核心链接

CoreDNS 安装

apiVersion: v1kind: ServiceAccountmetadata:  name: coredns  namespace: kube-system---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRolemetadata:  labels:    kubernetes.io/bootstrapping: rbac-defaults  name: system:corednsrules:- apiGroups:  - ""  resources:  - endpoints  - services  - pods  - namespaces  verbs:  - list  - watch---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBindingmetadata:  annotations:    rbac.authorization.kubernetes.io/autoupdate: "true"  labels:    kubernetes.io/bootstrapping: rbac-defaults  name: system:corednsroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: system:corednssubjects:- kind: ServiceAccount  name: coredns  namespace: kube-system---apiVersion: v1kind: ConfigMapmetadata:  name: coredns  namespace: kube-systemdata:  Corefile: |    .:53 {        log        errors        health        kubernetes cluster.local 172.0.0.0/8 in-addr.arpa ip6.arpa {          pods insecure          upstream          fallthrough in-addr.arpa ip6.arpa        }        prometheus :9153        proxy . /etc/resolv.conf        cache 30        reload    }---apiVersion: extensions/v1beta1kind: Deploymentmetadata:  name: coredns  namespace: kube-system  labels:    k8s-app: coredns    kubernetes.io/name: "CoreDNS"spec:  replicas: 2  strategy:    type: RollingUpdate    rollingUpdate:      maxUnavailable: 1  selector:    matchLabels:      k8s-app: coredns  template:    metadata:      labels:        k8s-app: coredns    spec:      serviceAccountName: coredns      tolerations:        - key: "CriticalAddonsOnly"          operator: "Exists"      containers:      - name: coredns        image: hub.issll.com/kubernetes/coredns:1.1.0        imagePullPolicy: IfNotPresent        args: [ "-conf", "/etc/coredns/Corefile" ]        volumeMounts:        - name: config-volume          mountPath: /etc/coredns        ports:        - containerPort: 53          name: dns          protocol: UDP        - containerPort: 53          name: dns-tcp          protocol: TCP        livenessProbe:          httpGet:            path: /health            port: 8081            scheme: HTTP          initialDelaySeconds: 60          timeoutSeconds: 5          successThreshold: 1          failureThreshold: 5      dnsPolicy: Default      volumes:        - name: config-volume          configMap:            name: coredns            items:            - key: Corefile              path: Corefile---apiVersion: v1kind: Servicemetadata:  name: kube-dns  namespace: kube-system  labels:    k8s-app: coredns    kubernetes.io/cluster-service: "true"    kubernetes.io/name: "CoreDNS"spec:  selector:    k8s-app: coredns  clusterIP: 172.21.0.2  ports:  - name: dns    port: 53    protocol: UDP  - name: dns-tcp    port: 53    protocol: TCP

在master结点上执行

kubectl apply -f coredns.yaml

主要修改文件

nodes结点上的/etc/resolv.conf

$ cat /etc/resolv.conf     # Generated by NetworkManager    search default.svc.cluster.local middleware.svc.cluster.local svc.cluster.local cluster.local     nameserver 192.168.1.254

打印每个pods上的出错日志

for p in $(kubectl get pods --namespace=kube-system -l k8s-app=coredns -o name); do kubectl logs --namespace=kube-system $p; done

用busybox 检验coredns解析效果

kubectl exec -ti busybox -- nslookup redis-master

因为结点上的search 域的设定，等于

kubectl exec -ti busybox -- nslookup redis-master.middleware.svc.cluster.local

这里 redis-master 是布署在 middleware 命名空间下的一个pod

CoreDNS 已知 Bug

重新加载时，在启动新服务器实例之前停止运行状况处理程序。如果新服务器无法启动，则初始服务器实例仍然可用且仍然提供DNS查询，但Health处理程序保持关闭状态。在成功重新加载或完全重新启动CoreDNS之前，Health运行状况不会回复HTTP请求。

后记

在新 pod 创建后, CoreDNS 更新有问题, 需要解决