k8s基于etcd的CoreDNS动态域名解析

    本文基于已经搭建好的k8s集群,集群搭建参考:《Kubernetes集群搭建

    k8s基于etcd的CoreDNS动态域名解析

    下载coredns yaml部署脚本

    注意:如果已经部署coredns可忽略

    1. wget https://github.com/coredns/deployment/raw/master/kubernetes/coredns.yaml.sed
    2. wget https://github.com/coredns/deployment/raw/master/kubernetes/deploy.sh
    3. chmod +x deploy.sh

    重新打coredns镜像

    想将dns记录存在etcd中,如果内部https,etcd必须打证书,应此coredns必须带证书,将k8s相关证书打入coredns

    1. mkdir /root/coredns
    2. docker pull coredns/coredns:1.3.1
    3. cp /etc/kubernetes/ssl/kubernetes .
    4. cp /etc/kubernetes/ssl/k8s-root-ca.pem .

    Dockerfile

    1. FROM coredns/coredns:1.3.1
    2. ADD ./*.pem /

    Makefile

    1. VERSION=1.3.1-etcd
    2. REGISTRY=hub.linuxeye.com
    3. NAME=coredns
    4. build-image:
    5.         docker build -f Dockerfile -t $(REGISTRY)/library/$(NAME):$(VERSION) .
    6.         docker push $(REGISTRY)/library/$(NAME):$(VERSION)

    build、推送镜像

    1. make build-image

    替换image地址

    vi coredns.yaml.sed

    修改image镜像:hub.linuxeye.com/library/coredns:1.3.1-etcd

    如果之前已经部署了coredns,修改coredns yaml镜像地址

    kube-dns替换为coredns

    注意:如果已经部署coredns可忽略

    在k8s master节点执行,其中:172.22.0.2为 dns server ip

    1. ./deploy.sh -i 172.22.0.2 | kubectl apply -f -

    etcd存入hosts记录

    注意:如果coredns是1.2.0以前版本,使用的是etcdv2 API版本,1.2.0及之后版本,使用etcdv3 API版本etcd V2:

    1. #设置key
    2. etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11 '{"Host":"10.50.1.11"}'
    3. etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12 '{"Host":"10.50.1.12"}'
    4. etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13 '{"Host":"10.50.1.13"}'
    5. #验证获取key
    6. etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11
    7. etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12
    8. etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13

    etcd V3

    1. #设置key
    2. ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka11 '{"Host":"10.50.1.11"}'
    3. ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka12 '{"Host":"10.50.1.12"}'
    4. ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka13 '{"Host":"10.50.1.13"}'
    5. #验证获取key
    6. ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11
    7. ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12
    8. ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13

    修改配置字典

    命名空间kube-system coredns:

    1. .:53 {
    2.     errors
    3.     health
    4.     kubernetes cluster.local in-addr.arpa ip6.arpa {
    5.       pods insecure
    6.       upstream
    7.       fallthrough in-addr.arpa ip6.arpa
    8.     }
    9.     prometheus :9153
    10.     cache 30
    11.     reload
    12.     proxy . /etc/resolv.conf {
    13.       except kafka11 kafka12 kafka13
    14.     }
    15.     etcd kafka11 kafka12 kafka13 {
    16.       stubzones
    17.       path /mydomain
    18.       endpoint https://10.1.1.6:2379 https://10.1.1.7:2379 https://10.1.1.8:2379
    19.       tls /kubernetes.pem /kubernetes-key.pem /k8s-root-ca.pem
    20.     }
    21. }

    Wed Feb 27 17:10:00 CST 2019

    • 本文由 发表于 2019-02-27
    • 转载请务必保留本文链接:https://linuxeye.com/471.html
    Filebeat收集K8S日志 k8s

    Filebeat收集K8S日志

    Kubernetes 中比较流行的日志收集解决方案是 Elasticsearch、Logstash和 Kibana(ELK)技术栈,今天来推荐EFK,即Logstash换成filebeat。 切换到E...
    Kubernetes集群搭建 k8s

    Kubernetes集群搭建

    环境说明 操作系统:CentOS7.4 64bit 软件版本:kubernetes-v1.9.9、etcd-v3.3.8、flannel-v0.10.0 下载地址: https://dl.k8s.io...
    匿名

    发表评论

    匿名网友