From 402f7238e8a783b9dcd46c35180a66ff95379475 Mon Sep 17 00:00:00 2001 From: TrojanY Date: Tue, 17 Apr 2018 09:26:23 +0800 Subject: [PATCH 1/8] =?UTF-8?q?=E5=A2=9E=E5=8A=A0coredns=E5=AE=89=E8=A3=85?= =?UTF-8?q?=E8=AF=B4=E6=98=8E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- practice/coredns.md | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 practice/coredns.md diff --git a/practice/coredns.md b/practice/coredns.md new file mode 100644 index 000000000..1c61ef3cf --- /dev/null +++ b/practice/coredns.md @@ -0,0 +1,37 @@ +# Kubernetes中CoreDNS安装实践 + +CoreDNSc可以具有标准的Kube-DNS的Kubernetes集群中运行。作为* Kubernetes *的插件使用,CoreDNS将从 +Kubernetes集群中读取区(zone)数据。它实现了为Kubernetes的DNS服务发现定义的规范: + + https://github.com/kubernetes/dns/blob/master/docs/specification.md + + +## 部署CoreDNS需要使用到官方的提供的两个文件 [deploy.sh](https://github.com/coredns/deployment/blob/master/kubernetes/deploy.sh)和[coredns.yaml.sed](https://github.com/coredns/deployment/blob/master/kubernetes/coredns.yaml.sed) + +`deploy.sh` 是一个用于在已经运行kube-dns的集群中生成运行CoreDNS部署文件(manifest)的工具脚本。它使用 +'coredns.yaml.sed'文件作为模板,创建一个ConfigMap和CoreDNS的deployment, 然后更新集群中已有的kube-dns +服务的selector使用CoreDNS的deployment。重用已有的服务并不会在服务的请求中发生冲突。 + +deploy.sh文件并不会删除kube-dns的deployment或者replication controller。如果要删除kube-dns, 你必须 +在部署CoreDNS后手动的删除kube-dns。 + +You should examine the manifest carefully and make sure it is correct for your particular +cluster. Depending on how you have built your cluster and the version you are running, +some modifications to the manifest may be needed. +你需要仔细测试manifest文件,以确保它能够对你的集群正常运行。这依赖于你的怎样构建你的集群以及你正在运行的集群版本。 +对manifest文件做一些修改是有比要的。 + +In the best case scenario, all that's needed to replace Kube-DNS are these two commands: +在最佳的案例场景中,使用CoreDNS替换Kube-DNS只需要使用下面的两个命令: + +~~~ +$ ./deploy.sh | kubectl apply -f - +$ kubectl delete --namespace=kube-system deployment kube-dns +~~~ + + +注意:我们建议在部署CoreDNS后删除kube-dns。否则如果CoreDNS和kube-dns同时运行,服务查询可能会随机的在CoreDNS和kube-dns之间产生。 + +对于non-RBAC部署,你需要编辑生成的结果yaml文件: +1. 从yaml文件的“Deployment”部分删除 `serviceAccountName: coredns` +2. 删除 `ServiceAccount`, `ClusterRole`, 和 `ClusterRoleBinding` 部分 From 03c1cc961c5ee7e86449c99349eff377c2538615 Mon Sep 17 00:00:00 2001 From: TrojanY Date: Tue, 17 Apr 2018 12:02:08 +0800 Subject: [PATCH 2/8] Update coredns.md --- practice/coredns.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/practice/coredns.md b/practice/coredns.md index 1c61ef3cf..ea609c689 100644 --- a/practice/coredns.md +++ b/practice/coredns.md @@ -1,6 +1,6 @@ # Kubernetes中CoreDNS安装实践 -CoreDNSc可以具有标准的Kube-DNS的Kubernetes集群中运行。作为* Kubernetes *的插件使用,CoreDNS将从 +CoreDNSc可以在具有标准的Kube-DNS的Kubernetes集群中运行。作为* Kubernetes *的插件使用,CoreDNS将从 Kubernetes集群中读取区(zone)数据。它实现了为Kubernetes的DNS服务发现定义的规范: https://github.com/kubernetes/dns/blob/master/docs/specification.md From 57376634482eb6f8c85ac6c2dc331ff6c8dca83e Mon Sep 17 00:00:00 2001 From: TrojanY Date: Tue, 17 Apr 2018 12:09:39 +0800 Subject: [PATCH 3/8] Update SUMMARY.md --- SUMMARY.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/SUMMARY.md b/SUMMARY.md index 1e89f85fc..305ad71f6 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -129,7 +129,9 @@ - [网络和集群性能测试](practice/network-and-cluster-perfermance-test.md) - [边缘节点配置](practice/edge-node-configuration.md) - [安装Nginx ingress](practice/nginx-ingress-installation.md) - - [配置内置DNS(kube-dns)](practice/configuring-dns.md) +  - [安装配置DNS] + - [Kube-DNS](practice/configuring-dns.md) + - [Core-DNS](practice/coredns.md) - [运维管理](practice/operation.md) - [Master节点高可用](practice/master-ha.md) - [服务滚动升级](practice/service-rolling-update.md) From 082549b82dd314c20a10716db883f84193d46d05 Mon Sep 17 00:00:00 2001 From: TrojanY Date: Tue, 17 Apr 2018 12:13:47 +0800 Subject: [PATCH 4/8] add coredns setup guide --- manifests/coredns/coredns.yaml.sed | 145 +++++++++++++++++++++++++++++ manifests/coredns/deploy.sh | 52 +++++++++++ 2 files changed, 197 insertions(+) create mode 100644 manifests/coredns/coredns.yaml.sed create mode 100644 manifests/coredns/deploy.sh diff --git a/manifests/coredns/coredns.yaml.sed b/manifests/coredns/coredns.yaml.sed new file mode 100644 index 000000000..d281e1b68 --- /dev/null +++ b/manifests/coredns/coredns.yaml.sed @@ -0,0 +1,145 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: coredns + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:coredns +rules: +- apiGroups: + - "" + resources: + - endpoints + - services + - pods + - namespaces + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:coredns +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:coredns +subjects: +- kind: ServiceAccount + name: coredns + namespace: kube-system +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: coredns + namespace: kube-system +data: + Corefile: | + .:53 { + errors + health + kubernetes CLUSTER_DOMAIN REVERSE_CIDRS { + pods insecure + upstream + fallthrough in-addr.arpa ip6.arpa + } + prometheus :9153 + proxy . /etc/resolv.conf + cache 30 + } +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: coredns + namespace: kube-system + labels: + k8s-app: kube-dns + kubernetes.io/name: "CoreDNS" +spec: + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + selector: + matchLabels: + k8s-app: kube-dns + template: + metadata: + labels: + k8s-app: kube-dns + spec: + serviceAccountName: coredns + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + containers: + - name: coredns + image: coredns/coredns:1.1.1 + imagePullPolicy: IfNotPresent + args: [ "-conf", "/etc/coredns/Corefile" ] + volumeMounts: + - name: config-volume + mountPath: /etc/coredns + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + - containerPort: 9153 + name: metrics + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + dnsPolicy: Default + volumes: + - name: config-volume + configMap: + name: coredns + items: + - key: Corefile + path: Corefile +--- +apiVersion: v1 +kind: Service +metadata: + name: kube-dns + namespace: kube-system + annotations: + prometheus.io/scrape: "true" + labels: + k8s-app: kube-dns + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "CoreDNS" +spec: + selector: + k8s-app: kube-dns + clusterIP: CLUSTER_DNS_IP + ports: + - name: dns + port: 53 + protocol: UDP + - name: dns-tcp + port: 53 + protocol: TCP diff --git a/manifests/coredns/deploy.sh b/manifests/coredns/deploy.sh new file mode 100644 index 000000000..0812a0c50 --- /dev/null +++ b/manifests/coredns/deploy.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +# Deploys CoreDNS to a cluster currently running Kube-DNS. + +show_help () { +cat << USAGE +usage: $0 [ -r REVERSE-CIDR ] [ -i DNS-IP ] [ -d CLUSTER-DOMAIN ] [ -t YAML-TEMPLATE ] + + -r : Define a reverse zone for the given CIDR. You may specifcy this option more + than once to add multiple reverse zones. If no reverse CIDRs are defined, + then the default is to handle all reverse zones (i.e. in-addr.arpa and ip6.arpa) + -i : Specify the cluster DNS IP address. If not specificed, the IP address of + the existing "kube-dns" service is used, if present. +USAGE +exit 0 +} + +# Simple Defaults +CLUSTER_DOMAIN=cluster.local +YAML_TEMPLATE=`pwd`/coredns.yaml.sed + + +# Get Opts +while getopts "hr:i:d:t:" opt; do + case "$opt" in + h) show_help + ;; + r) REVERSE_CIDRS="$REVERSE_CIDRS $OPTARG" + ;; + i) CLUSTER_DNS_IP=$OPTARG + ;; + d) CLUSTER_DOMAIN=$OPTARG + ;; + t) YAML_TEMPLATE=$OPTARG + ;; + esac +done + +# Conditional Defaults +if [[ -z $REVERSE_CIDRS ]]; then + REVERSE_CIDRS="in-addr.arpa ip6.arpa" +fi +if [[ -z $CLUSTER_DNS_IP ]]; then + # Default IP to kube-dns IP + CLUSTER_DNS_IP=$(kubectl get service --namespace kube-system kube-dns -o jsonpath="{.spec.clusterIP}") + if [ $? -ne 0 ]; then + >&2 echo "Error! The IP address for DNS service couldn't be determined automatically. Please specify the DNS-IP with the '-i' option." + exit 2 + fi +fi + +sed -e s/CLUSTER_DNS_IP/$CLUSTER_DNS_IP/g -e s/CLUSTER_DOMAIN/$CLUSTER_DOMAIN/g -e "s?REVERSE_CIDRS?$REVERSE_CIDRS?g" $YAML_TEMPLATE From 30cb54565ff6c93b52bacba72311fb3523a8ae90 Mon Sep 17 00:00:00 2001 From: TrojanY Date: Tue, 17 Apr 2018 12:16:24 +0800 Subject: [PATCH 5/8] Update coredns.md --- practice/coredns.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/practice/coredns.md b/practice/coredns.md index ea609c689..725b22e4d 100644 --- a/practice/coredns.md +++ b/practice/coredns.md @@ -8,6 +8,8 @@ Kubernetes集群中读取区(zone)数据。它实现了为Kubernetes的DNS ## 部署CoreDNS需要使用到官方的提供的两个文件 [deploy.sh](https://github.com/coredns/deployment/blob/master/kubernetes/deploy.sh)和[coredns.yaml.sed](https://github.com/coredns/deployment/blob/master/kubernetes/coredns.yaml.sed) +(这两个文件已经放入manifest的[coredns](/manifest/coredns)中) + `deploy.sh` 是一个用于在已经运行kube-dns的集群中生成运行CoreDNS部署文件(manifest)的工具脚本。它使用 'coredns.yaml.sed'文件作为模板,创建一个ConfigMap和CoreDNS的deployment, 然后更新集群中已有的kube-dns 服务的selector使用CoreDNS的deployment。重用已有的服务并不会在服务的请求中发生冲突。 From d8642f4a5a3e67ac98f79254b8c43f062706455c Mon Sep 17 00:00:00 2001 From: TrojanY Date: Tue, 17 Apr 2018 12:17:08 +0800 Subject: [PATCH 6/8] Update coredns.md --- practice/coredns.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/practice/coredns.md b/practice/coredns.md index 725b22e4d..7bc2f89cb 100644 --- a/practice/coredns.md +++ b/practice/coredns.md @@ -8,7 +8,7 @@ Kubernetes集群中读取区(zone)数据。它实现了为Kubernetes的DNS ## 部署CoreDNS需要使用到官方的提供的两个文件 [deploy.sh](https://github.com/coredns/deployment/blob/master/kubernetes/deploy.sh)和[coredns.yaml.sed](https://github.com/coredns/deployment/blob/master/kubernetes/coredns.yaml.sed) -(这两个文件已经放入manifest的[coredns](/manifest/coredns)中) +(这两个文件已经放入manifest的[coredns](/manifests/coredns)中) `deploy.sh` 是一个用于在已经运行kube-dns的集群中生成运行CoreDNS部署文件(manifest)的工具脚本。它使用 'coredns.yaml.sed'文件作为模板,创建一个ConfigMap和CoreDNS的deployment, 然后更新集群中已有的kube-dns From df74f800f6e90ea139a926a62a769a04966a9710 Mon Sep 17 00:00:00 2001 From: TrojanY Date: Tue, 17 Apr 2018 20:24:20 +0800 Subject: [PATCH 7/8] Update coredns.md --- practice/coredns.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/practice/coredns.md b/practice/coredns.md index 7bc2f89cb..c06eb412b 100644 --- a/practice/coredns.md +++ b/practice/coredns.md @@ -17,13 +17,9 @@ Kubernetes集群中读取区(zone)数据。它实现了为Kubernetes的DNS deploy.sh文件并不会删除kube-dns的deployment或者replication controller。如果要删除kube-dns, 你必须 在部署CoreDNS后手动的删除kube-dns。 -You should examine the manifest carefully and make sure it is correct for your particular -cluster. Depending on how you have built your cluster and the version you are running, -some modifications to the manifest may be needed. 你需要仔细测试manifest文件,以确保它能够对你的集群正常运行。这依赖于你的怎样构建你的集群以及你正在运行的集群版本。 对manifest文件做一些修改是有比要的。 -In the best case scenario, all that's needed to replace Kube-DNS are these two commands: 在最佳的案例场景中,使用CoreDNS替换Kube-DNS只需要使用下面的两个命令: ~~~ From 9c61cf961ac8a1cac5981b59a7813eb2d0f6a08e Mon Sep 17 00:00:00 2001 From: TrojanY Date: Tue, 17 Apr 2018 20:24:58 +0800 Subject: [PATCH 8/8] Update coredns.md --- practice/coredns.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/practice/coredns.md b/practice/coredns.md index c06eb412b..53b2b1389 100644 --- a/practice/coredns.md +++ b/practice/coredns.md @@ -1,12 +1,12 @@ # Kubernetes中CoreDNS安装实践 -CoreDNSc可以在具有标准的Kube-DNS的Kubernetes集群中运行。作为* Kubernetes *的插件使用,CoreDNS将从 +CoreDNS可以在具有标准的Kube-DNS的Kubernetes集群中运行。作为* Kubernetes *的插件使用,CoreDNS将从 Kubernetes集群中读取区(zone)数据。它实现了为Kubernetes的DNS服务发现定义的规范: https://github.com/kubernetes/dns/blob/master/docs/specification.md -## 部署CoreDNS需要使用到官方的提供的两个文件 [deploy.sh](https://github.com/coredns/deployment/blob/master/kubernetes/deploy.sh)和[coredns.yaml.sed](https://github.com/coredns/deployment/blob/master/kubernetes/coredns.yaml.sed) +## 部署CoreDNS需要使用到官方提供的两个文件 [deploy.sh](https://github.com/coredns/deployment/blob/master/kubernetes/deploy.sh)和[coredns.yaml.sed](https://github.com/coredns/deployment/blob/master/kubernetes/coredns.yaml.sed) (这两个文件已经放入manifest的[coredns](/manifests/coredns)中)