一、修改每个 Node 上 kubelet 的 DNS 启动参数
修改每个 Node 上的启动参数,在其中加上一下两个参数:
- --cluster-dns=169.169.0.100:为DNS 服务的 ClusterIP 地址
-
--cluster-domain=cluster.local:为在 DNS 服务中设置的域名
然后后重启 kubelet 服务。
systemctl restart kubelet
二、配置 coredns.yaml
[root@k8s0 coredns]# cat >coredns.yaml <<EOF
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
cluster.local {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local 169.169.0.0/16 {
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
. {
cache 30
loadbalance
forward . /etc/resolv.conf
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/name: "CoreDNS"
spec:
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
spec:
priorityClassName: system-cluster-critical
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
nodeSelector:
kubernetes.io/os: linux
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: k8s-app
operator: In
values: ["kube-dns"]
topologyKey: kubernetes.io/hostname
containers:
- name: coredns
image: coredns/coredns:1.10.0
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /ready
port: 8181
scheme: HTTP
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 169.169.0.100
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
- name: metrics
port: 9153
protocol: TCP
EOF
三、创建 CoreDNS
[root@k8s0 coredns]# kubectl create -f coredns.yaml
configmap/coredns created
deployment.apps/coredns created
service/kube-dns created
四、验证是否安装成功
- 命令查看:
[root@k8s0 coredns]# kubectl get deploy -n=kube-system | grep dns
coredns 3/3 3 3 47s
[root@k8s0 coredns]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 169.169.0.100 <none> 53/UDP,53/TCP,9153/TCP 2m55s
[root@k8s0 coredns]# kubectl get pod -n kube-system | grep dns
coredns-7777c5c849-4k7cx 1/1 Running 0 3m13s
coredns-7777c5c849-75hqs 1/1 Running 0 3m13s
coredns-7777c5c849-h2jbt 1/1 Running 0 3m13s
-
管理界面查看:
服务验证:
随便新建一个Pod,进入pod之后
[root@xxxxxxdb-statefulset-ak8s-0 bin]# cat /etc/resolv.conf
search default.svc.cluster.local svc.cluster.local cluster.local
nameserver 169.169.0.100
options ndots:5
- 可以看到 /etc/resolv.conf 文件中的 nameserver 已经变成了指定的 169.169.0.100
CoreDNS 部署完成之后,就可以稳定通过域名来ping通集群内部的各个pod了,解决了 kubernetes 集群中IP不够稳定,但有需要稳定通信的问题!
