一、修改每个 Node 上 kubelet 的 DNS 启动参数
修改每个 Node 上的启动参数,在其中加上一下两个参数:
- --cluster-dns=169.169.0.100:为DNS 服务的 ClusterIP 地址
- --cluster-domain=cluster.local:为在 DNS 服务中设置的域名
然后后重启 kubelet 服务。
systemctl restart kubelet
二、配置 coredns.yaml
[root@k8s0 coredns]# cat >coredns.yaml <<EOF --- apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system labels: addonmanager.kubernetes.io/mode: EnsureExists data: Corefile: | cluster.local { errors health { lameduck 5s } ready kubernetes cluster.local 169.169.0.0/16 { fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance } . { cache 30 loadbalance forward . /etc/resolv.conf } --- apiVersion: apps/v1 kind: Deployment metadata: name: coredns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/name: "CoreDNS" spec: replicas: 3 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 selector: matchLabels: k8s-app: kube-dns template: metadata: labels: k8s-app: kube-dns spec: priorityClassName: system-cluster-critical tolerations: - key: "CriticalAddonsOnly" operator: "Exists" nodeSelector: kubernetes.io/os: linux affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: k8s-app operator: In values: ["kube-dns"] topologyKey: kubernetes.io/hostname containers: - name: coredns image: coredns/coredns:1.10.0 imagePullPolicy: IfNotPresent resources: limits: memory: 170Mi requests: cpu: 100m memory: 70Mi args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: - name: config-volume mountPath: /etc/coredns readOnly: true ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP - containerPort: 9153 name: metrics protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_BIND_SERVICE drop: - all readOnlyRootFilesystem: true livenessProbe: httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 readinessProbe: httpGet: path: /ready port: 8181 scheme: HTTP dnsPolicy: Default volumes: - name: config-volume configMap: name: coredns items: - key: Corefile path: Corefile --- apiVersion: v1 kind: Service metadata: name: kube-dns namespace: kube-system annotations: prometheus.io/port: "9153" prometheus.io/scrape: "true" labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS" spec: selector: k8s-app: kube-dns clusterIP: 169.169.0.100 ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53 protocol: TCP - name: metrics port: 9153 protocol: TCP EOF
三、创建 CoreDNS
[root@k8s0 coredns]# kubectl create -f coredns.yaml configmap/coredns created deployment.apps/coredns created service/kube-dns created
四、验证是否安装成功
- 命令查看:
[root@k8s0 coredns]# kubectl get deploy -n=kube-system | grep dns coredns 3/3 3 3 47s [root@k8s0 coredns]# kubectl get svc -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 169.169.0.100 <none> 53/UDP,53/TCP,9153/TCP 2m55s [root@k8s0 coredns]# kubectl get pod -n kube-system | grep dns coredns-7777c5c849-4k7cx 1/1 Running 0 3m13s coredns-7777c5c849-75hqs 1/1 Running 0 3m13s coredns-7777c5c849-h2jbt 1/1 Running 0 3m13s
管理界面查看:
服务验证:
随便新建一个Pod,进入pod之后
[root@xxxxxxdb-statefulset-ak8s-0 bin]# cat /etc/resolv.conf search default.svc.cluster.local svc.cluster.local cluster.local nameserver 169.169.0.100 options ndots:5
可以看到 /etc/resolv.conf 文件中的 nameserver 已经变成了指定的 169.169.0.100
CoreDNS 部署完成之后,就可以稳定通过域名来ping通集群内部的各个pod了,解决了 kubernetes 集群中IP不够稳定,但有需要稳定通信的问题!
