Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

64 of kubernetes practice: CoreDNS

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

One: brief introduction

1.Kubernetes includes the DNS server Kube-DNS for service discovery. The DNS server leverages SkyDNS's library to provide DNS requests for Kubernetes pod and services. The author of SkyDNS2, Miek Gieben, has created a new DNS server, CoreDNS, built with a more modular, extensible framework. Infoblox has partnered with Miek to use this DNS server as a replacement for Kube-DNS.

2.CoreDNS leverages the server framework developed as part of the Web server Caddy. The framework has a very flexible and extensible model for passing requests through various middleware components. These middleware components provide different operations upon request, such as recording, redirecting, modifying, or maintaining. Although it started out as a Web server, Caddy is not specific to the HTTP protocol, but builds an ideal framework based on CoreDNS.

3. Adding support for Kubernetes to this flexible model is equivalent to creating a Kubernetes middleware. The middleware uses Kubernetes API to satisfy DNS requests for a particular Kubernetes pod or service. And because Kube-DNS is another service of Kubernetes, there is no tight binding between kubelet and Kube-DNS. You just need to pass the IP address and domain name of the DNS service to kubelet, and Kubernetes doesn't care who is actually processing the IP request.

4.CoreDNS can be run in a Kubernetes cluster with standard Kube-DNS. Used as a plug-in for Kubernetes, CoreDNS will read zone data from the Kubernetes cluster. It implements the specification defined for Kubernetes's DNS service discovery: Kubernetes DNS-Based Service Discovery.

Two: deployment

Deployment of CoreDNS requires the use of two officially provided files, deploy.sh and coredns.yaml.sed

1.deploy.sh is a tool script used to generate and run the CoreDNS deployment file (manifest) in a cluster that is already running kube-dns. It uses the coredns.yaml.sed file as a template to create a deployment for ConfigMap and CoreDNS, and then updates the selector of existing kube-dns services in the cluster using CoreDNS's deployment. Reusing an existing service does not conflict with the request of the service.

The 2.deploy.sh file does not delete kube-dns 's deployment or replication controller. If you want to delete kube-dns, you must manually delete kube-dns after deploying CoreDNS.

3. Replacing Kube-DNS with CoreDNS requires only the following two commands:

Click (here) to collapse or open

$. / deploy.sh | kubectl apply-f-

$kubectl delete-namespace=kube-system deployment kube-dns4.deploy.sh (https://github.com/coredns/deployment/tree/master/kubernetes)

Click (here) to collapse or open

#! / bin/bash

# Deploys CoreDNS to a cluster currently running Kube-DNS.

Show_help () {

Cat & 2 echo "Error! The IP address for DNS service couldn't be determined automatically. Please specify the DNS-IP with the'- I 'option."

Exit 2

Fi

Fi

Sed-e s/CLUSTER_DNS_IP/$CLUSTER_DNS_IP/g-e s/CLUSTER_DOMAIN/$CLUSTER_DOMAIN/g-e "s?REVERSE_CIDRS?$REVERSE_CIDRS?g" $YAML_TEMPLATE5.coredns.yaml.sed

Click (here) to collapse or open

ApiVersion: v1

Kind: ServiceAccount

Metadata:

Name: coredns

Namespace: kube-system

-

ApiVersion: rbac.authorization.k8s.io/v1beta1

Kind: ClusterRole

Metadata:

Labels:

Kubernetes.io/bootstrapping: rbac-defaults

Name: system:coredns

Rules:

-apiGroups:

-"

Resources:

-endpoints

-services

-pods

-namespaces

Verbs:

-list

-watch

-

ApiVersion: rbac.authorization.k8s.io/v1beta1

Kind: ClusterRoleBinding

Metadata:

Annotations:

Rbac.authorization.kubernetes.io/autoupdate: "true"

Labels:

Kubernetes.io/bootstrapping: rbac-defaults

Name: system:coredns

RoleRef:

ApiGroup: rbac.authorization.k8s.io

Kind: ClusterRole

Name: system:coredns

Subjects:

-kind: ServiceAccount

Name: coredns

Namespace: kube-system

-

ApiVersion: v1

Kind: ConfigMap

Metadata:

Name: coredns

Namespace: kube-system

Data:

Corefile: |

.: 53 {

Errors

Health

Kubernetes CLUSTER_DOMAIN REVERSE_CIDRS {

Pods insecure

Upstream

Fallthrough in-addr.arpa ip6.arpa

}

Prometheus: 9153

Proxy. / etc/resolv.conf

Cache 30

Reload

}

-

ApiVersion: extensions/v1beta1

Kind: Deployment

Metadata:

Name: coredns

Namespace: kube-system

Labels:

K8s-app: kube-dns

Kubernetes.io/name: "CoreDNS"

Spec:

Replicas: 2

Strategy:

Type: RollingUpdate

RollingUpdate:

MaxUnavailable: 1

Selector:

MatchLabels:

K8s-app: kube-dns

Template:

Metadata:

Labels:

K8s-app: kube-dns

Spec:

ServiceAccountName: coredns

Tolerations:

-key: "CriticalAddonsOnly"

Operator: "Exists"

Containers:

-name: coredns

Image: coredns/coredns:1.1.3

ImagePullPolicy: IfNotPresent

Args: ["- conf", "/ etc/coredns/Corefile"]

VolumeMounts:

-name: config-volume

MountPath: / etc/coredns

ReadOnly: true

Ports:

-containerPort: 53

Name: dns

Protocol: UDP

-containerPort: 53

Name: dns-tcp

Protocol: TCP

-containerPort: 9153

Name: metrics

Protocol: TCP

SecurityContext:

AllowPrivilegeEscalation: false

Capabilities:

Add:

-NET_BIND_SERVICE

Drop:

-all

ReadOnlyRootFilesystem: true

LivenessProbe:

HttpGet:

Path: / health

Port: 8080

Scheme: HTTP

InitialDelaySeconds: 60

TimeoutSeconds: 5

SuccessThreshold: 1

FailureThreshold: 5

DnsPolicy: Default

Volumes:

-name: config-volume

ConfigMap:

Name: coredns

Items:

-key: Corefile

Path: Corefile

-

ApiVersion: v1

Kind: Service

Metadata:

Name: kube-dns

Namespace: kube-system

Annotations:

Prometheus.io/scrape: "true"

Labels:

K8s-app: kube-dns

Kubernetes.io/cluster-service: "true"

Kubernetes.io/name: "CoreDNS"

Spec:

Selector:

K8s-app: kube-dns

ClusterIP: CLUSTER_DNS_IP

Ports:

-name: dns

Port: 53

Protocol: UDP

-name: dns-tcp

Port: 53

Protocol: TCP III: remarks

For non-RBAC deployments, you need to edit the resulting yaml file:

1. Delete serviceAccountName: coredns from the Deployment section of the yaml file

two。 Delete the ServiceAccount, ClusterRole, and ClusterRoleBinding sections

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report