K8S集羣部署Coredns服務

k8s集羣中的應用一般是經過ingress實現微服務發佈的，前文介紹過在K8S集羣中使用traefik實現服務的自動發佈，其實現方式是traefik經過集羣的DNS服務來解析service對應的集羣地址（clusterip），從而將用戶的訪問請求轉發到集羣地址上。所以，在部署完集羣后的第一件事情應該是配置DNS服務，目前可選的方案有skydns, kube-dns, coredns。

kube-dns是Kubernetes中的一個內置插件，目前做爲一個獨立的開源項目維護，見https://github.com/kubernetes/dns。該DNS服務器利用SkyDNS的庫來爲Kubernetes pod和服務提供DNS請求。

CoreDNS項目是SkyDNS2的做者，Miek Gieben採用更模塊化，可擴展的框架構建,將此DNS服務器做爲Kube-DNS的替代品。CoreDNS做爲CNCF中的託管的一個項目，在Kuberentes1.9版本中，使用kubeadm方式安裝的集羣能夠經過如下命令直接安裝CoreDNS。
kubeadm init --feature-gates=CoreDNS=true。
本文將介紹coredns的配置

關於在1.5.2 rpm集羣版本上配置skydns服務請參考：
https://blog.51cto.com/ylw6006/2067923

關於traefik實現微服務發佈請參考：
http://www.javashuo.com/article/p-vlqscxxv-dr.html
http://www.javashuo.com/article/p-bsfalpsm-gv.html

關於kube-dns的詳細介紹能夠參考大牛博客：
https://jimmysong.io/posts/configuring-kubernetes-kube-dns/

1、準備yaml配置文件
一、coredns-sa.yaml文件，建立ServiceAccount

# cat coredns-sa.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: coredns
  namespace: kube-system
  labels:
      kubernetes.io/cluster-service: "true"
      addonmanager.kubernetes.io/mode: Reconcile

二、coredns-rbac.yaml文件，建立rbac ClusterRole和ClusterRoleBinding

# cat coredns-rbac.yaml 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: Reconcile
  name: system:coredns
rules:
- apiGroups:
  - ""
  resources:
  - endpoints
  - services
  - pods
  - namespaces
  verbs:
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: EnsureExists
  name: system:coredns
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:coredns
subjects:
- kind: ServiceAccount
  name: coredns
  namespace: kube-system

三、coredns-configmap.yaml文件，定義Corefile配置文件的參數配置

# cat coredns-configmap.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        errors
        log
        health
        kubernetes cluster.local 10.254.0.0/18
        proxy . /etc/resolv.conf
        cache 30
    }

四、coredns-deployment.yaml文件，定義pod的建立模板

# cat coredns-deployment.yaml 
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: coredns
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "CoreDNS"
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: coredns
  template:
    metadata:
      labels:
        k8s-app: coredns
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
    spec:
      serviceAccountName: coredns
      containers:
      - name: coredns
        image: coredns/coredns:latest
        imagePullPolicy: Always
        args: [ "-conf", "/etc/coredns/Corefile" ]
        volumeMounts:
        - name: config-volume
          mountPath: /etc/coredns
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
      dnsPolicy: Default
      volumes:
        - name: config-volume
          configMap:
            name: coredns
            items:
            - key: Corefile
              path: Corefile

五、 coredns-service.yaml文件，定義服務的名稱

# cat coredns-service.yaml 
apiVersion: v1
kind: Service
metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: coredns
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "CoreDNS"
spec:
  selector:
    k8s-app: coredns
  clusterIP: 10.254.0.2
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
protocol: TCP

2、經過yaml配置文件建立coredns

# kubectl get node
# kubectl get pod,svc,deployment,rc
# kubectl get pod,svc,deployment,rc -n kube-system
# cd yaml/coredns/
# ls -l
# kubectl create -f .

# kubectl get pod,svc,deployment,rc -n kube-system

3、建立一個nginx服務用於測試

# kubectl create -f .
# kubectl get pod,svc,deployment,rc 
# kubectl run -i --tty busybox --image=registry.59iedu.com/busybox /bin/sh