`
m635674608
  • 浏览: 5004782 次
  • 性别: Icon_minigender_1
  • 来自: 南京
社区版块
存档分类
最新评论

k8s dns 带证书配置

 
阅读更多

DNS部署

基于上一篇文章从零开始搭建基于calico的kubenetes,已经完成了kubernetes的部署。但未部署DNS。本章节将介绍DNS部署。

配置文件准备

skydns-rc.yaml 注意此文件与kubernetes官方提供的模板相比,在此mount了从节点的配置文件/etc/kubernetes/worker-kubeconfig.yaml,原因在于DNS部署有时候会出现很多未知的错误,如:10.100.0.1:443链接被拒绝、或者证书加载错误等:

# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# TODO - At some point, we need to rename all skydns-*.yaml.* files to kubedns-*.yaml.*

# Warning: This is a file generated from the base underscore template file: skydns-rc.yaml.base

apiVersion: v1
kind: ReplicationController
metadata:
  name: kube-dns-v20
  namespace: kube-system
  labels:
    k8s-app: kube-dns
    version: v20
    kubernetes.io/cluster-service: "true"
spec:
  replicas: 1
  selector:
    k8s-app: kube-dns
    version: v20
  template:
    metadata:
      labels:
        k8s-app: kube-dns
        version: v20
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
    spec:
      containers:
      - name: kubedns
        image: shenshouer/kubedns-amd64:1.9
        resources:
          # TODO: Set memory limits when we've profiled the container for large
          # clusters, then set request = limit to keep this container in
          # guaranteed class. Currently, this container falls into the
          # "burstable" category so the kubelet doesn't backoff from restarting it.
          limits:
            memory: 170Mi
          requests:
            cpu: 100m
            memory: 70Mi
        livenessProbe:
          httpGet:
            path: /healthz-kubedns
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        readinessProbe:
          httpGet:
            path: /readiness
            port: 8081
            scheme: HTTP
          # we poll on pod startup for the Kubernetes master service and
          # only setup the /readiness HTTP server once that's available.
          initialDelaySeconds: 3
          timeoutSeconds: 5
        args:
        # command = "/kube-dns"
        - --domain=cluster.local.
        - --dns-port=10053
#        - --kube-master-url=https://172.18.8.101
        - --kubecfg-file=/etc/kubernetes/worker-kubeconfig.yaml
        - --federations=myfederation=federation.test
        ports:
        - containerPort: 10053
          name: dns-local
          protocol: UDP
        - containerPort: 10053
          name: dns-tcp-local
          protocol: TCP
        volumeMounts:
          - mountPath: /etc/ssl/certs
            name: "ssl-certs"
          - mountPath: /etc/kubernetes/worker-kubeconfig.yaml
            name: "kubeconfig"
            readOnly: true
          - mountPath: /etc/kubernetes/ssl
            name: "etc-kube-ssl"
            readOnly: true

      - name: dnsmasq
        image: shenshouer/kube-dnsmasq-amd64:1.4
        livenessProbe:
          httpGet:
            path: /healthz-dnsmasq
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        args:
        - --cache-size=1000
        - --no-resolv
        - --server=127.0.0.1#10053
        - --log-facility=-
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
      - name: healthz
        image: shenshouer/exechealthz-amd64:1.2
        resources:
          limits:
            memory: 50Mi
          requests:
            cpu: 10m
            # Note that this container shouldn't really need 50Mi of memory. The
            # limits are set higher than expected pending investigation on #29688.
            # The extra memory was stolen from the kubedns container to keep the
            # net memory requested by the pod constant.
            memory: 50Mi
        args:
        - --cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1 >/dev/null
        - --url=/healthz-dnsmasq
        - --cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1:10053 >/dev/null
        - --url=/healthz-kubedns
        - --port=8080
        - --quiet
        ports:
        - containerPort: 8080
          protocol: TCP
      dnsPolicy: Default  # Don't use cluster DNS.
      volumes:
        - name: "ssl-certs"
          hostPath:
            path: "/usr/share/ca-certificates"
        - name: "kubeconfig"
          hostPath:
            path: "/etc/kubernetes/worker-kubeconfig.yaml"
        - name: "etc-kube-ssl"
          hostPath:
            path: "/etc/kubernetes/ssl"

   

skydns-svc.yaml与官方模板相同:

   

# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# TODO - At some point, we need to rename all skydns-*.yaml.* files to kubedns-*.yaml.*

# Warning: This is a file generated from the base underscore template file: skydns-svc.yaml.base

apiVersion: v1
kind: Service
metadata:
  name: kube-dns
  namespace: kube-system
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "KubeDNS"
spec:
  selector:
    k8s-app: kube-dns
  clusterIP: 172.30.0.10
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
    protocol: TCP

 http://blog.csdn.net/shenshouer/article/details/52946194?locationNum=2&fps=1

http://blog.csdn.net/shenshouer/article/details/53035948

https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns

分享到:
| yaml语法
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

    k8s-coredns-1.8.6镜像包和安装文件

    在“k8s-coredns-1.8.6镜像包和安装文件”中,1.8.6是指CoreDNS的版本号,这通常包括了CoreDNS服务器的代码、配置以及可能的依赖库。 "coredns.yaml"文件是用于在k8s集群中部署CoreDNS的YAML配置文件。YAML是k8s...

    K8S使用现有证书配置HTTPS.doc

    K8S 使用现有证书配置 HTTPS 在 Kubernetes(K8S)中,使用现有证书配置 HTTPS 是一种常见的方式,以确保集群中的通信安全。在本文中,我们将详细介绍如何在 K8S 中使用现有证书配置 HTTPS。 证书导入 在 K8S 中...

    k8s证书修改为10年文件

    总结起来,将k8s证书的有效期延长至10年涉及到证书的生成、控制器配置、现有证书的更新以及组件配置等多个环节。这个过程需要对k8s的架构和证书管理有深入理解,同时要注意操作的安全性和服务的连续性。通过合理的...

    k8s1.5版本集群配置

    k8s配置,master配置文件在 nodes/master/conf目录下,在服务器根目录建立conf,mkidir conf,将文件上传到/conf目录下。运行sh mastersevice.sh。 note配置文件在 nodes/130/conf目录下,在服务器根目录建立conf,...

    k8s部署redis所需要的配置文件

    总结,部署K8S中的Redis集群,涉及到Redis主从配置、K8S StatefulSet、持久化存储(如Ceph)、集群配置以及健康检查等多个环节。正确配置这些元素,能构建出一个稳定、高效且具有扩展性的Redis服务。

    k8s-dns-kube-dns-amd64-1.14.8

    k8s-dns-kube-dns-amd64镜像,镜像使用方法: docker load -i k8s-dns-kube-dns-amd64-1.14.8.tar.gz

    k8s配置DNS服务.pdf

    k8s配置DNS服务 本文档主要介绍了在Kubernetes(简称k8s)集群中配置DNS服务的步骤和方法。DNS(Domain Name System)是互联网上一种用于将域名解析为IP地址的系统。k8s集群中使用DNS服务可以方便地访问集群内的...

    K8S主机Prometheus监控ssl证书资源清单及镜像文件

    在Kubernetes(K8S)集群环境中,监控是确保系统稳定性和高效运行的关键组成部分。Prometheus作为流行的开源监控...通过合理配置和使用,我们可以确保K8S集群中的SSL证书始终保持在最佳状态,从而保障服务的正常运行。

    k8s课件k8s课件k8s课件k8s课件

    k8s基础知识点 本节将对k8s的基本概念、监控与日志、应用程序生命周期管理、调度、存储、集群安全等方面进行详细的解释,旨在帮助读者深入了解k8s的各个方面。 k8s基础概念 k8s是一种容器集群管理系统,由Google...

    k8s kubernetes dashboard dns 配置文件 yaml

    在Kubernetes(k8s)集群环境中,配置和管理各个组件是系统运维的关键部分。这里我们聚焦于Kubernetes Dashboard、DNS服务以及相关的YAML配置文件。YAML是一种常用的语言,用于编写Kubernetes的资源定义,它简洁且...

    k8s-dns-sidecar-amd64

    k8s-dns-sidecar-amd64-1.14.8镜像,镜像使用方法: docker load -i k8s-dns-sidecar-amd64-1.14.8.tar.gz

    k8s-prometheus-配置文件.zip

    在“k8s-prometheus-配置文件.zip”中,我们有两个主要组件:Prometheus 和 Grafana。这些配置文件用于设置这两个组件,以便在 Kubernetes 集群中有效地监控和分析应用性能。 1. **Prometheus 配置**: - `...

    k8s-dns-dnsmasq-nanny-amd64

    k8s-dns-dnsmasq镜像,镜像使用方法: docker load -i k8s-dns-dnsmasq-nanny-amd64-1.14.8.tar.gz

    K8S集群证书监控ssl-exporter监控模板

    原文链接:https://blog.csdn.net/m0_37814112/article/details/122349602

    docker_k8s_dns.tar.gz、kubernetes-dashboard.tar.gz oldboy58

    在"docker_k8s_dns.tar.gz"中,可能包含的是关于如何配置和优化Docker DNS的相关资料。DNS在Docker中工作时,每个容器都有自己的DNS客户端,它们通过Docker守护进程的内置DNS服务器来查找其他容器的服务。了解如何...

    kubeadm初始化k8s集群延长证书过期时间.bash

    kubeadm初始化k8s集群延长证书过期时间

    K8S集群ssl证书监控ssl-exporter资源清单及镜像文件

    原文链接:https://blog.csdn.net/m0_37814112/article/details/122349602

    k8s(dns镜像,Kubernetes)

    在Kubernetes(简称k8s)中,DNS(Domain Name System)服务是集群内部的重要组成部分,它负责为Pods和Services提供内部名称解析,确保集群内的通信能够正常进行。Kubernetes DNS是基于CoreDNS或SkyDNS构建的,这两...

    k8s coredns grafana 面板

    k8s coredns grafana 面板

    K8S入门基础课件docx版本

    2. **Service**: Service是K8S中的抽象层,它定义了一种访问Pod的方式,提供了负载均衡和持久化DNS名称。即使Pod重启,Service仍然可以继续提供服务。 3. **Deployment**: Deployment是用于管理Pod和ReplicaSet的...

Magicbox
Global site tag (gtag.js) - Google Analytics