k8s--DNS域名服务

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了k8s--DNS域名服务相关的知识,希望对你有一定的参考价值。

在前面安装好的k8s集群环境下,继续增加DNS域名解析服务

Kubernetes提供的DNS由以下三个组件组成:
1. etcd:DNS存储
2. kube2sky:将kubernetes master中的service(服务)注册到etcd
3. skyDNS:提供DNS域名解析服务 这三个组件以pod的方式启动和运行


添加组件镜像etcd,kube2sky,skydns,exechealthz

 docker pull docker.gaoxiaobang.com/kubernetes/etcd-amd64:2.2.1

 docker pull docker.gaoxiaobang.com/kubernetes/kube2sky:1.14

 docker pull docker.gaoxiaobang.com/kubernetes/skydns:2015-10-13-8c72f8c

 docker pull docker.gaoxiaobang.com/kubernetes/exechealthz:1.0


 docker tag docker.gaoxiaobang.com/kubernetes/skydns:2015-10-13-8c72f8c 192.168.1.5:5000/skydns:2015-10-13-8c72f8c

 docker tag docker.gaoxiaobang.com/kubernetes/kube2sky:1.14 192.168.1.5:5000/kube2sky:1.14

 docker tag docker.gaoxiaobang.com/kubernetes/etcd-amd64:2.2.1 192.168.1.5:5000/etcd-amd64:2.2.1

 docker tag docker.gaoxiaobang.com/kubernetes/exechealthz:1.0 192.168.1.5:5000/exechealthz:1.0


 docker push 192.168.1.5:5000/skydns:2015-10-13-8c72f8c

 docker push 192.168.1.5:5000/kube2sky:1.14

 docker push 192.168.1.5:5000/etcd-amd64:2.2.1

 docker push 192.168.1.5:5000/exechealthz:1.0


docker pull busybox        #用作命令工具

docker tag docker.io/busybox 192.168.1.5:5000/busybox

docker push 192.168.1.5:5000/busybox


创建yaml文件,skydns-rc.yaml,skydns-svc.yaml,busybox.yaml

cd /home/dns

==============================================================================

vi skydns-rc.yaml

apiVersion: v1
kind: ReplicationController
metadata:
  name: kube-dns-v9
  namespace: default
  labels:
    k8s-app: kube-dns
    version: v9
    kubernetes.io/cluster-service: "true"
spec:
  replicas: 1
  selector:
    k8s-app: kube-dns
    version: v9
  template:
    metadata:
      labels:
        k8s-app: kube-dns
        version: v9
        kubernetes.io/cluster-service: "true"
    spec:
      containers:
      - name: etcd
        image: 192.168.1.5:5000/etcd-amd64:2.2.1
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 100m
            memory: 50Mi
        command:
        - /usr/local/bin/etcd
       # - --privileged=true
        - -data-dir
        - /var/etcd/data
        - -listen-client-urls
        - http://127.0.0.1:2379,http://127.0.0.1:4001
        - -advertise-client-urls
        - http://127.0.0.1:2379,http://127.0.0.1:4001
        - -initial-cluster-token
        - skydns-etcd
        volumeMounts:
        - mountPath: /var/etcd/data
          name: etcd-storage
      - name: kube2sky
        #image: gcr.io/google_containers/kube2sky:1.11
        image: 192.168.1.5:5000/kube2sky:1.14
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 100m
            memory: 50Mi
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        readinessProbe:
          httpGet:
            path: /readiness
            port: 8081
            scheme: HTTP
          initialDelaySeconds: 30
          timeoutSeconds: 5
        args:
        # command = "/kube2sky"
       # - -etcd-server=http://127.0.0.1:4001
        #- -kube_master_url=http://172.27.8.210:8080
        - --kube-master-url=http://192.168.1.5:8080
        - --domain=atomic.io
      - name: skydns
        #image: gcr.io/google_containers/skydns:2015-03-11-001
        image: 192.168.1.5:5000/skydns:2015-10-13-8c72f8c
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 100m
            memory: 50Mi
        args:
        # command = "/skydns"
        - -machines=http://127.0.0.1:2379
        - -addr=0.0.0.0:53
        - -ns-rotate=false
        - -domain=atomic.io
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 30
          timeoutSeconds: 5
        readinessProbe:
          httpGet:
            path: /healthz
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 1
          timeoutSeconds: 5
      - name: healthz
        #image: gcr.io/google_containers/exechealthz:1.0
        image: 192.168.1.5:5000/exechealthz:1.0
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 10m
            memory: 20Mi
        args:
        - -cmd=nslookup kubernetes.default.svc.atomic.io 127.0.0.1 >/dev/null
        - -port=8080
        ports:
        - containerPort: 8080
          protocol: TCP
      volumes:
      - name: etcd-storage
        emptyDir: {}
      dnsPolicy: Default

需要注意修改下面一些内容

1,对应的四个镜像地址

image: 192.168.1.5:5000/etcd-amd64:2.2.1

image: 192.168.1.5:5000/kube2sky:1.14

image: 192.168.1.5:5000/skydns:2015-10-13-8c72f8c

image: 192.168.1.5:5000/exechealthz:1.0

2,master和domain地址

        - --kube-master-url=http://192.168.1.5:8080    #集群master的访问地址

        - --domain=atomic.io        #flannel网络定义的domain

3,namespace的定义

namespace: default

args:

        - -cmd=nslookup kubernetes.default.svc.atomic.io 127.0.0.1 >/dev/null  #注意namespace和flannel网络名

4,skydns的启动参数-addr=0.0.0.0:53表示使用本机TCP和UDP的53端口提供服务

5,镜像服务的127.0.0.1地址不要随意改,保持原状,保证一个pod内的不同dns应用服务的调用地址一致

6,目录挂载保持一致对应

- -data-dir

        - /var/etcd/data

volumeMounts:

        - mountPath: /var/etcd/data

=============================================================================

vi skydns-svc.yaml

apiVersion: v1
kind: Service
metadata:
  name: kube-dns
  namespace: default
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "KubeDNS"
spec:
  selector:
    k8s-app: kube-dns
  clusterIP:  10.254.10.20
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
    protocol: TCP

这个文件需要注意的是

clusterIP:  10.254.10.20

这个IP是在/etc/kubernetes/kubelet中定义的,

KUBELET_ARGS="--cluster-dns=10.254.10.20 --cluster-domain=atomic.io"

每个node上的/etc/kubernetes/kubelet启动参数
--cluster_dns=10.254.10.20  为dns服务的clusterIP
--cluster_domain=atomic.io  为dns服务中设置的域名

如果参数不一致就修改重启该kubelet


vi busybox.yaml

apiVersion: v1
kind: Pod
metadata:
  name: busybox
  namespace: default
spec:
  containers:
    - image: 192.168.1.5:5000/busybox
      command:
        - sleep
        - "3600"
      imagePullPolicy: IfNotPresent
      name: busybox
  restartPolicy: Always


创建好文件后,用命令执行创建

 kubectl create -f skydns-rc.yaml 

 kubectl create -f skydns-svc.yaml 

 kubectl create -f busybox.yaml 

 kubectl get pods --all-namespaces -o wide

[[email protected] dns]# kubectl get pods --all-namespaces -o wide 
NAMESPACE     NAME                       READY       STATUS    RESTARTS      AGE        IP          NODE
default        busybox                    1/1        Running   5          5h        172.17.85.4   k8s-node-1
default       kube-dns-v9-hnp4m               4/4       Running   0          5h        172.17.32.5   192.168.1.5
kube-system   heapster-3919175978-gd82j           1/1       Running   0          12h       172.17.85.3   k8s-node-1
kube-system   kubernetes-dashboard-3155532917-wdq38   1/1       Running   0          12h       172.17.85.2   k8s-node-1
kube-system   monitoring-grafana-3994812335-wv9dh    1/1       Running   0          12h       172.17.32.2   192.168.1.5
kube-system   monitoring-influxdb-265709471-xv170    1/1       Running   0          12h       172.17.32.3   192.168.1.5

执行dns检测命令(busybox是一个命令工具)

[[email protected] dns]# kubectl exec busybox -- nslookup kubernetes

Server:    10.254.10.20

Address 1: 10.254.10.20


Name:      kubernetes

Address 1: 10.254.0.1

如果某个service属于自定义的命名空间,那么在进行service查找时,需要带上namespace的名字

[[email protected] dns]# kubectl exec busybox -- nslookup kubernetes-dashboard.kube-system

Server:    10.254.10.20

Address 1: 10.254.10.20


Name:      kubernetes-dashboard.kube-system

Address 1: 10.254.132.77

用命令查看svc,对应下域名解析正确

[[email protected] dns]# kubectl get svc --all-namespaces -o wide 

NAMESPACE     NAME                   CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE       SELECTOR

default       kube-dns               10.254.10.20     <none>        53/UDP,53/TCP   5h        k8s-app=kube-dns

default       kubernetes             10.254.0.1       <none>        443/TCP         8d        <none>

kube-system   heapster               10.254.189.98    <none>        80/TCP          12h       k8s-app=heapster

kube-system   kubernetes-dashboard   10.254.132.77    <nodes>       80:30699/TCP    12h       app=kubernetes-dashboard

kube-system   monitoring-grafana     10.254.178.155   <none>        80/TCP          12h       k8s-app=grafana

kube-system   monitoring-influxdb    10.254.59.144    <none>        8086/TCP        12h       k8s-app=influxdb




以上是关于k8s--DNS域名服务的主要内容,如果未能解决你的问题,请参考以下文章

k8s DNS 服务发现的一个坑

二级域名原理以及程序代码

docker 部署 coredns(内部域名解析)

docker 部署 coredns(内部域名解析)

[k8s]kube-dns/dashboard排错历险记(含sa加载用法/集群搭建)

Flutter 报错 DioError [DioErrorType.DEFAULT]: Bad state: Insecure HTTP is not allowed by platform(代码片段