kube-dns 服務的selector使用CoreDNS的deployment。重用已有的服務並不會在服務的請求中發生衝突。

2.deploy.sh檔案並不會刪除kube-dns的deployment或者replication controller。如果要刪除kube-dns，你必須在部署CoreDNS後手動的刪除kube-dns。

3.使用CoreDNS替換Kube-DNS只需要使用下面的兩個命令：

點選(此處)摺疊或開啟

$ ./deploy.sh | kubectl apply -f -
$ kubectl delete --namespace=kube-system deployment kube-dns

4.deploy.sh()

點選(此處)摺疊或開啟

#!/bin/bash
# Deploys CoreDNS to a cluster currently running Kube-DNS.
show_help () {
cat << USAGE
usage: $0 [ -r REVERSE-CIDR ] [ -i DNS-IP ] [ -d CLUSTER-DOMAIN ] [ -t YAML-TEMPLATE ]
-r : Define a reverse zone for the given CIDR. You may specifcy this option more
than once to add multiple reverse zones. If no reverse CIDRs are defined,
then the default is to handle all reverse zones (i.e. in-addr.arpa and ip6.arpa)
-i : Specify the cluster DNS IP address. If not specificed, the IP address of
the existing "kube-dns" service is used, if present.
USAGE
exit 0
}
# Simple Defaults
CLUSTER_DOMAIN=cluster.local
YAML_TEMPLATE=`pwd`/coredns.yaml.sed
# Get Opts
while getopts "hr:i:d:t:" opt; do
case "$opt" in
h) show_help
;;
r) REVERSE_CIDRS="$REVERSE_CIDRS $OPTARG"
;;
i) CLUSTER_DNS_IP=$OPTARG
;;
d) CLUSTER_DOMAIN=$OPTARG
;;
t) YAML_TEMPLATE=$OPTARG
;;
esac
done
# Conditional Defaults
if [[ -z $REVERSE_CIDRS ]]; then
REVERSE_CIDRS="in-addr.arpa ip6.arpa"
fi
if [[ -z $CLUSTER_DNS_IP ]]; then
# Default IP to kube-dns IP
CLUSTER_DNS_IP=$(kubectl get service --namespace kube-system kube-dns -o jsonpath="{.spec.clusterIP}")
if [ $? -ne 0 ]; then
>&2 echo "Error! The IP address for DNS service couldn't be determined automatically. Please specify the DNS-IP with the '-i' option."
exit 2
fi
fi
sed -e s/CLUSTER_DNS_IP/$CLUSTER_DNS_IP/g -e s/CLUSTER_DOMAIN/$CLUSTER_DOMAIN/g -e "s?REVERSE_CIDRS?$REVERSE_CIDRS?g" $YAML_TEMPLATE

5.coredns.yaml.sed

點選(此處)摺疊或開啟

apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
errors
health
kubernetes CLUSTER_DOMAIN REVERSE_CIDRS {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
proxy . /etc/resolv.conf
cache 30
reload
}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/name: "CoreDNS"
spec:
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
spec:
serviceAccountName: coredns
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
containers:
- name: coredns
image: coredns/coredns:1.1.3
imagePullPolicy: IfNotPresent
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: CLUSTER_DNS_IP
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP

三：備註
對於非RBAC部署，你需要編輯生成的結果yaml檔案：
1.從yaml檔案的Deployment部分刪除 serviceAccountName: coredns
2.刪除 ServiceAccount、 ClusterRole和 ClusterRoleBinding 部分

kubernetes實踐之六十四：CoreDNS

相關文章