Kubernetes部署DNS

前言

阅读地址 http://thoreauz.com/2017/04/16/docker/Kubernetes%E9%83%A8%E7%BD%B2DNS%E5%92%8CDashboard/

Kubernetes中的dns是什么？

k8s的服务发现有两种，第一种是基于环境变量，第二种是基于DNS。

第一种环境变量

1.比如生成个pod的容器，默认情况，外部是不能访问容器内部的。

2.我们生成service的资源对象，绑定第一步的pod容器，后生成的pod容器的环境变量会增加第一步的service生成的集群IP。

3.这种方式缺点明显，第一个pod容器是找不到后面pod容器生成的service对象。

第二种基于DNS.

1.首先整个kube-dns的容器，它负责去获取service对应的服务

2.再整个kube-dnsmasq-amd64:1.4容器，它是个dns服务端

3.第一步检测的service的变化就自动更新到第二部的dns服务端

4.其他业务容器启动时的dns指定第二步容器的集群IP，我们可以通过cat /etc/resolv.conf 查看是否生效.

实战,如果按照作者的方法去做，dns一会就死了，改进版

1.线生成kube-dns和kube-dnsmasq容器的配置文件skydns-rc.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: kube-dns
  namespace: kube-system
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
spec:
  # replicas: not specified here:
  # . In order to make Addon Manager do not reconcile this replicas parameter.
  # . Default is .
  # . Will be tuned in real time if DNS horizontal auto-scaling is turned on.
  strategy:
    rollingUpdate:
      maxSurge: %
      maxUnavailable:
  selector:
    matchLabels:
      k8s-app: kube-dns
  template:
    metadata:
      labels:
        k8s-app: kube-dns
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
    spec:
      containers:
      - name: kubedns
        # image: gcr.io/google_containers/kubedns-amd64:1.9
        image: registry.cn-hangzhou.aliyuncs.com/google-containers/kubedns-amd64:1.9
        args:
        # - --domain=cluster.local.
        - --domain=cluster.local.
        - --dns-port=
        - --config-map=kube-dns
        # This should be set to v= only after the new image (cut from 1.5) has
        # been released, otherwise we will flood the logs.
        - --v=
        - --kube-master-url=http://192.168.122.94:8080 # 指定api
        env:
        - name: PROMETHEUS_PORT
          value: ""
        ports:
        - containerPort:
          name: dns-local
          protocol: UDP
        - containerPort:
          name: dns-tcp-local
          protocol: TCP
        - containerPort:
          name: metrics
          protocol: TCP
      - name: dnsmasq
        # image: gcr.io/google_containers/kube-dnsmasq-amd64:1.4.
        image: registry.cn-hangzhou.aliyuncs.com/google-containers/kube-dnsmasq-amd64:1.4
        args:
        - --cache-size=
        - --no-resolv
        - --server=127.0.0.1#
        # - --log-facility=-
        ports:
        - containerPort:
          name: dns
          protocol: UDP
        - containerPort:
          name: dns-tcp
          protocol: TCP
        # see: https://github.com/kubernetes/kubernetes/issues/29055 for details

2.生成service，容器内部通过集群IP来访问dns，这里固定了个集群IP地址，不然会动态生成一个。配置文件名skydns-svc.yaml

apiVersion: v1
kind: Service
metadata:
  name: kube-dns
  namespace: kube-system
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "KubeDNS"
spec:
  selector:
    k8s-app: kube-dns
  # clusterIP: $DNS_SERVER_IP
  clusterIP: 10.10.10.254
  ports:
  - name: dns
    port:
    protocol: UDP
  - name: dns-tcp
    port:
    protocol: TCP

3.启动

kubectl create -f skydns-rc.yaml

kubectl create -f skydns-svc.yaml

4.修改各个node节点的kubelet配置并重启

vim /etc/kubernetes/kubelet

# 添加这一行

KUBELET_ARGS="--cluster_dns=10.254.0.100 --cluster_domain=cluster.local"

systemctl restart kubelet

 

5.验证

  所有pod容器重新生成，进入容器检测 cat /etc/resolv.conf  配置的dns是否有集群IP