k8s基于etcd的CoreDNS动态域名解析

k8s评论阅读模式

本文基于已经搭建好的k8s集群,集群搭建参考:《Kubernetes集群搭建

k8s基于etcd的CoreDNS动态域名解析

下载coredns yaml部署脚本

注意:如果已经部署coredns可忽略

  1. wget https://github.com/coredns/deployment/raw/master/kubernetes/coredns.yaml.sed
  2. wget https://github.com/coredns/deployment/raw/master/kubernetes/deploy.sh
  3. chmod +x deploy.sh

重新打coredns镜像

想将dns记录存在etcd中,如果内部https,etcd必须打证书,应此coredns必须带证书,将k8s相关证书打入coredns

  1. mkdir /root/coredns
  2. docker pull coredns/coredns:1.3.1
  3. cp /etc/kubernetes/ssl/kubernetes .
  4. cp /etc/kubernetes/ssl/k8s-root-ca.pem .

Dockerfile

  1. FROM coredns/coredns:1.3.1
  2. ADD ./*.pem /

Makefile

  1. VERSION=1.3.1-etcd
  2. REGISTRY=hub.linuxeye.com
  3. NAME=coredns
  4. build-image:
  5.         docker build -f Dockerfile -t $(REGISTRY)/library/$(NAME):$(VERSION) .
  6.         docker push $(REGISTRY)/library/$(NAME):$(VERSION)

build、推送镜像

  1. make build-image

替换image地址

vi coredns.yaml.sed

修改image镜像:hub.linuxeye.com/library/coredns:1.3.1-etcd

如果之前已经部署了coredns,修改coredns yaml镜像地址

kube-dns替换为coredns

注意:如果已经部署coredns可忽略

在k8s master节点执行,其中:172.22.0.2为 dns server ip

  1. ./deploy.sh -i 172.22.0.2 | kubectl apply -f -

etcd存入hosts记录

注意:如果coredns是1.2.0以前版本,使用的是etcdv2 API版本,1.2.0及之后版本,使用etcdv3 API版本etcd V2:

  1. #设置key
  2. etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11 '{"Host":"10.50.1.11"}'
  3. etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12 '{"Host":"10.50.1.12"}'
  4. etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13 '{"Host":"10.50.1.13"}'
  5. #验证获取key
  6. etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11
  7. etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12
  8. etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13

etcd V3

  1. #设置key
  2. ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka11 '{"Host":"10.50.1.11"}'
  3. ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka12 '{"Host":"10.50.1.12"}'
  4. ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka13 '{"Host":"10.50.1.13"}'
  5. #验证获取key
  6. ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11
  7. ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12
  8. ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13

修改配置字典

命名空间kube-system coredns:

  1. .:53 {
  2.     errors
  3.     health
  4.     kubernetes cluster.local in-addr.arpa ip6.arpa {
  5.       pods insecure
  6.       upstream
  7.       fallthrough in-addr.arpa ip6.arpa
  8.     }
  9.     prometheus :9153
  10.     cache 30
  11.     reload
  12.     proxy . /etc/resolv.conf {
  13.       except kafka11 kafka12 kafka13
  14.     }
  15.     etcd kafka11 kafka12 kafka13 {
  16.       stubzones
  17.       path /mydomain
  18.       endpoint https://10.1.1.6:2379 https://10.1.1.7:2379 https://10.1.1.8:2379
  19.       tls /kubernetes.pem /kubernetes-key.pem /k8s-root-ca.pem
  20.     }
  21. }

Wed Feb 27 17:10:00 CST 2019

 
  • 本文由 yeho 发表于 2019-02-27
  • 转载请务必保留本文链接:https://linuxeye.com/471.html
k8s

Filebeat收集K8S日志

Kubernetes 中比较流行的日志收集解决方案是 Elasticsearch、Logstash和 Kibana(ELK)技术栈,今天来推荐EFK,即Logstash换成filebeat。 切换到E...
k8s

Kubernetes集群搭建

环境说明 操作系统:CentOS7.4 64bit 软件版本:kubernetes-v1.9.9、etcd-v3.3.8、flannel-v0.10.0 下载地址: https://dl.k8s.io...
匿名

发表评论

匿名网友
确定

拖动滑块以完成验证