[k8s]coredns/kube-dns配置subdomain

思想: kube-dns或coredns本質上是一個dns服務軟件.都須要配置配置文件.要控制怎麼查詢,即控制他的配置文件便可.
本文先說下coredns怎麼配置,而後在配下kube-dns(包含了外建dnsmasq搭建,模擬集羣訪問公司私有域情景)

參考:
https://coredns.io/2017/03/01/coredns-for-kubernetes-service-discovery-take-2/

https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/
https://coredns.io/2017/06/08/how-queries-are-processed-in-coredns/

默認的kube-dns策略

本次模擬架構以下圖:

coredns配置文件:

• 1.訪問cluster.local後綴的,去查10.254.0.2
• 2.訪問out-of.kubernetes的如server.out-of.kubernetes去查192.168.x.x
• 3.訪問互聯網的,走resolve.conf的地址

.:53 {
        errors      # show errors
        log stdout  # show query logs
        health
        kubernetes cluster.local 10.254.0.0/16
        proxy out-of.kubernetes 192.168.x.x
        proxy . /etc/resolv.conf

參考:
https://coredns.io/2017/03/01/coredns-for-kubernetes-service-discovery-take-2/

$ cat coredns.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        errors
        log stdout
        health
        kubernetes cluster.local 10.254.0.0/16
        proxy out-of.kubernetes 192.168.x.x
        proxy . /etc/resolv.conf
        cache 30
    }
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: coredns
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "CoreDNS"
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: coredns
  template:
    metadata:
      labels:
        k8s-app: coredns
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
    spec:
      containers:
      - name: coredns
        image: coredns/coredns:latest
        imagePullPolicy: Always
        args: [ "-conf", "/etc/coredns/Corefile" ]
        volumeMounts:
        - name: config-volume
          mountPath: /etc/coredns
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
      dnsPolicy: Default
      volumes:
        - name: config-volume
          configMap:
            name: coredns
            items:
            - key: Corefile
              path: Corefile
---
apiVersion: v1
kind: Service
metadata:
  name: kube-dns
  namespace: kube-system
  labels:
    k8s-app: coredns
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "CoreDNS"
spec:
  selector:
    k8s-app: coredns
  clusterIP: 10.254.0.2
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
    protocol: TCP

kube-dns配置文件

部署參考: http://www.cnblogs.com/iiiiher/p/7891713.html

有3個文件,修改cm便可.

$ ls
kubedns-cm.yaml  kubedns-deployment.yaml  kubedns-svc.yaml

$ cat dns-cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: kube-dns
  namespace: kube-system
data:
  stuDomains: |
    {"out-of.kubernetes": {"192.168.x.x"}
  upsteamNameservers: |
    {"114.114.114.114","9.9.9.9"}

配置dnsmasq--外建:模擬公司私有的dns服務器

yum install -y dnsmasq tcpdump

echo "192.168.8.191 server.out-of.kubernetes" > /tmp/hosts


啓動:
dnsmasq -q -d -h -R -H /tmp/hosts

-d debug模式
-q 輸出查詢記錄
-h 不使用/etc/hosts
-R 不使用/etc/resolve.conf
-H 使用自定義的文件做爲DNS記錄


tcpdump -i eth0 udp port 53 -nnv
host -t A server.out-of.kubernetes 192.168.x.x

測試:本地我用coredns

$ kubectl run -it --rm --restart=Never busybox --image=busybox sh
/ # nslookup  server.out-of.kubernetes
Server:    10.254.0.2
Address 1: 10.254.0.2 kube-dns.kube-system.svc.cluster.local

Name:      server.out-of.kubernetes
Address 1: 192.168.x.x

分別訪問集羣/out-of.kubernetes/外網均可以通訊.

同一個域名解析到2個ip如何實現?(headless svc)

參考:http://www.cnblogs.com/cuihongyu3503319/archive/2012/07/09/2583129.html
同一個域名 添加2條不一樣ip便可.

$ cat /tmp/hosts 
192.168.x.191 server.out-of.kubernetes
192.168.x.192 server.out-of.kubernetes

$ dnsmasq -q -d -h -R -H /tmp/hosts

$ host -t A server.out-of.kubernetes 192.168.x.x
Using domain server:
Name: 192.168.x.x
Address: 192.168.x.x#53
Aliases: 

server.out-of.kubernetes has address 192.168.x.191
server.out-of.kubernetes has address 192.168.x.192

• todo
  cordns k8s插件細節,將集羣內的dns移到集羣外.
  coredns放在集羣裏,logs -f看不到日誌,目測得抽時間細究下.
  coredns只開放A記錄,關閉AAAA功能.

每一個svc添加兩條記錄

<service_name>.<namespace_name>.<domain>        # 沒想到這種有什麼用
<service_name>.<namespace_name>.svc.<domain>  # 好像kube-dns解析出的都是這種帶svc的.


$ cat nginx-svc.yaml 
kind: Service
apiVersion: v1
metadata:
  name: svc-nginx
spec:
  selector:
    app: nginx
  ports:
  - protocol: TCP
    port: 8080
    targetPort: 80


/ # nslookup  svc-nginx
Address 1: 10.254.164.42 svc-nginx.default.svc.cluster.local

/ # nslookup  svc-nginx.default.svc.cluster.local
Address 1: 10.254.164.42 svc-nginx.default.svc.cluster.local

/ # nslookup  svc-nginx.default.cluster.local
nslookup: can't resolve 'svc-nginx.default.cluster.local'