[k8s]coredns/kube-dns配置subdomain
阿新 • • 發佈:2017-12-05
deploy install 集群 init cor etc name pod .com
思想: kube-dns或coredns本質上是一個dns服務軟件.都需要配置配置文件.要控制怎麽查詢,即控制他的配置文件即可.
本文先說下coredns怎麽配置,然後在配下kube-dns(包含了外建dnsmasq搭建,模擬集群訪問公司私有域情景)
參考:
https://coredns.io/2017/03/01/coredns-for-kubernetes-service-discovery-take-2/
https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/
https://coredns.io/2017/06/08/how-queries-are-processed-in-coredns/
默認的kube-dns策略
本次模擬架構如下圖:
coredns配置文件:
- 1.訪問cluster.local後綴的,去查10.254.0.2
- 2.訪問out-of.kubernetes的如server.out-of.kubernetes去查192.168.x.x
- 3.訪問互聯網的,走resolve.conf的地址
.:53 { errors # show errors log stdout # show query logs health kubernetes cluster.local 10.254.0.0/16 proxy out-of.kubernetes 192.168.x.x proxy . /etc/resolv.conf
參考:
https://coredns.io/2017/03/01/coredns-for-kubernetes-service-discovery-take-2/
$ cat coredns.yaml apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system data: Corefile: | .:53 { errors log stdout health kubernetes cluster.local 10.254.0.0/16 proxy out-of.kubernetes 192.168.x.x proxy . /etc/resolv.conf cache 30 } --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: coredns namespace: kube-system labels: k8s-app: coredns kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS" spec: replicas: 1 selector: matchLabels: k8s-app: coredns template: metadata: labels: k8s-app: coredns annotations: scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' spec: containers: - name: coredns image: coredns/coredns:latest imagePullPolicy: Always args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: - name: config-volume mountPath: /etc/coredns ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP livenessProbe: httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 dnsPolicy: Default volumes: - name: config-volume configMap: name: coredns items: - key: Corefile path: Corefile --- apiVersion: v1 kind: Service metadata: name: kube-dns namespace: kube-system labels: k8s-app: coredns kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS" spec: selector: k8s-app: coredns clusterIP: 10.254.0.2 ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53 protocol: TCP
kube-dns配置文件
部署參考: http://www.cnblogs.com/iiiiher/p/7891713.html
有3個文件,修改cm即可.
$ ls
kubedns-cm.yaml kubedns-deployment.yaml kubedns-svc.yaml$ cat dns-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: kube-dns
namespace: kube-system
data:
stuDomains: |
{"out-of.kubernetes": {"192.168.x.x"}
upsteamNameservers: |
{"114.114.114.114","9.9.9.9"}配置dnsmasq--外建:模擬公司私有的dns服務器
yum install -y dnsmasq tcpdump
echo "192.168.8.191 server.out-of.kubernetes" > /tmp/hosts
啟動:
dnsmasq -q -d -h -R -H /tmp/hosts
-d debug模式
-q 輸出查詢記錄
-h 不使用/etc/hosts
-R 不使用/etc/resolve.conf
-H 使用自定義的文件作為DNS記錄
tcpdump -i eth0 udp port 53 -nnv
host -t A server.out-of.kubernetes 192.168.x.x測試:本地我用coredns
$ kubectl run -it --rm --restart=Never busybox --image=busybox sh
/ # nslookup server.out-of.kubernetes
Server: 10.254.0.2
Address 1: 10.254.0.2 kube-dns.kube-system.svc.cluster.local
Name: server.out-of.kubernetes
Address 1: 192.168.x.x分別訪問集群/out-of.kubernetes/外網都可以通信.
同一個域名解析到2個ip如何實現?(headless svc)
參考:http://www.cnblogs.com/cuihongyu3503319/archive/2012/07/09/2583129.html
同一個域名 添加2條不同ip即可.
$ cat /tmp/hosts
192.168.x.191 server.out-of.kubernetes
192.168.x.192 server.out-of.kubernetes
$ dnsmasq -q -d -h -R -H /tmp/hosts
$ host -t A server.out-of.kubernetes 192.168.x.x
Using domain server:
Name: 192.168.x.x
Address: 192.168.x.x#53
Aliases:
server.out-of.kubernetes has address 192.168.x.191
server.out-of.kubernetes has address 192.168.x.192
- todo
cordns k8s插件細節,將集群內的dns移到集群外.
coredns放在集群裏,logs -f看不到日誌,目測得抽時間細究下.
coredns只開放A記錄,關閉AAAA功能.
[k8s]coredns/kube-dns配置subdomain