雙棧 部署coredns
生成coredns 部署yaml
vi coredns.yaml
# __MACHINE_GENERATED_WARNING__
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods verified
endpoint_pod_names
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
reload
loadbalance
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
# replicas: not specified here:
# 1. In order to make Addon Manager do not reconcile this replicas parameter.
# 2. Default is 1.
# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
priorityClassName: system-cluster-critical
serviceAccountName: coredns
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- name: coredns
image: coredns/coredns
imagePullPolicy: Always
resources:
limits:
memory: 100Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /ready
port: 8181
scheme: HTTP
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns-v6
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 8888:8000::2
ipFamily: IPv6
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
- name: metrics
port: 9153
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns-v4
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.66.0.2
ipFamily: IPv4
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
- name: metrics
port: 9153
protocol: TCP
# 配置雙棧service IP 對外提供dns服務
部署CoreDNS
kubectl apply -f coredns.yaml
驗證 CoreDNS
root@Qist:/mnt/g/work/ipv6/1/yaml# kubectl -n kube-system get pod | grep coredns coredns-68c964545b-flw76 1/1 Running 0 16h coredns-68c964545b-gpmxs 1/1 Running 0 16h # POD 運行正常 root@Qist:/mnt/g/work/ipv6/1/yaml# kubectl -n kube-system get svc | grep kube-dns kube-dns-v4 ClusterIP 10.66.0.2 <none> 53/UDP,53/TCP,9153/TCP 16h kube-dns-v6 ClusterIP 8888:8000::2 <none> 53/UDP,53/TCP,9153/TCP 16h # 驗證雙棧 service ip 是否能解析域名 [root@k8s-master-1 conf]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.66.0.1:443 rr -> 192.168.2.175:5443 Masq 1 1 0 -> 192.168.2.176:5443 Masq 1 0 0 -> 192.168.2.177:5443 Masq 1 1 0 TCP 10.66.0.2:53 rr -> 10.83.196.192:53 Masq 1 0 0 -> 10.87.152.128:53 Masq 1 0 0 TCP 10.66.0.2:9153 rr -> 10.83.196.192:9153 Masq 1 0 0 -> 10.87.152.128:9153 Masq 1 0 0 TCP 10.66.252.143:8080 rr -> 10.81.251.192:8080 Masq 1 0 0 UDP 10.66.0.2:53 rr -> 10.83.196.192:53 Masq 1 0 0 -> 10.87.152.128:53 Masq 1 0 0 TCP [8888:8000::2]:53 rr -> [fd00::3:c4c0]:53 Masq 1 0 0 -> [fd00::7:9880]:53 Masq 1 0 0 TCP [8888:8000::2]:9153 rr -> [fd00::3:c4c0]:9153 Masq 1 0 0 -> [fd00::7:9880]:9153 Masq 1 0 0 UDP [8888:8000::2]:53 rr -> [fd00::3:c4c0]:53 Masq 1 0 0 -> [fd00::7:9880]:53 Masq 1 0 0 # 負載都已經命中後端 [root@k8s-master-1 conf]# dig @10.66.0.2 www.qq.com ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> @10.66.0.2 www.qq.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53193 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: c98eef107aa1d9cf (echoed) ;; QUESTION SECTION: ;www.qq.com. IN A ;; ANSWER SECTION: www.qq.com. 30 IN CNAME public-v6.sparta.mig.tencent-cloud.net. public-v6.sparta.mig.tencent-cloud.net. 30 IN A 113.96.232.215 ;; Query time: 15 msec ;; SERVER: 10.66.0.2#53(10.66.0.2) ;; WHEN: Fri May 08 10:35:25 CST 2020 ;; MSG SIZE rcvd: 167 root@k8s-master-1 conf]# dig @8888:8000::2 www.qq.com ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> @8888:8000::2 www.qq.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35246 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 97748662740b5eae (echoed) ;; QUESTION SECTION: ;www.qq.com. IN A ;; ANSWER SECTION: www.qq.com. 5 IN CNAME public-v6.sparta.mig.tencent-cloud.net. public-v6.sparta.mig.tencent-cloud.net. 5 IN A 113.96.232.215 ;; Query time: 14 msec ;; SERVER: 8888:8000::2#53(8888:8000::2) ;; WHEN: Fri May 08 10:35:50 CST 2020 ;; MSG SIZE rcvd: 167 [root@k8s-master-1 conf]# dig @8888:8000::2 www.qq.com aaaa ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> @8888:8000::2 www.qq.com aaaa ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5136 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: c2911723c65e05f1 (echoed) ;; QUESTION SECTION: ;www.qq.com. IN AAAA ;; ANSWER SECTION: www.qq.com. 9 IN CNAME public-v6.sparta.mig.tencent-cloud.net. public-v6.sparta.mig.tencent-cloud.net. 9 IN AAAA 240e:ff:f101:10::15f ;; Query time: 9 msec ;; SERVER: 8888:8000::2#53(8888:8000::2) ;; WHEN: Fri May 08 10:36:40 CST 2020 ;; MSG SIZE rcvd: 179 # ipv6 解析 正常返回 [root@k8s-master-1 conf]# ping6 www.qq.com PING www.qq.com(240e:ff:f101:10::15f (240e:ff:f101:10::15f)) 56 data bytes 64 bytes from 240e:ff:f101:10::15f (240e:ff:f101:10::15f): icmp_seq=1 ttl=55 time=7.78 ms 64 bytes from 240e:ff:f101:10::15f (240e:ff:f101:10::15f): icmp_seq=2 ttl=55 time=8.24 ms 64 bytes from 240e:ff:f101:10::15f (240e:ff:f101:10::15f): icmp_seq=3 ttl=55 time=8.34 ms ^C --- www.qq.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 5ms rtt min/avg/max/mdev = 7.777/8.116/8.336/0.264 ms / # ping6 kube-dns-v6.kube-system.svc.cluster.local PING kube-dns-v6.kube-system.svc.cluster.local (8888:8000::2): 56 data bytes 64 bytes from 8888:8000::2: seq=0 ttl=64 time=0.118 ms 64 bytes from 8888:8000::2: seq=1 ttl=64 time=0.115 ms 64 bytes from 8888:8000::2: seq=2 ttl=64 time=0.108 ms ^C --- kube-dns-v6.kube-system.svc.cluster.local ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.108/0.113/0.118 ms / # / # / # / # ping6 kube-dns-v4.kube-system.svc.cluster.local ping6: bad address 'kube-dns-v4.kube-system.svc.cluster.local' / # ping kube-dns-v4.kube-system.svc.cluster.local PING kube-dns-v4.kube-system.svc.cluster.local (10.66.0.2): 56 data bytes 64 bytes from 10.66.0.2: seq=0 ttl=64 time=0.110 ms 64 bytes from 10.66.0.2: seq=1 ttl=64 time=0.107 ms ^C --- kube-dns-v4.kube-system.svc.cluster.local ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.107/0.108/0.110 ms # ipv6 ipv4 正常解析
相關文章
- 1. 部署 coredns 插件
- 2. Kubernetes部署(九):CoreDNS、Dashboard、Ingress部署
- 3. kubernetes v1.18.2 雙棧 部署calico
- 4. 雙棧 部署ingress-nginx
- 5. Kubernetes addons 之 coredns部署
- 6. kubernetes v1.18.2 二進制 雙棧 etcd 部署
- 7. K8S集羣部署Coredns服務
- 8. k8s1.13.0二進制部署-Dashboard和coredns(五)
- 9. 018.Kubernetes二進制部署插件coredns
- 10. IPV6實戰部署--IPV6/IPV4雙棧、純IPV6在Vsphere部署實現
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • C# 堆棧(Stack) - C#教程
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
- • 算法總結-雙指針
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 部署 coredns 插件
- 2. Kubernetes部署(九):CoreDNS、Dashboard、Ingress部署
- 3. kubernetes v1.18.2 雙棧 部署calico
- 4. 雙棧 部署ingress-nginx
- 5. Kubernetes addons 之 coredns部署
- 6. kubernetes v1.18.2 二進制 雙棧 etcd 部署
- 7. K8S集羣部署Coredns服務
- 8. k8s1.13.0二進制部署-Dashboard和coredns(五)
- 9. 018.Kubernetes二進制部署插件coredns
- 10. IPV6實戰部署--IPV6/IPV4雙棧、純IPV6在Vsphere部署實現