k8s笔记009kubedns部署.docx

1、k8s笔记009kubedns部署k8s笔记009-kube-dns部署 1. 准备镜像1.1 下载镜像rootharbor # docker pull rootharbor # docker pull rootharbor # docker pull 1.2 对下载的镜像重新打tagrootharbor # docker tag 192.168.1.170/tzg-prod/k8s-dns-dnsmasq-nanny-amd64:1.14.1rootharbor # docker tag 192.168.1.170/tzg-prod/k8s-dns-kube-dns-amd64:1.14.1

2、rootharbor # docker tag 192.168.1.170/tzg-prod/k8s-dns-sidecar-amd64:1.14.11.3 将镜像上传到私有仓库rootharbor # docker push 192.168.1.170/tzg-prod/k8s-dns-dnsmasq-nanny-amd64:1.14.1rootharbor # docker push 192.168.1.170/tzg-prod/k8s-dns-kube-dns-amd64:1.14.1rootharbor # docker push 192.168.1.170/tzg-prod/k8s-

3、dns-sidecar-amd64:1.14.11.4 删除下载的镜像rootharbor # docker rmi rootharbor # docker rmi rootharbor # docker rmi 创建yaml文件2.1 创建ConfigMap文件rootk8s-master01 kubedns# vi kubedns-cm.yaml apiVersion: v1kind: ConfigMapmetadata: name: kube-dns namespace: kube-system labels: addonmanager.kubernetes.io/mode: Ensur

4、eExists2.2 创建Controller Manager文件rootk8s-master01 kubedns# vi kubedns-cm.yaml apiVersion: v1kind: ConfigMapmetadata: name: kube-dns namespace: kube-system labels: addonmanager.kubernetes.io/mode: EnsureExistsrootk8s-master01 kubedns# cat kubedns-controller.yaml apiVersion: extensions/v1beta1kind: De

5、ploymentmetadata: name: kube-dns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: true addonmanager.kubernetes.io/mode: Reconcilespec: strategy: rollingUpdate: maxSurge: 10% maxUnavailable: 0 selector: matchLabels: k8s-app: kube-dns template: metadata: labels: k8s-app:

6、 kube-dns annotations: scheduler.alpha.kubernetes.io/critical-pod: spec: tolerations: - key: CriticalAddonsOnly operator: Exists volumes: - name: kube-dns-config configMap: name: kube-dns optional: true containers: - name: kubedns image: 192.168.1.170/tzg-prod/k8s-dns-kube-dns-amd64:1.14.1 resources

7、: limits: memory: 170Mi requests: cpu: 100m memory: 70Mi livenessProbe: httpGet: path: /healthcheck/kubedns port: 10054 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 readinessProbe: httpGet: path: /readiness port: 8081 scheme: HTTP initialDelaySeconds

8、: 3 timeoutSeconds: 5 args: - -domain=cluster.local. - -dns-port=10053 - -config-dir=/kube-dns-config - -v=2 env: - name: PROMETHEUS_PORT value: 10055 ports: - containerPort: 10053 name: dns-local protocol: UDP - containerPort: 10053 name: dns-tcp-local protocol: TCP - containerPort: 10055 name: met

9、rics protocol: TCP volumeMounts: - name: kube-dns-config mountPath: /kube-dns-config - name: dnsmasq image: 192.168.1.170/tzg-prod/k8s-dns-dnsmasq-nanny-amd64:1.14.1 livenessProbe: httpGet: path: /healthcheck/dnsmasq port: 10054 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold

10、: 1 failureThreshold: 5 args: - -v=2 - -logtostderr - -configDir=/etc/k8s/dns/dnsmasq-nany - -restartDnsmasq=true - - - -k - -cache-size=1000 - -log-facility=- - -server=/cluster.local./127.0.0.1#10053 - -server=/in-addr.arpa/127.0.0.1#10053 - -server=/ip6.arpa/127.0.0.1#10053 ports: - containerPort

11、: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP resources: requests: cpu: 150m memory: 20Mi volumeMounts: - name: kube-dns-config mountPath: /etc/k8s/dns/dnsmasq-nanny - name: sidecar image: 192.168.1.170/tzg-prod/k8s-dns-sidecar-amd64:1.14.1 livenessProbe: httpGet: path

12、: /metrics port: 10054 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 args: - -v=2 - -logtostderr - -probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local.,5,A - -probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local.,5,A ports:

13、- containerPort: 10054 name: metrics protocol: TCP resources: requests: memory: 20Mi cpu: 10m dnsPolicy: Default serviceAccountName: kube-dns2.3 创建ServiceAccount文件rootk8s-master01 kubedns# vi kubedns-sa.yaml apiVersion: v1kind: ServiceAccountmetadata: name: kube-dns namespace: kube-system labels: ku

14、bernetes.io/cluster-service: true addonmanager.kubernetes.io/mode: Reconcile2.4 创建Service文件rootk8s-master01 kubedns# vi kubedns-svc.yaml apiVersion: v1kind: Servicemetadata: name: kube-dns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: true addonmanager.kubernetes.io

15、/mode: Reconcile kubernetes.io/name: KubeDNSspec: selector: k8s-app: kube-dns clusterIP: 169.169.0.2 ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53 protocol: TCP3. 根据yaml文件创建ConfigMap、ControllerManager、ServiceAccount、Service3.1 创建对象 rootk8s-master01 kubedns# lskubedns-cm.yaml kub

16、edns-controller.yaml kubedns-sa.yaml kubedns-svc.yamlrootk8s-master01 kubedns# kubectl create -f .configmap kube-dns createddeployment kube-dns createdserviceaccount kube-dns createdservice kube-dns created3.2 查看Deploymentrootk8s-master01 kubedns# kubectl get deploy -all-namespacesNAMESPACE NAME DES

17、IRED CURRENT UP-TO-DATE AVAILABLE AGEkube-system kube-dns 1 1 1 1 1m3.3 查看Podsrootk8s-master01 kubedns# kubectl get pods -all-namespacesNAMESPACE NAME READY STATUS RESTARTS AGEkube-system kube-dns-1869960205-tng14 3/3 Running 0 55s3.4 查看Servicerootk8s-master01 kubedns# kubectl get svc -namespace=kub

18、e-systemNAME CLUSTER-IP EXTERNAL-IP PORT(S) AGEkube-dns 169.169.0.2 53/UDP,53/TCP 1m3.5 查看ConfigMaprootk8s-master01 kubedns# kubectl get ConfigMap -all-namespacesNAMESPACE NAME DATA AGEkube-system extension-apiserver-authentication 1 4dkube-system kube-dns 0 1m4. 修改kubelet配置（所有节点上都需要操作）4.1 kubelet启动

19、参数增加cluster-dns配置rootk8s-master01 # vi /etc/kubernetes/kubeletKUBELET_ARGS=-api-servers=https:/172.18.0.200:6443 -hostname-override=172.18.0.142 -logtostderr=false -log-dir=/opt/logs/kubernetes -v=2 -allow-privileged=true -kubeconfig=/etc/kubernetes/kubelet-kubeconfig -cgroup-driver=systemd -cluster

20、-dns=169.169.0.2 -cluster-domain=cluster.local.4.2 重启kubeletrootk8s-master01 # systemctl restart kubelet5. 校验kubedns功能5.1 创建一个my-nginx的Deployment文件rootk8s-master01 testkubedns# vim my-nginx-deployment.yamlapiVersion: extensions/v1beta1kind: Deploymentmetadata: name: my-nginxspec: replicas: 2 templat

21、e: metadata: labels: run: my-nginx spec: containers: - name: my-nginx image: nginx ports: - containerPort: 805.2 创建Deploymentrootk8s-master01 testkubedns# kubectl create -f ./my-nginx-deployment.yaml deployment my-nginx createdrootk8s-master01 testkubedns# kubectl get deploy my-nginxNAME DESIRED CUR

22、RENT UP-TO-DATE AVAILABLE AGEmy-nginx 2 2 2 2 1m5.3 发布服务rootk8s-master01 testkubedns# kubectl expose deploy my-nginxservice my-nginx exposedrootk8s-master01 testkubedns# kubectl get svc my-nginxNAME CLUSTER-IP EXTERNAL-IP PORT(S) AGEmy-nginx 169.169.255.45 80/TCP 8srootk8s-master01 testkubedns# kube

23、ctl get svc my-nginx -o yamlapiVersion: v1kind: Servicemetadata: creationTimestamp: 2017-09-12T12:41:01Z labels: run: my-nginx name: my-nginx namespace: default resourceVersion: 135846 selfLink: /api/v1/namespaces/default/services/my-nginx uid: a26d00c0-97b7-11e7-8c4a-000c298d23b9spec: clusterIP: 16

24、9.169.255.45 ports: - port: 80 protocol: TCP targetPort: 80 selector: run: my-nginx sessionAffinity: None type: ClusterIPstatus: loadBalancer: 5.4 再创建一个deploymentrootk8s-master01 testkubedns# kubectl run nginx -image=nginxdeployment nginx createdrootk8s-master01 testkubedns# kubectl get podsNAME REA

25、DY STATUS RESTARTS AGEmy-nginx-4293833666-1z7q7 1/1 Running 0 3mmy-nginx-4293833666-37mcr 1/1 Running 0 3mnginx-4217019353-8gq4f 1/1 Running 0 5s5.5 拷贝ping命令及相关lib库到新启动的nginx pod中rootk8s-master01 testkubedns# kubectl cp /usr/bin/ping nginx-4217019353-whx5b:/usr/bin/rootk8s-master01 testkubedns# kube

26、ctl cp /usr/lib64/libcap.so.2 nginx-4217019353-whx5b:/usr/lib/rootk8s-master01 testkubedns# kubectl cp /usr/lib64/libidn.so.11 nginx-4217019353-whx5b:/usr/lib/rootk8s-master01 testkubedns# kubectl cp /usr/lib64/libcrypto.so.10 nginx-4217019353-whx5b:/usr/lib/5.5 进入新启动的nginx pod中，然后ping之前创建的my-nginx服务，看是否能正常解析到dns地址rootk8s-master01 testkubedns# kubectl exec nginx-4217019353-whx5b -ti - /bin/bashrootnginx-4217019353-whx5b:/# ping my-nginxPING my-nginx.default.svc.cluster.local (169.169.255.45) 56(84) bytes of data.