本文基于已经搭建好的k8s集群,集群搭建参考:《Kubernetes集群搭建》
下载coredns yaml部署脚本
注意:如果已经部署coredns可忽略
- wget https://github.com/coredns/deployment/raw/master/kubernetes/coredns.yaml.sed
- wget https://github.com/coredns/deployment/raw/master/kubernetes/deploy.sh
- chmod +x deploy.sh
重新打coredns镜像
想将dns记录存在etcd中,如果内部https,etcd必须打证书,应此coredns必须带证书,将k8s相关证书打入coredns
- mkdir /root/coredns
- docker pull coredns/coredns:1.3.1
- cp /etc/kubernetes/ssl/kubernetes .
- cp /etc/kubernetes/ssl/k8s-root-ca.pem .
Dockerfile
- FROM coredns/coredns:1.3.1
- ADD ./*.pem /
Makefile
- VERSION=1.3.1-etcd
- REGISTRY=hub.linuxeye.com
- NAME=coredns
- build-image:
- docker build -f Dockerfile -t $(REGISTRY)/library/$(NAME):$(VERSION) .
- docker push $(REGISTRY)/library/$(NAME):$(VERSION)
build、推送镜像
- make build-image
替换image地址
vi coredns.yaml.sed
修改image镜像:hub.linuxeye.com/library/coredns:1.3.1-etcd
如果之前已经部署了coredns,修改coredns yaml镜像地址
kube-dns替换为coredns
注意:如果已经部署coredns可忽略
在k8s master节点执行,其中:172.22.0.2为 dns server ip
- ./deploy.sh -i 172.22.0.2 | kubectl apply -f -
etcd存入hosts记录
注意:如果coredns是1.2.0以前版本,使用的是etcdv2 API版本,1.2.0及之后版本,使用etcdv3 API版本etcd V2:
- #设置key
- etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11 '{"Host":"10.50.1.11"}'
- etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12 '{"Host":"10.50.1.12"}'
- etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13 '{"Host":"10.50.1.13"}'
- #验证获取key
- etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11
- etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12
- etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13
etcd V3
- #设置key
- ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka11 '{"Host":"10.50.1.11"}'
- ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka12 '{"Host":"10.50.1.12"}'
- ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka13 '{"Host":"10.50.1.13"}'
- #验证获取key
- ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11
- ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12
- ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13
修改配置字典
命名空间kube-system coredns:
- .:53 {
- errors
- health
- kubernetes cluster.local in-addr.arpa ip6.arpa {
- pods insecure
- upstream
- fallthrough in-addr.arpa ip6.arpa
- }
- prometheus :9153
- cache 30
- reload
- proxy . /etc/resolv.conf {
- except kafka11 kafka12 kafka13
- }
- etcd kafka11 kafka12 kafka13 {
- stubzones
- path /mydomain
- endpoint https://10.1.1.6:2379 https://10.1.1.7:2379 https://10.1.1.8:2379
- tls /kubernetes.pem /kubernetes-key.pem /k8s-root-ca.pem
- }
- }
Wed Feb 27 17:10:00 CST 2019