DNS部署

基于上一篇文章从零开始搭建基于calico的kubenetes，已经完成了kubernetes的部署。但未 部署DNS。本章节将介绍DNS部署。

配置文件准备

skydns-rc.yaml 注意此文件与kubernetes官方提供的模板相比，在此mount了从节点的配置文件/etc/kubernetes/worker-kubeconfig.yaml,原因在于DNS部署有时候会出现很多未知的错误，如：10.100.0.1:443链接被拒绝、或者证书加载错误等:

# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# TODO - At some point, we need to rename all skydns-*.yaml.* files to kubedns-*.yaml.*

# Warning: This is a file generated from the base underscore template file: skydns-rc.yaml.base

apiVersion: v1
kind: ReplicationController
metadata:
 name: kube-dns-v20
 namespace: kube-system
 labels:
 k8s-app: kube-dns
 version: v20
 kubernetes.io/cluster-service: "true"
spec:
 replicas: 1
 selector:
 k8s-app: kube-dns
 version: v20
 template:
 metadata:
 labels:
 k8s-app: kube-dns
 version: v20
 annotations:
 scheduler.alpha.kubernetes.io/critical-pod: ''
 scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
 spec:
 containers:
 - name: kubedns
 image: shenshouer/kubedns-amd64:1.9
 resources:
 # TODO: Set memory limits when we've profiled the container for large
 # clusters, then set request = limit to keep this container in
 # guaranteed class. Currently, this container falls into the
 # "burstable" category so the kubelet doesn't backoff from restarting it.
 limits:
 memory: 170Mi
 requests:
 cpu: 100m
 memory: 70Mi
 livenessProbe:
 httpGet:
 path: /healthz-kubedns
 port: 8080
 scheme: HTTP
 initialDelaySeconds: 60
 timeoutSeconds: 5
 successThreshold: 1
 failureThreshold: 5
 readinessProbe:
 httpGet:
 path: /readiness
 port: 8081
 scheme: HTTP
 # we poll on pod startup for the Kubernetes master service and
 # only setup the /readiness HTTP server once that's available.
 initialDelaySeconds: 3
 timeoutSeconds: 5
 args:
 # command = "/kube-dns"
 - --domain=cluster.local.
 - --dns-port=10053
# - --kube-master-url=https://172.18.8.101
 - --kubecfg-file=/etc/kubernetes/worker-kubeconfig.yaml
 - --federations=myfederation=federation.test
 ports:
 - containerPort: 10053
 name: dns-local
 protocol: UDP
 - containerPort: 10053
 name: dns-tcp-local
 protocol: TCP
 volumeMounts:
 - mountPath: /etc/ssl/certs
 name: "ssl-certs"
 - mountPath: /etc/kubernetes/worker-kubeconfig.yaml
 name: "kubeconfig"
 readOnly: true
 - mountPath: /etc/kubernetes/ssl
 name: "etc-kube-ssl"
 readOnly: true

 - name: dnsmasq
 image: shenshouer/kube-dnsmasq-amd64:1.4
 livenessProbe:
 httpGet:
 path: /healthz-dnsmasq
 port: 8080
 scheme: HTTP
 initialDelaySeconds: 60
 timeoutSeconds: 5
 successThreshold: 1
 failureThreshold: 5
 args:
 - --cache-size=1000
 - --no-resolv
 - --server=127.0.0.1#10053
 - --log-facility=-
 ports:
 - containerPort: 53
 name: dns
 protocol: UDP
 - containerPort: 53
 name: dns-tcp
 protocol: TCP
 - name: healthz
 image: shenshouer/exechealthz-amd64:1.2
 resources:
 limits:
 memory: 50Mi
 requests:
 cpu: 10m
 # Note that this container shouldn't really need 50Mi of memory. The
 # limits are set higher than expected pending investigation on #29688.
 # The extra memory was stolen from the kubedns container to keep the
 # net memory requested by the pod constant.
 memory: 50Mi
 args:
 - --cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1 >/dev/null
 - --url=/healthz-dnsmasq
 - --cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1:10053 >/dev/null
 - --url=/healthz-kubedns
 - --port=8080
 - --quiet
 ports:
 - containerPort: 8080
 protocol: TCP
 dnsPolicy: Default # Don't use cluster DNS.
 volumes:
 - name: "ssl-certs"
 hostPath:
 path: "/usr/share/ca-certificates"
 - name: "kubeconfig"
 hostPath:
 path: "/etc/kubernetes/worker-kubeconfig.yaml"
 - name: "etc-kube-ssl"
 hostPath:
 path: "/etc/kubernetes/ssl"

skydns-svc.yaml与官方模板相同:

# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# TODO - At some point, we need to rename all skydns-*.yaml.* files to kubedns-*.yaml.*

# Warning: This is a file generated from the base underscore template file: skydns-svc.yaml.base

apiVersion: v1
kind: Service
metadata:
 name: kube-dns
 namespace: kube-system
 labels:
 k8s-app: kube-dns
 kubernetes.io/cluster-service: "true"
 kubernetes.io/name: "KubeDNS"
spec:
 selector:
 k8s-app: kube-dns
 clusterIP: 172.30.0.10
 ports:
 - name: dns
 port: 53
 protocol: UDP
 - name: dns-tcp
 port: 53
 protocol: TCP

http://blog.csdn.net/shenshouer/article/details/52946194?locationNum=2&fps=1

http://blog.csdn.net/shenshouer/article/details/53035948

https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns

本文转自开源中国-k8s dns 带证书配置