背景: 前端Pod 需要 访问 后端Pod ,可以采用service 的DNS 解析 ,为Kubernetes集群里的容器提供DNS服务,用于解析service名称
一、部署CoreDNS Pod
CoreDNS 是用于service做dns解析的,部署完成之后就可以通过service的名称访问service实现访问pod,CoreDNS是当前k8s的默认dns[root@master-1 yaml]# cat coredns.yaml # Warning: This is a file generated from the base underscore template file: coredns.yaml.baseapiVersion: v1kind: ServiceAccountmetadata:name: corednsnamespace: kube-systemlabels:kubernetes.io/cluster-service: "true"addonmanager.kubernetes.io/mode: Reconcile---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:labels:kubernetes.io/bootstrApping: rbac-defaultsaddonmanager.kubernetes.io/mode: Reconcilename: system:corednsrules:- apiGroups:- ""resources:- endpoints- services- pods- namespacesverbs:- list- watch---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:annotations:rbac.authorization.kubernetes.io/autoupdate: "true"labels:kubernetes.io/bootstrapping: rbac-defaultsaddonmanager.kubernetes.io/mode: EnsureExistsname: system:corednsroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: system:corednssubjects:- kind: ServiceAccountname: corednsnamespace: kube-system---apiVersion: v1kind: ConfigMapmetadata:name: corednsnamespace: kube-systemlabels:addonmanager.kubernetes.io/mode: EnsureExistsdata:Corefile: |.:53 {errorshealthkubernetes cluster.local in-addr.arpa ip6.arpa {pods insecureupstreamfallthrough in-addr.arpa ip6.arpa}prometheus :9153proxy . /etc/resolv.confcache 30loopreloadloadbalance}---apiVersion: apps/v1kind: Deploymentmetadata:name: corednsnamespace: kube-systemlabels:k8s-app: kube-dnskubernetes.io/cluster-service: "true"addonmanager.kubernetes.io/mode: Reconcilekubernetes.io/name: "CoreDNS"spec:# replicas: not specified here:# 1. In order to make Addon Manager do not reconcile this replicas parameter.# 2. Default is 1.# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.strategy:type: RollingUpdaterollingUpdate:maxUnavailable: 1selector:matchLabels:k8s-app: kube-dnstemplate:metadata:labels:k8s-app: kube-dnsannotations:seccomp.security.alpha.kubernetes.io/pod: 'Docker/default'spec:serviceAccountName: corednstolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule- key: "CriticalAddonsOnly"operator: "Exists"containers:- name: corednsimage: lizhenliang/coredns:1.2.2imagePullPolicy: IfNotPresentresources:limits:memory: 170Mirequests:cpu: 100mmemory: 70Miargs: [ "-conf", "/etc/coredns/Corefile" ]volumeMounts:- name: config-volumemountPath: /etc/corednsreadOnly: trueports:- containerPort: 53name: dnsprotocol: UDP- containerPort: 53name: dns-tcpprotocol: TCP- containerPort: 9153name: metricsprotocol: TCPlivenessProbe:httpGet:path: /healthport: 8080scheme: HTTPinitialDelaySeconds: 60timeoutSeconds: 5successThreshold: 1failureThreshold: 5securityContext:allowPrivilegeEscalation: falsecapabilities:add:- NET_BIND_SERVICEdrop:- allreadOnlyRootFilesystem: truednsPolicy: Defaultvolumes:- name: config-volumeconfigMap:name: corednsitems:- key: Corefilepath: Corefile---apiVersion: v1kind: Servicemetadata:name: kube-dnsnamespace: kube-systemannotations:prometheus.io/port: "9153"prometheus.io/scrape: "true"labels:k8s-app: kube-dnskubernetes.io/cluster-service: "true"addonmanager.kubernetes.io/mode: Reconcilekubernetes.io/name: "CoreDNS"spec:selector:k8s-app: kube-dnsclusterIP: 10.0.0.2ports:- name: dnsport: 53protocol: UDP- name: dns-tcpport: 53protocol: TCP[root@k8s-master1 yaml]# kubectl apply -f coredns.yaml
serviceaccount/coredns created
clusterrole.rbac.authorization.k8s.io/system:coredns created
【kubernetes Service DNS名称解析】clusterrolebinding.rbac.authorization.k8s.io/system:coredns created
configmap/coredns created
deployment.apps/coredns created
service/kube-dns created
#查看Pod状态
[root@k8s-master1 yaml]# kubectl get pods -n kube-systemNAME READY STATUS RESTARTS AGEcoredns-6d8cfdd59d-87b7p 0/1 ContainerCreating 0 40s#下载完成
[root@k8s-master1 yaml]# kubectl get pods -n kube-systemNAME READY STATUS RESTARTS AGEcoredns-6d8cfdd59d-7dfjz 1/1 Running 0 3m44s
二、创建Pod 测试[root@master-1 yaml]# cat test.yaml apiVersion: v1kind: Podmetadata:name: busyboxnamespace: defaultspec:containers:- image: busybox:1.28.4command:- sleep- "3600"imagePullPolicy: IfNotPresentname: busyboxrestartPolicy: Always[root@k8s-master1 yaml]# kubectl apply -f test.yamlpod/busybox created#查看Pod状态
[root@k8s-master1 yaml]# kubectl get pods -o wideNAMEREADYSTATUSRESTARTSAGEIPNODENOMINATED NODEREADINESS GATESbusybox1/1Running15m59s10.244.2.6k8s-node3<none><none>Nginx-demo-574b6ddfd8-j487f1/1Running140h10.244.2.64node-3<none><none>
推荐阅读
- DNS 的 5 种攻击形式和应对举措
- 百度技术:“App 优化网络,先从优化 DNS 开始” | 原理到实战
- 深度对比docker和kubernetes的区别和联系
- 「系统架构」如何搭建自己的DNS服务器?
- 网络知识,分分钟通俗了解网关、DNS、子网掩码、MAC地址、DHCP
- kubernetes的基本单位Pod详解
- 浅析Kubernetes网络模型
- IP、子网掩码、缺省网关/默认网关、DNS、服务器、端口的总结
- 实测几款常见的DNS,看性能还是看功能?
- 初试CoreDNS