Merge pull request #185 from TrojanY/master

Add coredns installation instructions
2018-04-19 10:21:54 +08:00 · 2018-04-19 10:21:54 +08:00 · 1975470f9e
parent f8990846bc 9c61cf961a
commit 1975470f9e
4 changed files with 235 additions and 1 deletions
--- a/SUMMARY.md
+++ b/SUMMARY.md
@ -130,7 +130,9 @@
  - [网络和集群性能测试](practice/network-and-cluster-perfermance-test.md)
  - [边缘节点配置](practice/edge-node-configuration.md)
  - [安装Nginx ingress](practice/nginx-ingress-installation.md)
-  - [配置内置DNS（kube-dns）](practice/configuring-dns.md)
+  - [安装配置DNS]
+    - [Kube-DNS](practice/configuring-dns.md)
+    - [Core-DNS](practice/coredns.md)
 - [运维管理](practice/operation.md)
   - [Master节点高可用](practice/master-ha.md)
   - [服务滚动升级](practice/service-rolling-update.md)
--- a/manifests/coredns/coredns.yaml.sed
+++ b/manifests/coredns/coredns.yaml.sed
@ -0,0 +1,145 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: coredns
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:coredns
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  - services
+  - pods
+  - namespaces
+  verbs:
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:coredns
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:coredns
+subjects:
+- kind: ServiceAccount
+  name: coredns
+  namespace: kube-system
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns
+  namespace: kube-system
+data:
+  Corefile: |
+    .:53 {
+        errors
+        health
+        kubernetes CLUSTER_DOMAIN REVERSE_CIDRS {
+          pods insecure
+          upstream
+          fallthrough in-addr.arpa ip6.arpa
+        }
+        prometheus :9153
+        proxy . /etc/resolv.conf
+        cache 30
+    }
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: coredns
+  namespace: kube-system
+  labels:
+    k8s-app: kube-dns
+    kubernetes.io/name: "CoreDNS"
+spec:
+  replicas: 2
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      k8s-app: kube-dns
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-dns
+    spec:
+      serviceAccountName: coredns
+      tolerations:
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+      containers:
+      - name: coredns
+        image: coredns/coredns:1.1.1
+        imagePullPolicy: IfNotPresent
+        args: [ "-conf", "/etc/coredns/Corefile" ]
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/coredns
+        ports:
+        - containerPort: 53
+          name: dns
+          protocol: UDP
+        - containerPort: 53
+          name: dns-tcp
+          protocol: TCP
+        - containerPort: 9153
+          name: metrics
+          protocol: TCP
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 60
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 5
+      dnsPolicy: Default
+      volumes:
+        - name: config-volume
+          configMap:
+            name: coredns
+            items:
+            - key: Corefile
+              path: Corefile
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kube-dns
+  namespace: kube-system
+  annotations:
+    prometheus.io/scrape: "true"
+  labels:
+    k8s-app: kube-dns
+    kubernetes.io/cluster-service: "true"
+    kubernetes.io/name: "CoreDNS"
+spec:
+  selector:
+    k8s-app: kube-dns
+  clusterIP: CLUSTER_DNS_IP
+  ports:
+  - name: dns
+    port: 53
+    protocol: UDP
+  - name: dns-tcp
+    port: 53
+    protocol: TCP
--- a/manifests/coredns/deploy.sh
+++ b/manifests/coredns/deploy.sh
@ -0,0 +1,52 @@
+#!/bin/bash
+
+# Deploys CoreDNS to a cluster currently running Kube-DNS.
+
+show_help () {
+cat << USAGE
+usage: $0 [ -r REVERSE-CIDR ] [ -i DNS-IP ] [ -d CLUSTER-DOMAIN ] [ -t YAML-TEMPLATE ]
+
+    -r : Define a reverse zone for the given CIDR. You may specifcy this option more
+         than once to add multiple reverse zones. If no reverse CIDRs are defined,
+         then the default is to handle all reverse zones (i.e. in-addr.arpa and ip6.arpa)
+    -i : Specify the cluster DNS IP address. If not specificed, the IP address of
+         the existing "kube-dns" service is used, if present.
+USAGE
+exit 0
+}
+
+# Simple Defaults
+CLUSTER_DOMAIN=cluster.local
+YAML_TEMPLATE=`pwd`/coredns.yaml.sed
+
+
+# Get Opts
+while getopts "hr:i:d:t:" opt; do
+    case "$opt" in
+    h)  show_help
+        ;;
+    r)  REVERSE_CIDRS="$REVERSE_CIDRS $OPTARG"
+        ;;
+    i)  CLUSTER_DNS_IP=$OPTARG
+        ;;
+    d)  CLUSTER_DOMAIN=$OPTARG
+        ;;
+    t)  YAML_TEMPLATE=$OPTARG
+        ;;
+    esac
+done
+
+# Conditional Defaults
+if [[ -z $REVERSE_CIDRS ]]; then
+  REVERSE_CIDRS="in-addr.arpa ip6.arpa"
+fi
+if [[ -z $CLUSTER_DNS_IP ]]; then
+  # Default IP to kube-dns IP
+  CLUSTER_DNS_IP=$(kubectl get service --namespace kube-system kube-dns -o jsonpath="{.spec.clusterIP}")
+  if [ $? -ne 0 ]; then
+      >&2 echo "Error! The IP address for DNS service couldn't be determined automatically. Please specify the DNS-IP with the '-i' option."
+      exit 2
+  fi
+fi
+
+sed -e s/CLUSTER_DNS_IP/$CLUSTER_DNS_IP/g -e s/CLUSTER_DOMAIN/$CLUSTER_DOMAIN/g -e "s?REVERSE_CIDRS?$REVERSE_CIDRS?g" $YAML_TEMPLATE
--- a/practice/coredns.md
+++ b/practice/coredns.md
@ -0,0 +1,35 @@
+# Kubernetes中CoreDNS安装实践
+
+CoreDNS可以在具有标准的Kube-DNS的Kubernetes集群中运行。作为* Kubernetes *的插件使用，CoreDNS将从
+Kubernetes集群中读取区（zone）数据。它实现了为Kubernetes的DNS服务发现定义的规范：
+
+   https://github.com/kubernetes/dns/blob/master/docs/specification.md
+
+
+## 部署CoreDNS需要使用到官方提供的两个文件 [deploy.sh](https://github.com/coredns/deployment/blob/master/kubernetes/deploy.sh)和[coredns.yaml.sed](https://github.com/coredns/deployment/blob/master/kubernetes/coredns.yaml.sed)
+
+(这两个文件已经放入manifest的[coredns](/manifests/coredns)中)
+
+`deploy.sh` 是一个用于在已经运行kube-dns的集群中生成运行CoreDNS部署文件（manifest）的工具脚本。它使用
+'coredns.yaml.sed'文件作为模板，创建一个ConfigMap和CoreDNS的deployment, 然后更新集群中已有的kube-dns
+服务的selector使用CoreDNS的deployment。重用已有的服务并不会在服务的请求中发生冲突。
+
+deploy.sh文件并不会删除kube-dns的deployment或者replication controller。如果要删除kube-dns, 你必须
+在部署CoreDNS后手动的删除kube-dns。
+
+你需要仔细测试manifest文件，以确保它能够对你的集群正常运行。这依赖于你的怎样构建你的集群以及你正在运行的集群版本。
+对manifest文件做一些修改是有比要的。
+
+在最佳的案例场景中，使用CoreDNS替换Kube-DNS只需要使用下面的两个命令：
+
+~~~
+$ ./deploy.sh | kubectl apply -f -
+$ kubectl delete --namespace=kube-system deployment kube-dns
+~~~
+
+
+注意：我们建议在部署CoreDNS后删除kube-dns。否则如果CoreDNS和kube-dns同时运行，服务查询可能会随机的在CoreDNS和kube-dns之间产生。
+
+对于non-RBAC部署，你需要编辑生成的结果yaml文件：
+1. 从yaml文件的“Deployment”部分删除 `serviceAccountName: coredns`
+2. 删除 `ServiceAccount`, `ClusterRole`, 和 `ClusterRoleBinding` 部分