1、文件位置:
https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/coredns/coredns.yaml.base
2、
1 # __MACHINE_GENERATED_WARNING__ 2 3 apiVersion: v1 4 kind: ServiceAccount 5 metadata: 6 name: coredns 7 namespace: kube-system 8 labels: 9 kubernetes.io/cluster-service: "true" 10 addonmanager.kubernetes.io/mode: Reconcile 11 --- 12 apiVersion: rbac.authorization.k8s.io/v1 13 kind: ClusterRole 14 metadata: 15 labels: 16 kubernetes.io/bootstrapping: rbac-defaults 17 addonmanager.kubernetes.io/mode: Reconcile 18 name: system:coredns 19 rules: 20 - apiGroups: 21 - "" 22 resources: 23 - endpoints 24 - services 25 - pods 26 - namespaces 27 verbs: 28 - list 29 - watch 30 - apiGroups: 31 - "" 32 resources: 33 - nodes 34 verbs: 35 - get 36 --- 37 apiVersion: rbac.authorization.k8s.io/v1 38 kind: ClusterRoleBinding 39 metadata: 40 annotations: 41 rbac.authorization.kubernetes.io/autoupdate: "true" 42 labels: 43 kubernetes.io/bootstrapping: rbac-defaults 44 addonmanager.kubernetes.io/mode: EnsureExists 45 name: system:coredns 46 roleRef: 47 apiGroup: rbac.authorization.k8s.io 48 kind: ClusterRole 49 name: system:coredns 50 subjects: 51 - kind: ServiceAccount 52 name: coredns 53 namespace: kube-system 54 --- 55 apiVersion: v1 56 kind: ConfigMap 57 metadata: 58 name: coredns 59 namespace: kube-system 60 labels: 61 addonmanager.kubernetes.io/mode: EnsureExists 62 data: 63 Corefile: | 64 .:53 { 65 errors 66 health 67 kubernetes __PILLAR__DNS__DOMAIN__ in-addr.arpa ip6.arpa { 68 pods insecure 69 upstream 70 fallthrough in-addr.arpa ip6.arpa 71 ttl 30 72 } 73 prometheus :9153 74 forward . /etc/resolv.conf 75 cache 30 76 loop 77 reload 78 loadbalance 79 } 80 --- 81 apiVersion: apps/v1 82 kind: Deployment 83 metadata: 84 name: coredns 85 namespace: kube-system 86 labels: 87 k8s-app: kube-dns 88 kubernetes.io/cluster-service: "true" 89 addonmanager.kubernetes.io/mode: Reconcile 90 kubernetes.io/name: "CoreDNS" 91 spec: 92 # replicas: not specified here: 93 # 1. In order to make Addon Manager do not reconcile this replicas parameter. 94 # 2. Default is 1. 95 # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. 96 strategy: 97 type: RollingUpdate 98 rollingUpdate: 99 maxUnavailable: 1 100 selector: 101 matchLabels: 102 k8s-app: kube-dns 103 template: 104 metadata: 105 labels: 106 k8s-app: kube-dns 107 annotations: 108 seccomp.security.alpha.kubernetes.io/pod: 'docker/default' 109 spec: 110 priorityClassName: system-cluster-critical 111 serviceAccountName: coredns 112 tolerations: 113 - key: "CriticalAddonsOnly" 114 operator: "Exists" 115 nodeSelector: 116 beta.kubernetes.io/os: linux 117 containers: 118 - name: coredns 119 image: k8s.gcr.io/coredns:1.3.1 120 imagePullPolicy: IfNotPresent 121 resources: 122 limits: 123 memory: __PILLAR__DNS__MEMORY__LIMIT__ 124 requests: 125 cpu: 100m 126 memory: 70Mi 127 args: [ "-conf", "/etc/coredns/Corefile" ] 128 volumeMounts: 129 - name: config-volume 130 mountPath: /etc/coredns 131 readOnly: true 132 ports: 133 - containerPort: 53 134 name: dns 135 protocol: UDP 136 - containerPort: 53 137 name: dns-tcp 138 protocol: TCP 139 - containerPort: 9153 140 name: metrics 141 protocol: TCP 142 livenessProbe: 143 httpGet: 144 path: /health 145 port: 8080 146 scheme: HTTP 147 initialDelaySeconds: 60 148 timeoutSeconds: 5 149 successThreshold: 1 150 failureThreshold: 5 151 readinessProbe: 152 httpGet: 153 path: /health 154 port: 8080 155 scheme: HTTP 156 securityContext: 157 allowPrivilegeEscalation: false 158 capabilities: 159 add: 160 - NET_BIND_SERVICE 161 drop: 162 - all 163 readOnlyRootFilesystem: true 164 dnsPolicy: Default 165 volumes: 166 - name: config-volume 167 configMap: 168 name: coredns 169 items: 170 - key: Corefile 171 path: Corefile 172 --- 173 apiVersion: v1 174 kind: Service 175 metadata: 176 name: kube-dns 177 namespace: kube-system 178 annotations: 179 prometheus.io/port: "9153" 180 prometheus.io/scrape: "true" 181 labels: 182 k8s-app: kube-dns 183 kubernetes.io/cluster-service: "true" 184 addonmanager.kubernetes.io/mode: Reconcile 185 kubernetes.io/name: "CoreDNS" 186 spec: 187 selector: 188 k8s-app: kube-dns 189 clusterIP: __PILLAR__DNS__SERVER__ 190 ports: 191 - name: dns 192 port: 53 193 protocol: UDP 194 - name: dns-tcp 195 port: 53 196 protocol: TCP 197 - name: metrics 198 port: 9153 199 protocol: TCP
ps:大写部分需要你修改成自己k8s集群上的配置,主要修改三个地方
67行 修改成自己的域
ps:大写部分需要你修改成自己k8s集群上的配置,主要修改三个地方
67行 大写部分修改成自己的域 一般为 cluster.local.
119行 image部分墙外的需要修改,coredns/coredns:1.3.1
123行 memory 修改成自己适合的值,我这里修改为 170Mi
189行 clusterIP 修改成kubelet.config中设置的clusterDNS IP
3、安装coredns.yaml
kubectl create -f coredns.yaml
4、验证
4,.1 启动一个busybox pod
注意一定要使用busybox 1.28.3,其它版本镜像有bug测试会出问题
root@k8s-master1 pv]# cat busybox.yaml apiVersion: v1 kind: Pod metadata: name: busybox namespace: default spec: containers: - image: busybox:1.28.3 command: - sleep - "3600" imagePullPolicy: IfNotPresent name: busybox restartPolicy: Always
4.2 进入busybox 验证
[root@k8s-master2 cfg]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 5d15h
my-nginx ClusterIP 10.0.140.169 <none> 80/TCP 16h
[root@k8s-master1 pv]# kubectl get po NAME READY STATUS RESTARTS AGE busybox 1/1 Running 0 5s my-nginx-5dd67b97fb-hqg94 1/1 Running 0 42m my-nginx-5dd67b97fb-xqj5w 1/1 Running 1 16h
[root@k8s-master1 pv]# kubectl exec -it busybox sh / # nslookup kubernetes.default Server: 10.0.0.2 Address 1: 10.0.0.2 coredns.kube-system.svc.cluster.local Name: kubernetes.default Address 1: 10.0.0.1 kubernetes.default.svc.cluster.local
# __MACHINE_GENERATED_WARNING__ | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: coredns | |
namespace: kube-system | |
labels: | |
kubernetes.io/cluster-service: "true" | |
addonmanager.kubernetes.io/mode: Reconcile | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
labels: | |
kubernetes.io/bootstrapping: rbac-defaults | |
addonmanager.kubernetes.io/mode: Reconcile | |
name: system:coredns | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- endpoints | |
- services | |
- pods | |
- namespaces | |
verbs: | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- nodes | |
verbs: | |
- get | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
annotations: | |
rbac.authorization.kubernetes.io/autoupdate: "true" | |
labels: | |
kubernetes.io/bootstrapping: rbac-defaults | |
addonmanager.kubernetes.io/mode: EnsureExists | |
name: system:coredns | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: system:coredns | |
subjects: | |
- kind: ServiceAccount | |
name: coredns | |
namespace: kube-system | |
--- | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: coredns | |
namespace: kube-system | |
labels: | |
addonmanager.kubernetes.io/mode: EnsureExists | |
data: | |
Corefile: | | |
.:53 { | |
errors | |
health | |
kubernetes __PILLAR__DNS__DOMAIN__ in-addr.arpa ip6.arpa { | |
pods insecure | |
upstream | |
fallthrough in-addr.arpa ip6.arpa | |
ttl 30 | |
} | |
prometheus :9153 | |
forward . /etc/resolv.conf | |
cache 30 | |
loop | |
reload | |
loadbalance | |
} | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: coredns | |
namespace: kube-system | |
labels: | |
k8s-app: kube-dns | |
kubernetes.io/cluster-service: "true" | |
addonmanager.kubernetes.io/mode: Reconcile | |
kubernetes.io/name: "CoreDNS" | |
spec: | |
# replicas: not specified here: | |
# 1. In order to make Addon Manager do not reconcile this replicas parameter. | |
# 2. Default is 1. | |
# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. | |
strategy: | |
type: RollingUpdate | |
rollingUpdate: | |
maxUnavailable: 1 | |
selector: | |
matchLabels: | |
k8s-app: kube-dns | |
template: | |
metadata: | |
labels: | |
k8s-app: kube-dns | |
annotations: | |
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' | |
spec: | |
priorityClassName: system-cluster-critical | |
serviceAccountName: coredns | |
tolerations: | |
- key: "CriticalAddonsOnly" | |
operator: "Exists" | |
nodeSelector: | |
beta.kubernetes.io/os: linux | |
containers: | |
- name: coredns | |
image: k8s.gcr.io/coredns:1.3.1 | |
imagePullPolicy: IfNotPresent | |
resources: | |
limits: | |
memory: __PILLAR__DNS__MEMORY__LIMIT__ | |
requests: | |
cpu: 100m | |
memory: 70Mi | |
args: [ "-conf", "/etc/coredns/Corefile" ] | |
volumeMounts: | |
- name: config-volume | |
mountPath: /etc/coredns | |
readOnly: true | |
ports: | |
- containerPort: 53 | |
name: dns | |
protocol: UDP | |
- containerPort: 53 | |
name: dns-tcp | |
protocol: TCP | |
- containerPort: 9153 | |
name: metrics | |
protocol: TCP | |
livenessProbe: | |
httpGet: | |
path: /health | |
port: 8080 | |
scheme: HTTP | |
initialDelaySeconds: 60 | |
timeoutSeconds: 5 | |
successThreshold: 1 | |
failureThreshold: 5 | |
readinessProbe: | |
httpGet: | |
path: /health | |
port: 8080 | |
scheme: HTTP | |
securityContext: | |
allowPrivilegeEscalation: false | |
capabilities: | |
add: | |
- NET_BIND_SERVICE | |
drop: | |
- all | |
readOnlyRootFilesystem: true | |
dnsPolicy: Default | |
volumes: | |
- name: config-volume | |
configMap: | |
name: coredns | |
items: | |
- key: Corefile | |
path: Corefile | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: kube-dns | |
namespace: kube-system | |
annotations: | |
prometheus.io/port: "9153" | |
prometheus.io/scrape: "true" | |
labels: | |
k8s-app: kube-dns | |
kubernetes.io/cluster-service: "true" | |
addonmanager.kubernetes.io/mode: Reconcile | |
kubernetes.io/name: "CoreDNS" | |
spec: | |
selector: | |
k8s-app: kube-dns | |
clusterIP: __PILLAR__DNS__SERVER__ | |
ports: | |
- name: dns | |
port: 53 | |
protocol: UDP | |
- name: dns-tcp | |
port: 53 | |
protocol: TCP | |
- name: metrics | |
port: 9153 | |
protocol: TCP |