部署 kubedns 插件

官方文件目录:kubernetes/cluster/addons/dns

使用的文件:

  1. $ ls *.yaml *.base
  2. kubedns-cm.yaml kubedns-sa.yaml kubedns-controller.yaml.base kubedns-svc.yaml.base

已经修改好的 yaml 文件见:dns

系统预定义的 RoleBinding

预定义的 RoleBinding system:kube-dns 将 kube-system 命名空间的 kube-dns ServiceAccount 与 system:kube-dns Role 绑定, 该 Role 具有访问 kube-apiserver DNS 相关 API 的权限;

  1. $ kubectl get clusterrolebindings system:kube-dns -o yaml
  2. apiVersion: rbac.authorization.k8s.io/v1beta1
  3. kind: ClusterRoleBinding
  4. metadata:
  5. annotations:
  6. rbac.authorization.kubernetes.io/autoupdate: "true"
  7. creationTimestamp: 2017-04-06T17:40:47Z
  8. labels:
  9. kubernetes.io/bootstrapping: rbac-defaults
  10. name: system:kube-dns
  11. resourceVersion: "56"
  12. selfLink: /apis/rbac.authorization.k8s.io/v1beta1/clusterrolebindingssystem%3Akube-dns
  13. uid: 2b55cdbe-1af0-11e7-af35-8cdcd4b3be48
  14. roleRef:
  15. apiGroup: rbac.authorization.k8s.io
  16. kind: ClusterRole
  17. name: system:kube-dns
  18. subjects:
  19. - kind: ServiceAccount
  20. name: kube-dns
  21. namespace: kube-system

kubedns-controller.yaml 中定义的 Pods 时使用了 kubedns-sa.yaml 文件定义的 kube-dns ServiceAccount,所以具有访问 kube-apiserver DNS 相关 API 的权限;

配置 kube-dns ServiceAccount

无需修改;

配置 kube-dns 服务

  1. $ diff kubedns-svc.yaml.base kubedns-svc.yaml
  2. 30c30
  3. < clusterIP: __PILLAR__DNS__SERVER__
  4. ---
  5. > clusterIP: 10.254.0.2
  • 需要将 spec.clusterIP 设置为集群环境变量中变量 CLUSTER_DNS_SVC_IP 值,这个 IP 需要和 kubelet 的 —cluster-dns 参数值一致;

配置 kube-dns Deployment

  1. $ diff kubedns-controller.yaml.base kubedns-controller.yaml
  2. 58c58
  3. < image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.1
  4. ---
  5. > image: xuejipeng/k8s-dns-kube-dns-amd64:v1.14.1
  6. 88c88
  7. < - --domain=__PILLAR__DNS__DOMAIN__.
  8. ---
  9. > - --domain=cluster.local.
  10. 92c92
  11. < __PILLAR__FEDERATIONS__DOMAIN__MAP__
  12. ---
  13. > #__PILLAR__FEDERATIONS__DOMAIN__MAP__
  14. 110c110
  15. < image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.1
  16. ---
  17. > image: xuejipeng/k8s-dns-dnsmasq-nanny-amd64:v1.14.1
  18. 129c129
  19. < - --server=/__PILLAR__DNS__DOMAIN__/127.0.0.1#10053
  20. ---
  21. > - --server=/cluster.local./127.0.0.1#10053
  22. 148c148
  23. < image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.1
  24. ---
  25. > image: xuejipeng/k8s-dns-sidecar-amd64:v1.14.1
  26. 161,162c161,162
  27. < - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.__PILLAR__DNS__DOMAIN__,5,A
  28. < - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.__PILLAR__DNS__DOMAIN__,5,A
  29. ---
  30. > - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local.,5,A
  31. > - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local.,5,A
  • --domain集群环境文档 变量 CLUSTER_DNS_DOMAIN 的值;
  • 使用系统已经做了 RoleBinding 的 kube-dns ServiceAccount,该账户具有访问 kube-apiserver DNS 相关 API 的权限;

执行所有定义文件

  1. $ pwd
  2. /root/kubernetes-git/cluster/addons/dns
  3. $ ls *.yaml
  4. kubedns-cm.yaml kubedns-controller.yaml kubedns-sa.yaml kubedns-svc.yaml
  5. $ kubectl create -f .
  6. $

检查 kubedns 功能

新建一个 Deployment

  1. $ cat my-nginx.yaml
  2. apiVersion: extensions/v1beta1
  3. kind: Deployment
  4. metadata:
  5. name: my-nginx
  6. spec:
  7. replicas: 2
  8. template:
  9. metadata:
  10. labels:
  11. run: my-nginx
  12. spec:
  13. containers:
  14. - name: my-nginx
  15. image: nginx:1.7.9
  16. ports:
  17. - containerPort: 80
  18. $ kubectl create -f my-nginx.yaml
  19. $

Export 该 Deployment, 生成 my-nginx 服务

  1. $ kubectl expose deploy my-nginx
  2. $ kubectl get services --all-namespaces |grep my-nginx
  3. default my-nginx 10.254.86.48 <none> 80/TCP 1d

创建另一个 Pod,查看 /etc/resolv.conf 是否包含 kubelet 配置的 --cluster-dns--cluster-domain,是否能够将服务 my-nginx 解析到上面显示的 Cluster IP 10.254.86.48

  1. $ cat pod-nginx.yaml
  2. apiVersion: v1
  3. kind: Pod
  4. metadata:
  5. name: nginx
  6. spec:
  7. containers:
  8. - name: nginx
  9. image: nginx:1.7.9
  10. ports:
  11. - containerPort: 80
  12. $ kubectl create -f pod-nginx.yaml
  13. $ kubectl exec nginx -i -t -- /bin/bash
  14. root@nginx:/# cat /etc/resolv.conf
  15. nameserver 10.254.0.2
  16. search default.svc.cluster.local svc.cluster.local cluster.local tjwq01.ksyun.com
  17. options ndots:5
  18. root@nginx:/# ping my-nginx
  19. PING my-nginx.default.svc.cluster.local (10.254.86.48): 48 data bytes
  20. ^C--- my-nginx.default.svc.cluster.local ping statistics ---
  21. 2 packets transmitted, 0 packets received, 100% packet loss
  22. root@nginx:/# ping kubernetes
  23. PING kubernetes.default.svc.cluster.local (10.254.0.1): 48 data bytes
  24. ^C--- kubernetes.default.svc.cluster.local ping statistics ---
  25. 1 packets transmitted, 0 packets received, 100% packet loss
  26. root@nginx:/# ping kube-dns.kube-system.svc.cluster.local
  27. PING kube-dns.kube-system.svc.cluster.local (10.254.0.2): 48 data bytes
  28. ^C--- kube-dns.kube-system.svc.cluster.local ping statistics ---
  29. 1 packets transmitted, 0 packets received, 100% packet loss