Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to deploy DNS in kubernetes". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

1. Why deploy DNS

Kubernetes provides the concept of service to access services provided by pod through VIP (Service IP is virtual IP (VIP)), but there is another question when using it: how do you know the VIP of an application? For example, we have two applications, one app and one db, each of which is managed by rc or deployment and exposes ports to provide services through service. App needs to connect to the db app. We only know the name of the db app, but we don't know its VIP address. This involves the problem of = service discovery = =.

To solve the above problems, k8s provides three methods of service discovery:

Method 1. API query provided by kubernetes

This method is relatively simple, but there are many problems. First of all, each application has to write the logic that the query depends on the service at startup, which in itself repeats and increases the complexity of the application; secondly, it also leads to the need for applications to rely on kubernetes and cannot be deployed and run separately (of course, it can also be done by adding configuration options, but this is increasing complexity).

Method 2. Environment variable

K8S is supported by default, and this method is based on docker. When each pod starts, K8s writes the IP and port information of all previously existing services to the newly launched pod in the form of environment variables, so that the application in pod can read the environment variables to obtain the address information that depends on the service. But there is a big problem: dependent services must exist before pod starts, otherwise they will not appear in the environment variables.

Method 3.DNS (ideal scheme)

The application only needs to know the specific name of the service and does not need to care about the actual ip address of the service. The intermediate = = service name-IP== conversion is done automatically by DNS. The conversion between name and ip is the function of DNS system.

Introduction to 2.DNS version

The DNS service is not a stand-alone system service, but is a = = addon== installed as a = plug-in = =, not required for the kubernetes cluster (= but highly recommended installation = =). Think of it as an application running on a cluster, but this application is special. At present, there are two commonly used ways to configure DNS, using etcd + kube2sky + skydns + exechealthz before 1.3.After 1.3, you can use kubedns + dnsmasq + sidecar.

The functions of these components are described below.

Before version 1.3

Etcd: DNS Stora

Kube2sky: monitor changes in Service resources through K8S API and register service with etcd

Skydns: provides DNS domain name resolution service and DNS query service for Pod in the cluster

Exechealthz: provides health check for skydns services

Architecture diagram

After version 1.3

Kubedns: monitor changes in Service resources through K8S API and use a tree structure to keep DNS records in memory

Dnsmasq: provides DNS domain name resolution service and DNS query service for Pod in the cluster

Exechealthz: provides health check function for kubedns and dnsmasq services, which is more perfect.

Architecture diagram

It can be seen that kubedns replaces the functions of etcd and kube2sky, provides query services for dnsmasq, and uses a tree structure to keep DNS records in memory.

The role of dnsmasq in kube-dns plug-in: obtain DNS rules through kubedns container, provide DNS query service in cluster, provide DNS cache, improve query performance, reduce pressure on kubedns container, and improve stability.

3. Set up DNS

There are many tutorials built on the Internet, I try one by one! It didn't work out! It's embarrassing! It may be due to different versions of K8s or different ways of building K8s clusters, or the introduction of modules such as ServiceAccount, token and authentication. I won't go into detail here. Through my unremitting efforts (please allow me to install a B..), I finally realized a concise version of DNS: kubedns + dnsmasq + exechealthz. The specific yaml file can be viewed here.

Don't talk too much nonsense, just go to the content!

Dns-rc.yaml

ApiVersion: v1kind: ReplicationControllermetadata: name: kube-dns-v15 namespace: kube-system labels: k8s-app: kube-dns version: v15 kubernetes.io/cluster-service: "true" spec: replicas: 1 selector: k8s-app: kube-dns version: v15 template: metadata: labels: k8s-app: kube-dns version: v15 kubernetes.io/cluster-service: "true" spec: containers: -name: kubedns image: registry.cn-hangzhou.aliyuncs.com/sjq-k8s/kubedns-amd64:1.5 resources: # TODO: Set memory limits when we've profiled the container for large # clusters Then set request = limit to keep this container in # guaranteed class. Currently, this container falls into the # "burstable" category so the kubelet doesn't backoff from restarting it. Limits: cpu: 100m memory: 200Mi requests: cpu: 100m memory: 100Mi livenessProbe: httpGet: path: / healthz port: 8080 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 readinessProbe: httpGet : path: / readiness port: 8081 scheme: HTTP # we poll on pod startup for the Kubernetes master service and # only setup the / readiness HTTP server once that's available. InitialDelaySeconds: 30 timeoutSeconds: 5 args: # command = "/ kube-dns"-kube_master_url= http://192.168.122.10:8080-domain=cluster.local. -dns-port=10053 ports:-containerPort: 10053 name: dns-local protocol: UDP-containerPort: 10053 name: dns-tcp-local protocol: TCP-name: dnsmasq image: registry.cn-hangzhou.aliyuncs.com/sjq-k8s/dnsmasq:1.1 args:-cache-size=1000-no-resolv -server=127.0.0.1#10053 ports:-containerPort: 53 name: dns protocol: UDP-containerPort: 53 name: dns-tcp protocol: TCP-name: healthz image: registry.cn-hangzhou.aliyuncs.com/sjq-k8s/exechealthz-amd64:1.0 resources: # keep request = limit to keep this container In guaranteed class limits: cpu: 10m memory: 20Mi requests: cpu: 10m memory: 20Mi args:-- cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1 > / dev/null-- port=8080 ports:-containerPort: 8080 protocol: TCP dnsPolicy: Default # Don't use cluster DNS.

Because the image is covered by the wall, I directly replaced the image on my Ali cloud, which can be downloaded and used directly. The IP in kube_master_url= http://192.168.122.10:8080 remember to replace it with your own master ip and port.

Dns-svc.yaml

ApiVersion: v1kind: Servicemetadata: name: kube-dns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" kubernetes.io/name: "KubeDNS" spec: selector: k8s-app: kube-dns clusterIP: 192.168.3.10 ports:-name: dns port: 53 protocol: UDP-name: dns-tcp port: 53 protocol: TCP

Replace the ip in clusterIP: 192.168.3.10 with your actual dns cluster ip.

Create rc and service

$kubectl create-f skydns-rc.yaml replicationcontroller "kube-dns-v15" created$ kubectl create-f skydns-svc.yaml service "kube-dns" created

Check to see if running

$kubectl get pod-n kube-systemNAME READY STATUS RESTARTS AGEkube-dns-v15-32902 3Compact 3 Running 02mm $kubectl get svc-n kube-systemNAME CLUSTER-IP EXTERNAL-IP PORT (S) AGEkube-dns 192.168.3.10 53max UDP 7m4. Verify that dns is valid

Verify that the DNS service is working properly by starting a busybox with the nslookup tool:

Busybox.yaml

ApiVersion: v1kind: Podmetadata: name: busybox namespace: defaultspec: containers:-image: busybox command:-sleep-"3600" imagePullPolicy: IfNotPresent name: busybox restartPolicy: Always

Start

$kubectl create-f busybox.yaml pod "busybox" created

After pod runs successfully, test through kubectl exec nslookup

$kubectl exec busybox-- nslookup kubernetesServer: 192.168.3.10Address 1: 192.168.3.10 kube-dns.kube-system.svc.cluster.localName: kubernetesAddress 1: 192.168.3.1 kubernetes.default.svc.cluster.local

Success!

If the namespace of the service you are testing is not default, be sure to add the namespace, or the following error will be reported

$kubectl exec busybox-- nslookup kube-dnsnslookup: can't resolve 'kube-dns'Server: 192.168.3.10Address 1: 192.168.3.10 kube-dns.kube-system.svc.cluster.local

After adding the namespace

Kubectl exec busybox-- nslookup kube-dns.kube-systemServer: 192.168.3.10Address 1: 192.168.3.10 kube-dns.kube-system.svc.cluster.localName: kube-dns.kube-systemAddress 1: 192.168.3.10 kube-dns.kube-system.svc.cluster.local5. Actually build screenshots

Create a success map

Verification success diagram

Possible problems

This is the end of "how to deploy DNS in kubernetes". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.