16-CoreDNS附加组件及实战
一、CoreDNS附加组件
1.coreDNS概述
coreDNS的作用就是将svc的名称解析为ClusterIP。还可以实现Pod的负载均衡。
早期使用的skyDNS组件,需要单独部署,在k8s 1.9版本中,我们就可以直接使用kubeadm方式安装CoreDNS组件。
从k8s 1.12开始,CoreDNS就成为kubernetes默认的DNS服务器,但是kubeadm支持coreDNS的时间会更早。
推荐阅读:
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns/coredns
2.coreDNS的IP地址
vim /var/lib/kubelet/config.yaml
...
clusterDNS:
- 10.200.0.10
clusterDomain: oldboyedu.com
3.coreDNS的A记录
k8s的A记录格式:
<service name>[.<namespace name>.svc.cluster.local]
参考案例:
kube-dns.kube-system.svc.cluster.local
oldboyedu-mysql.default.svc.cluster.local
温馨提示
- (1)如果部署时直接写svc的名称,不写名称空间,则默认的名称空间为其引用资源的名称空间;
- (2)kubeadm部署时,无需手动配置CoreDNS组件(默认在kube-system已创建),二进制部署时,需要手动安装该组件;
4.测试coreDNS组件
4.1 方式一:进入容器内部ping测试
直接使用alpine取ping您想测试的SVC名称即可,观察能否解析成对应的VIP即可。
[root@master231 metallb]# kubectl get svc -A
…………
kube-system kube-dns ClusterIP 10.200.0.10 <none> 53/UDP,53/TCP,9153/TCP 2d4h
…………
metallb-system metallb-webhook-service ClusterIP 10.200.27.157 <none> 443/TCP 164m
………………
#一次性启动一个Pod,在这个容器内部ping K8s集群的任意一个svc名
[root@master231 metallb]# kubectl run test-dns-01 --rm -it --image=registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 -- sh
/ # ping metallb-webhook-service.metallb-system
PING metallb-webhook-service.metallb-system (10.200.27.157): 56 data bytes
64 bytes from 10.200.27.157: seq=0 ttl=64 time=0.172 ms
^C
4.2 方式二:使用dig命令测试
只能使用全称
[root@master231 metallb]# apt -y install bind-utils
[root@master231 metallb]# kubectl get svc -A
………………
kube-system kube-dns ClusterIP 10.200.0.10 <none> 53/UDP,53/TCP,9153/TCP 2d3h
………………
#使用 dig 工具查询 metallb-webhook-service.metallb-system.svc.oldboyedu.com 的 DNS 解析结果,其中 10.200.0.10 是指定的 DNS 服务器地址
[root@master231 metallb]# dig @10.200.0.10 metallb-webhook-service.metallb-system.svc.oldboyedu.com +short
4.3 方式三:使用host
[root@master231 metallb]# host calico-api.calico-apiserver.svc.oldboyedu.com 10.200.0.10
Using domain server:
Name: 10.200.0.10
Address: 10.200.0.10#53
Aliases:
calico-api.calico-apiserver.svc.oldboyedu.com has address 10.200.87.86
5.kubeadm默认安装了DNS服务器
#集群中 kube-system 命名空间下与 kube-dns 相关的资源信息
[root@master231 metallb]# kubectl get deploy,rs,svc,pods -n kube-system -l k8s-app=kube-dns -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/coredns 2/2 2 2 2d3h coredns registry.aliyuncs.com/google_containers/coredns:v1.8.6 k8s-app=kube-dns
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
replicaset.apps/coredns-6d8c4cb4d 2 2 2 2d3h coredns registry.aliyuncs.com/google_containers/coredns:v1.8.6 k8s-app=kube-dns,pod-template-hash=6d8c4cb4d
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kube-dns ClusterIP 10.200.0.10 <none> 53/UDP,53/TCP,9153/TCP 2d3h k8s-app=kube-dns
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/coredns-6d8c4cb4d-bknzr 1/1 Running 1 (2d2h ago) 2d3h 10.100.160.135 master231 <none> <none>
pod/coredns-6d8c4cb4d-cvp9w 1/1 Running 1 (2d2h ago) 2d3h 10.100.160.133 master231 <none> <none>
#查看详细信息
[root@master231 metallb]# kubectl -n kube-system describe svc kube-dns
Name: kube-dns
Namespace: kube-system
Labels: k8s-app=kube-dns
kubernetes.io/cluster-service=true
kubernetes.io/name=CoreDNS
Annotations: prometheus.io/port: 9153
prometheus.io/scrape: true
Selector: k8s-app=kube-dns
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.200.0.10
IPs: 10.200.0.10
Port: dns 53/UDP
TargetPort: 53/UDP
Endpoints: 10.100.160.133:53,10.100.160.135:53
Port: dns-tcp 53/TCP
TargetPort: 53/TCP
Endpoints: 10.100.160.133:53,10.100.160.135:53
Port: metrics 9153/TCP
TargetPort: 9153/TCP
Endpoints: 10.100.160.133:9153,10.100.160.135:9153
Session Affinity: None
Events: <none>
二、CoreDns组件优化WordPress实战
1.准备镜像
[root@worker232 ~]# docker tag mysql:8.0.36-oracle harbor250.oldboyedu.com/oldboyedu-wp/mysql:8.0.36-oracle
[root@worker232 ~]# docker push harbor250.oldboyedu.com/oldboyedu-wp/mysql:8.0.36-oracle
[root@worker233 ~]# docker tag wordpress:6.7.1-php8.1-apache harbor250.oldboyedu.com/oldboyedu-wp/wordpress:6.7.1-php8.1-apache
[root@worker233 ~]# docker push harbor250.oldboyedu.com/oldboyedu-wp/wordpress:6.7.1-php8.1-apache
2.编写资源清单在相同的名称空间下测试
2.1 编写资源清单
[root@master231 deployments]# cat 03-deploy-wordpress.yaml
#使用deploy控制器在集群运行mysql服务,并设置相关参数,匹配的标签为apps: db
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-db
spec:
replicas: 1
selector:
matchLabels:
apps: db
template:
metadata:
labels:
apps: db
spec:
containers:
- image: harbor250.oldboyedu.com/oldboyedu-wp/mysql:8.0.36-oracle
name: db
env:
- name: MYSQL_DATABASE
value: wordpress
- name: MYSQL_ALLOW_EMPTY_PASSWORD
value: "yes"
- name: MYSQL_USER
value: admin
- name: MYSQL_PASSWORD
value: yinzhengjie
args:
- --character-set-server=utf8
- --collation-server=utf8_bin
- --default-authentication-plugin=mysql_native_password
---
#配置svc服务发现,提供网络访问能力,匹配的标签为apps: db,匹配到上一部分的mysql服务,指定访问的端口为3306
apiVersion: v1
kind: Service
metadata:
name: svc-db
spec:
ports:
- port: 3306
selector:
apps: db
---
#再次使用deploy控制器,创建Pod运行WordPress服务,指定标签为apps: wp
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-wp
spec:
replicas: 1
selector:
matchLabels:
apps: wp
template:
metadata:
labels:
apps: wp
spec:
containers:
- image: harbor250.oldboyedu.com/oldboyedu-wp/wordpress:6.7.1-php8.1-apache
name: wp
env:
- name: WORDPRESS_DB_HOST
value: svc-db
- name: WORDPRESS_DB_NAME
value: wordpress
- name: WORDPRESS_DB_USER
value: admin
- name: WORDPRESS_DB_PASSWORD
value: yinzhengjie
---
#使用了svc的LoadBalancer类型,使得WordPress得以暴露,供外部访问
apiVersion: v1
kind: Service
metadata:
name: svc-wp-lb
spec:
type: LoadBalancer
ports:
- port: 80
nodePort: 30130
selector:
apps: wp
2.2 创建并测试查看
[root@master231 deployments]# kubectl apply -f 03-deploy-wordpress.yaml
deployment.apps/deploy-db created
service/svc-db created
deployment.apps/deploy-wp created
service/svc-wp-lb created
[root@master231 deployments]# kubectl get -f 03-deploy-wordpress.yaml
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/deploy-db 1/1 1 1 4s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/svc-db ClusterIP 10.200.82.128 <none> 3306/TCP 4s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/deploy-wp 1/1 1 1 4s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/svc-wp-lb LoadBalancer 10.200.168.21 10.0.0.151 80:30130/TCP 4s
[root@master231 deployments]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
deploy-db-c4c857cc8-wpnpj 1/1 Running 0 7s 10.100.203.167 worker232 <none> <none>
deploy-wp-6b75764d48-lq4rp 1/1 Running 0 7s 10.100.140.124 worker233 <none> <none>
3.在不同的名称空间测试
3.1 编写资源清单
[root@master231 deployments]# cat 04-deploy-wordpress-diff-ns.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-db
#这里指定了名称空间
namespace: oldboyedu
spec:
replicas: 1
selector:
matchLabels:
apps: db
template:
metadata:
labels:
apps: db
spec:
containers:
- image: harbor250.oldboyedu.com/oldboyedu-wp/mysql:8.0.36-oracle
name: db
env:
- name: MYSQL_DATABASE
value: wordpress
- name: MYSQL_ALLOW_EMPTY_PASSWORD
value: "yes"
- name: MYSQL_USER
value: admin
- name: MYSQL_PASSWORD
value: yinzhengjie
args:
- --character-set-server=utf8
- --collation-server=utf8_bin
- --default-authentication-plugin=mysql_native_password
---
#使用了svc默认的ClusterIP类型,直供集群内部访问3306端口
apiVersion: v1
kind: Service
metadata:
name: svc-db
namespace: oldboyedu
spec:
ports:
- port: 3306
selector:
apps: db
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-wp
#指定的与上面两个不相同的名称空间
namespace: default
spec:
replicas: 1
selector:
matchLabels:
apps: wp
template:
metadata:
labels:
apps: wp
spec:
containers:
- image: harbor250.oldboyedu.com/oldboyedu-wp/wordpress:6.7.1-php8.1-apache
name: wp
env:
- name: WORDPRESS_DB_HOST
# 适合在同一个名称空间的简写形式
# value: svc-db
# 适合在不同名称空间的简写形式
# value: svc-db.oldboyedu
#这里指定了Mysql服务所在的命名空间,跨名称空间访问需要Mysql所在的名称空间的完整的DNS名称
value: svc-db.oldboyedu.svc.oldboyedu.com
- name: WORDPRESS_DB_NAME
value: wordpress
- name: WORDPRESS_DB_USER
value: admin
- name: WORDPRESS_DB_PASSWORD
value: yinzhengjie
---
apiVersion: v1
kind: Service
metadata:
name: svc-wp-lb
namespace: default
spec:
type: LoadBalancer
ports:
- port: 80
nodePort: 30130
selector:
apps: wp
3.2 创建并测试查看
[root@master231 deployments]# kubectl get -f 04-deploy-wordpress-diff-ns.yaml
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/deploy-db 1/1 1 1 5s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/svc-db ClusterIP 10.200.86.142 <none> 3306/TCP 5s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/deploy-wp 1/1 1 1 5s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/svc-wp-lb LoadBalancer 10.200.229.158 10.0.0.151 80:30130/TCP 5s
#默认名称空间
[root@master231 deployments]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
deploy-wp-67986c5c57-68m9w 1/1 Running 0 10s 10.100.140.127 worker233 <none> <none>
#oldboyedu名称空间
[root@master231 deployments]# kubectl get pods -o wide -n oldboyedu -l apps=db
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
deploy-db-c4c857cc8-blpsc 1/1 Running 0 15s 10.100.203.169 worker232 <none> <none>
本文来自博客园,作者:丁志岩,转载请注明原文链接:https://www.cnblogs.com/dezyan/p/18817403
浙公网安备 33010602011771号