本文基于kubernetes 1.5.2版本编写
在kubernetes1.2之前,采用skydns+kube2dns+etcd的方式来部署dns。而从1.3开始,则部署方式有了一点儿变化,将skydns和kube2dns封装到了一个容器镜像中,放弃了etcd,而将dns解析直接放入到了内存之中,同时引入了dnsmasq,进一步利用其缓存。
使用DaemonSet方式部署,在每台宿主机上均有一个DNS服务。
使用http方式访问api server
cat skydns-rc.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kube-dns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
spec:
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec:
containers:
- name: kubedns
image: docker.io/googlecontainer/kubedns-amd64:1.9
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
livenessProbe:
httpGet:
path: /healthz-kubedns
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /readiness
port: 8081
scheme: HTTP
initialDelaySeconds: 3
timeoutSeconds: 5
args:
- --domain=lykops.net.
#域名
- --dns-port=10053
- --config-map=kube-dns
- --kube-master-url=http://192.168.20.128:8080
- --v=0
env:
- name: PROMETHEUS_PORT
value: "10055"
ports:
- containerPort: 10053
name: dns-local
protocol: UDP
- containerPort: 10053
name: dns-tcp-local
protocol: TCP
- containerPort: 10055
name: metrics
protocol: TCP
- name: dnsmasq
image: docker.io/googlecontainer/kube-dnsmasq-amd64:1.4.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz-dnsmasq
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
args:
- --cache-size=1000
- --no-resolv
- --server=127.0.0.1#10053
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
resources:
requests:
cpu: 150m
memory: 10Mi
- name: dnsmasq-metrics
image: docker.io/googlecontainer/dnsmasq-metrics-amd64:1.0.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /metrics
port: 10054
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
args:
- --v=2
- --logtostderr
ports:
- containerPort: 10054
name: metrics
protocol: TCP
resources:
requests:
memory: 10Mi
- name: healthz
image: docker.io/googlecontainer/exechealthz-amd64:1.2
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 50Mi
requests:
cpu: 10m
memory: 50Mi
args:
- --cmd=nslookup kubernetes.default.svc.lykops.net 127.0.0.1 >/dev/null
- --url=/healthz-dnsmasq
- --cmd=nslookup kubernetes.default.svc.lykops.net 127.0.0.1:10053 >/dev/null
- --url=/healthz-kubedns
- --port=8080
- --quiet
ports:
- containerPort: 8080
protocol: TCP
dnsPolicy: Default
kubectl create -f skydns-rc.yaml
使用https方式访问apiserver接口
cat skydns-rc.yaml
......
args:
- --domain=lykops.net.
- --dns-port=10053
- --config-map=kube-dns
- --kube-master-url=https://192.168.20.128:6443
#这里修改为https
- --kubecfg-file=/etc/kubernetes/kubelet-config
#添加认证信息配置文件
- --v=0
#挂载认证需要的信息配置文件和证书
volumeMounts:
- name: config
mountPath: /etc/kubernetes/kubelet-config
readOnly: True
- name: certs
mountPath: /etc/ssl/kube
readOnly: True
env:
- name: PROMETHEUS_PORT
value: "10055"
.......
#挂载宿主机的信息配置文件和证书
volumes:
- name: certs
hostPath:
path: /etc/ssl/kube
- name: config
hostPath:
path: /etc/kubernetes/kubelet-config
dnsPolicy: Default
kubectl create -f skydns-rc.yaml
配置service
cat skydns-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "KubeDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 172.17.114.114
#固定IP地址
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
kubectl create -f skydns-svc.yaml
配置kubelet--实现服务发现
等待服务部署完成,在集群宿主机上执行telnet 172.17.114.114 53,能通表示部署完成
在客户端上执行修改/etc/kubernetes/kubelet
KUBELET_ARGS="--cluster-domain=lykops.net --cluster_dns=172.17.114.114"
重启服务
service kubelet restart