k8s基于etcd的CoreDNS动态域名解析
下载coredns yaml部署脚本注意:如果已经部署coredns可忽略[*]wget https://github.com/coredns/deployment/raw/master/kubernetes/coredns.yaml.sed
[*]wget https://github.com/coredns/deployment/raw/master/kubernetes/deploy.sh
[*]chmod +x deploy.sh复制代码
重新打coredns镜像
想将dns记录存在etcd中,如果内部https,etcd必须打证书,应此coredns必须带证书,将k8s相关证书打入coredns[*]mkdir /root/coredns
[*]docker pull coredns/coredns:1.3.1
[*]cp /etc/kubernetes/ssl/kubernetes .
[*]cp /etc/kubernetes/ssl/k8s-root-ca.pem .复制代码
Dockerfile[*]FROM coredns/coredns:1.3.1
[*]ADD ./*.pem /复制代码
Makefile
[*]VERSION=1.3.1-etcd
[*]REGISTRY=hub.linuxeye.com
[*]NAME=coredns
[*]build-image:
[*] docker build -f Dockerfile -t $(REGISTRY)/library/$(NAME):$(VERSION) .
[*] docker push $(REGISTRY)/library/$(NAME):$(VERSION)复制代码
build、推送镜像[*]make build-image复制代码
替换image地址
vi coredns.yaml.sed
修改image镜像:hub.linuxeye.com/library/coredns:1.3.1-etcd
如果之前已经部署了coredns,修改coredns yaml镜像地址
kube-dns替换为coredns
注意:如果已经部署coredns可忽略
在k8s master节点执行,其中:172.22.0.2为 dns server ip[*]./deploy.sh -i 172.22.0.2 | kubectl apply -f -复制代码
etcd存入hosts记录
注意:如果coredns是1.2.0以前版本,使用的是etcdv2 API版本,1.2.0及之后版本,使用etcdv3 API版本etcd V2:
[*]#设置key
[*]etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11 '{"Host":"10.50.1.11"}'
[*]etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12 '{"Host":"10.50.1.12"}'
[*]etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13 '{"Host":"10.50.1.13"}'
[*]#验证获取key
[*]etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11
[*]etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12
[*]etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13复制代码
etcd V3[*]#设置key
[*]ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka11 '{"Host":"10.50.1.11"}'
[*]ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka12 '{"Host":"10.50.1.12"}'
[*]ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem put /mydomain/kafka13 '{"Host":"10.50.1.13"}'
[*]#验证获取key
[*]ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka11
[*]ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka12
[*]ETCDCTL_API=3 etcdctl --ca-file=/etc/kubernetes/ssl/k8s-root-ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem set /mydomain/kafka13复制代码
修改配置字典
命名空间kube-system coredns:[*].:53 {
[*] errors
[*] health
[*] kubernetes cluster.local in-addr.arpa ip6.arpa {
[*] pods insecure
[*] upstream
[*] fallthrough in-addr.arpa ip6.arpa
[*] }
[*] prometheus :9153
[*] cache 30
[*] reload
[*] proxy . /etc/resolv.conf {
[*] except kafka11 kafka12 kafka13
[*] }
[*] etcd kafka11 kafka12 kafka13 {
[*] stubzones
[*] path /mydomain
[*] endpoint https://10.1.1.6:2379 https://10.1.1.7:2379 https://10.1.1.8:2379
[*] tls /kubernetes.pem /kubernetes-key.pem /k8s-root-ca.pem
[*] }
[*]}
[*]复制代码
页:
[1]