kubernetes之coredns玩法

一、概述

新版本的kubernetes默认使用了coredns,这里就不赘述了。直达车:https://coredns.io/https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns

二、coredns配置

在之前的博客里面介绍过使用dnsmasq作为coredns的上游dns的玩法,这里介绍直接修改coredns的配置,coredns的配置是Corefile,可以通过configmap控制修改。默认的配置如下:

# kubectl get cm coredns -n kube-system -o yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        proxy . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }

errors、health等都是cordns的插件,更多插件参考:https://coredns.io/plugins/

kuberneets1.10开始,支持将kube-dns的配置转换成coredns的配置。kube-dns里面使用stubDomains来指定存根域,即

apiVersion: v1
kind: ConfigMap
metadata:
  name: kube-dns
  namespace: kube-system
data:
  stubDomains: |
    {"demo.local": ["10.0.0.1"]}

 

使用upstreamNameservers来指定非集群dns查找使用外部dns解析,如果设置default默认只会使用node节点dns解析。

apiVersion: v1
kind: ConfigMap
metadata:
  name: kube-dns
  namespace: kube-system
data:
  upstreamNameservers: |
    ["10.0.0.1"]

 

在coredns里面使用upstream和proxy实现kube-dns的stubDomains、upstreamNameservers的功能。

1、coredns使用consul作为dns查询

修改coredns的configmap:

# kubectl -n kube-system edit  cm coredns


apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        proxy . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }
 service.hq:53 { 
errors
cache
30
proxy .
10.4.9.6
}

service.hq是在consul里面设置的domain,consul使用参考我可博客:https://www.cnblogs.com/cuishuai/p/8194345.html,我的consul设置的dns端口是53,默认是8600. 10.4.9.6是consul的监听地址。

重新调度pod使配置生效:

kubectl get pods -n kube-system | grep coredns | awk '{print $1}' | xargs kubectl -n kube-system delete pod

 

测试:

activity是我们在consul里面注册的服务,sleep是包含curl和ping的pod。

# kubectl exec -it -n istio-system sleep-754684654f-c6mct -- ping activity.service.hq

 

附录:

sleep的yaml:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: sleep
---
apiVersion: v1
kind: Service
metadata:
  name: sleep
  labels:
    app: sleep
spec:
  ports:
  - port: 80
    name: http
  selector:
    app: sleep
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: sleep
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: sleep
    spec:
      serviceAccountName: sleep
      containers:
      - name: sleep
        image: pstauffer/curl
        command: ["/bin/sleep", "3650d"]
        imagePullPolicy: IfNotPresent
---

 

posted @ 2019-05-16 17:26  诗码者  阅读(...)  评论(...编辑  收藏