1. 陆角网首页
  2. 科普常识

Lu Lv At Nh ,Ce Os Yb As Tc Bi Br Kr(Lu Lv At Nh ,Ce Os Yb As Tc Bi Br Kr)

科普常识

背景: 前端Pod 需要 访问 后端Pod ,可以采用service 的DNS 解析 ,为Kubernetes集群里的容器提供DNS服务,用于解析service名称

一、部署CoreDNS Pod
CoreDNS 是用于service做dns解析的,部署完成之后就可以通过service的名称访问service实现访问pod,CoreDNS是当前k8s的默认dns

[root@master-1 yaml]# cat coredns.yaml # Warning: This is a file generated from the base underscore template file: coredns.yaml.baseapiVersion: v1kind: ServiceAccountmetadata:  name: coredns  namespace: kube-system  labels:      kubernetes.io/cluster-service: "true"      addonmanager.kubernetes.io/mode: Reconcile---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:  labels:    kubernetes.io/bootstrapping: rbac-defaults    addonmanager.kubernetes.io/mode: Reconcile  name: system:corednsrules:- apiGroups:  - ""  resources:  - endpoints  - services  - pods  - namespaces  verbs:  - list  - watch---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:  annotations:    rbac.authorization.kubernetes.io/autoupdate: "true"  labels:    kubernetes.io/bootstrapping: rbac-defaults    addonmanager.kubernetes.io/mode: EnsureExists  name: system:corednsroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: system:corednssubjects:- kind: ServiceAccount  name: coredns  namespace: kube-system---apiVersion: v1kind: ConfigMapmetadata:  name: coredns  namespace: kube-system  labels:      addonmanager.kubernetes.io/mode: EnsureExistsdata:  Corefile: |    .:53 {        errors        health        kubernetes cluster.local in-addr.arpa ip6.arpa {            pods insecure            upstream            fallthrough in-addr.arpa ip6.arpa        }        prometheus :9153        proxy . /etc/resolv.conf        cache 30        loop        reload        loadbalance    }---apiVersion: apps/v1kind: Deploymentmetadata:  name: coredns  namespace: kube-system  labels:    k8s-app: kube-dns    kubernetes.io/cluster-service: "true"    addonmanager.kubernetes.io/mode: Reconcile    kubernetes.io/name: "CoreDNS"spec:  # replicas: not specified here:  # 1. In order to make Addon Manager do not reconcile this replicas parameter.  # 2. Default is 1.  # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.  strategy:    type: RollingUpdate    rollingUpdate:      maxUnavailable: 1  selector:    matchLabels:      k8s-app: kube-dns  template:    metadata:      labels:        k8s-app: kube-dns      annotations:        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'    spec:      serviceAccountName: coredns      tolerations:        - key: node-role.kubernetes.io/master          effect: NoSchedule        - key: "CriticalAddonsOnly"          operator: "Exists"      containers:      - name: coredns        image: lizhenliang/coredns:1.2.2        imagePullPolicy: IfNotPresent        resources:          limits:            memory: 170Mi          requests:            cpu: 100m            memory: 70Mi        args: [ "-conf", "/etc/coredns/Corefile" ]        volumeMounts:        - name: config-volume          mountPath: /etc/coredns          readOnly: true        ports:        - containerPort: 53          name: dns          protocol: UDP        - containerPort: 53          name: dns-tcp          protocol: TCP        - containerPort: 9153          name: metrics          protocol: TCP        livenessProbe:          httpGet:            path: /health            port: 8080            scheme: HTTP          initialDelaySeconds: 60          timeoutSeconds: 5          successThreshold: 1          failureThreshold: 5        securityContext:          allowPrivilegeEscalation: false          capabilities:            add:            - NET_BIND_SERVICE            drop:            - all          readOnlyRootFilesystem: true      dnsPolicy: Default      volumes:        - name: config-volume          configMap:            name: coredns            items:            - key: Corefile              path: Corefile---apiVersion: v1kind: Servicemetadata:  name: kube-dns  namespace: kube-system  annotations:    prometheus.io/port: "9153"    prometheus.io/scrape: "true"  labels:    k8s-app: kube-dns    kubernetes.io/cluster-service: "true"    addonmanager.kubernetes.io/mode: Reconcile    kubernetes.io/name: "CoreDNS"spec:  selector:    k8s-app: kube-dns  clusterIP: 10.0.0.2   ports:  - name: dns    port: 53    protocol: UDP  - name: dns-tcp    port: 53    protocol: TCP

[root@k8s-master1 yaml]# kubectl apply -f coredns.yaml

serviceaccount/coredns created

clusterrole.rbac.authorization.k8s.io/system:coredns created

clusterrolebinding.rbac.authorization.k8s.io/system:coredns created

configmap/coredns created

deployment.apps/coredns created

service/kube-dns created

#查看Pod状态

[root@k8s-master1 yaml]# kubectl get pods -n kube-systemNAME READY STATUS RESTARTS AGEcoredns-6d8cfdd59d-87b7p 0/1  ContainerCreating 0 40s

#下载完成

[root@k8s-master1 yaml]# kubectl get pods -n kube-systemNAME READY STATUS RESTARTS AGEcoredns-6d8cfdd59d-7dfjz 1/1 Running 0 3m44s

二、创建Pod 测试

[root@master-1 yaml]# cat test.yaml apiVersion: v1kind: Podmetadata:     name: busybox    namespace: defaultspec:    containers:      - image: busybox:1.28.4        command:          - sleep          - "3600"        imagePullPolicy: IfNotPresent        name: busybox    restartPolicy: Always
[root@k8s-master1 yaml]# kubectl apply -f test.yamlpod/busybox created

#查看Pod状态

[root@k8s-master1 yaml]# kubectl get pods -o wideNAME                                  READY    STATUS    RESTARTS   AGE     IP           NODE        NOMINATED NODE   READINESS GATESbusybox                                1/1     Running    1          5m59s   10.244.2.6   k8s-node3   <none>           <none>nginx-demo-574b6ddfd8-j487f            1/1     Running    1          40h     10.244.2.64  node-3      <none>           <none>

#为了测试dns 解析,需要先查看下同命名空间内的 另一个pod 的service

[root@master-1 yaml]# kubectl get serviceNAME          TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGEkubernetes    ClusterIP   10.0.0.1     <none>        443/TCP        17dnginx-demo    NodePort    10.0.0.238   <none>        80:32729/TCP   40h

#可以看到另一个POD的 cluster-ip 为 10.0.0.238,service名称 为 nginx-demo

#进入到容器里面(访问同命名空间内的POD资源)

[root@k8s-master1 yaml]# kubectl exec -it busybox sh

/ # ping nginx-demoPING web (10.0.0.238): 56 data bytes64 bytes from 10.0.0.238: seq=0 ttl=64 time=0.135 ms64 bytes from 10.0.0.238: seq=1 ttl=64 time=0.158 ms64 bytes from 10.0.0.238: seq=2 ttl=64 time=0.236 ms64 bytes from 10.0.0.238: seq=3 ttl=64 time=0.127 ms

#可以看到通过service name ,DNS 可以直接ping通另一个 POD

#再通过dns 来访问下另一个POD的业务(通过查看上面另一个pod的service 可以看到暴露的 cluster-ip 的端口为 80)

[root@k8s-master1 yaml]# kubectl exec -it busybox sh/ # curl nginx-demo<!DOCTYPE html><html><head><title>Hello World</title><link href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAGPElEQVR42u1bDUyUdRj/iwpolMlcbZqtXFnNsuSCez/OIMg1V7SFONuaU8P1MWy1lcPUyhK1uVbKcXfvy6GikTGKCmpEyoejJipouUBcgsinhwUKKKJ8PD3vnzsxuLv35Q644+Ue9mwH3P3f5/d7n6/3/3+OEJ/4xCc+8YQYtQuJwB0kIp+JrzUTB7iJuweBf4baTlJ5oCqw11C/JHp+tnqBb1ngT4z8WgReTUGbWCBGq0qvKRFcHf4eT/ZFBKoLvMBGIbhiYkaQIjcAfLAK+D8z9YhjxMgsVUGc84+gyx9AYD0khXcMfLCmUBL68HMZ+PnHxyFw3Uwi8B8hgJYh7j4c7c8PV5CEbUTUzBoHcU78iIl/FYFXWmPaNeC3q4mz5YcqJPI1JGKql2Z3hkcjD5EUznmcu6qiNT+Y2CPEoH3Wm4A/QERWQFe9QQ0caeCDlSZJrht1HxG0D3sOuCEiCA1aj4ZY3Ipzl8LiVtn8hxi5zRgWM8YYPBODF/9zxOLcVRVs+YGtwFzxCs1Bo9y+avBiOTQeUzwI3F5+kOwxsXkkmWNHHrjUokqtqtSyysW5gUHV4mtmZEHSdRkl+aELvcFIRN397gPPXD4ZgbxJW1S5OJdA60MgUAyHu1KfAz+pfCUtwr+HuQc8ORQ1jK4ZgGsTvcY5uQP5oYkY2HfcK5sGLpS6l1xZQwNn7Xkedp3OgMrWC1DX0Qwnms/A1rK9cF9atNVo18DP/3o5fF99BGo7LFDRWgMJJQaYQv/PyOcHySP0TITrBIhYb+WSHLrlNGEx5NeXgj2paW8C5rs46h3Dc3kt3G2Ogr9aqoes+f5RvbL1aJ5iXnKnxkfIEoB3N/zHeHAmF9ovwryvYvC9TysnICkEonPX212vvOU8+As6eS+QCDAw0aNLABq6LO8DkJMSSznMMEfScFFGwCJYXbDV7lq17RYIQu+QTYpjRUBM3gZQIt+cOwyTpWRpYBQRsKrgU4ceNS4JkCSxLI1+ZsIS0NvXB6sLE/tL5EQkQJKOm52YON9y7glqJkCSOqzrD6Uvc1wZ1EBA07V/IafmN4ckHG+ugJkSEHuVQQ0ENFy9BLP3R0NR4ymHJGRWFWBnZ6fPVwMBF9EDgrD2z0USqtoaHJKw49SBoZ2dWggIxmcEsvspYLLi4PKNDrvv68OfuKLt/68MqiJAan4Q0IpDm6G7r8fue692X4fI7PiByqA6AqygNh0XHIaClDOkpz9aGVRJABo8CTP+3sqfHZJQeqkSgvHZn+xaqEICKAlhECSGO60MWdVF4IcesDL/ExUSYN3okCrD31fqHZLwcWkq5owPVUoA3UcIgdBv10BrV7vdz3b39kBhw0kVE2BNirG/bqRghyPqIcBKQkKJcVgE1LQ1wR3S5ooqCDBKlSEUzGdyFBNwvq1RTQT0b4BOF5+BgoayCUqAtTLMSXsRzl6uHX8EONoUtXS2KCfAusOsyVwFLV1tznNAuzflAGxb+R/esGuodDcD0bUVbYLelhRf/mWD08ogdYtTjNwYbIsrORhBIwJMPOTWHh1i6Lriz107FUKviivcZvfp8WZvN8TmbVS2rtsHI8mMtn9gSe50KAz79yWw8490OGYpp8lsTUGictd3EA6PHVwB20+mYUNURo/aMs4dhqjsdcoOWGxH5yYu0g0P0EzFBd7DxZoVHY7aHmWtB6VunwhLB6P0gFULk6zhJnvnBw5HW9D9N5GkpQEjMBcQOg+JMBNxjMZgHISawvGZHiKw+0mybv5ozP0txgvk07AQvWxAoh98sXsur3RmwMStxIud9fiIzMAIXTV6yNqxHaH7gg1GA7bgxVvHfEjq1hAl10ZM/A46gO0x0bOPoiHpSEDvsMZhXVVbVRL4TLz2E140EK1dgsnnd9mBaHcmwuigJHeCGLkXvHNaNHOBP4J/HYmoGbGwsJU1ka0nAvM2ht40758ZNmvvRRJ24l3roMa7MxVq4jpRdyMRc8bh9wR0TyIRWdR9hzNXaJs3Ftif6KDWuBcBH0hErky2bNraV5E9jcBjiapE1ExHkO8iEY1OvjLTjAkugezh7ySqFUPoXHTtZAR7ncY4rRrYYgtcCtGHPUgmjEhPmiKXjXc/l4g6HfGJT3ziEw/If86JzB/YMku9AAAAAElFTkSuQmCC" rel="icon" type="image/png" /><style>body {  margin: 0px;  font: 20px 'RobotoRegular', Arial, sans-serif;  font-weight: 100;  height: 100%;  color: #0f1419;}div.info {  display: table;  background: #e8eaec;  padding: 20px 20px 20px 20px;  border: 1px dashed black;  border-radius: 10px;  margin: 0px auto auto auto;}div.info p {    display: table-row;    margin: 5px auto auto auto;}div.info p span {    display: table-cell;    padding: 10px;}img {    width: 176px;    margin: 36px auto 36px auto;    display:block;}div.smaller p span {    color: #3D5266;}h1, h2 {  font-weight: 100;}div.check {    padding: 0px 0px 0px 0px;    display: table;    margin: 36px auto auto auto;    font: 12px 'RobotoRegular', Arial, sans-serif;}#footer {    position: fixed;    bottom: 36px;    width: 100%;}#center {    width: 400px;    margin: 0 auto;    font: 12px Courier;}</style><script>var ref;function checkRefresh(){    if (document.cookie == "refresh=1") {        document.getElementById("check").checked = true;        ref = setTimeout(function(){location.reload();}, 1000);    } else {    }}function changeCookie() {    if (document.getElementById("check").checked) {        document.cookie = "refresh=1";        ref = setTimeout(function(){location.reload();}, 1000);    } else {        document.cookie = "refresh=0";        clearTimeout(ref);    }}</script></head><body onload="checkRefresh();"><img alt="NGINX Logo" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAWAAAABICAMAAAD/N9+RAAAAVFBMVEUAAAAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQDBect+AAAAG3RSTlMAB0AY8SD5SM82v1npsJ/YjSl0EVLftqllgMdZgsoQAAAHd0lEQVR42szZ6XabMBCG4ZGFxSazLzZz//fZc9I4JpbEN8LQ0/dnGwJ5DJGG0HdpM9kkuzVXiqussmRpLrRdnwqDp9ePyY7zXdFbqptHOz00RTVUxWiyquvJ26Upknp2/heWN0Uyzt3qYtKMn805ybsW/LdK01YVC6sVELH81XJ9o6j5q6Qkcepe83dJp8ipf161HSgm1TyPK5//cuN1d5KmE342bsnkLK6hre78LNG0KuWfOrFDwats69w8ln+qFIlrx9Vxf8808e8eJGx9YEXhCpZ3kX2gfFtbrX4m05IonTE7wsGLnpXY1/Kqr3v/5r+NcAOvy8HXCRt74W+alH568KqCJKmM37LafVhe3ZTU1/mmA7uV9Ar8vPjZVCPDZI+CDdwFC68yIooZnbhmIAx8XyoZu5mcYO9HzhSo47gGCqR53ULPlAGPkuyazJVeKWYsjH15Djy/VhPO8LoM/OJE4XNfeJ19LUfRj18KF9gLA2GZL4/UsLdFHQVccWyTCDjZD9wm7Kt2PgIgjH3ZBlf46iDgnOO7nwusavZmVoCaPU0q1pcnshyoOwa44PiS66nANw7U0isbK5x7j3gQB0uPAB54T8WZwA/RHrxhLIx9TbsBnLSfA6uRd9WdBzywCFiNUcJ5wr4eRByu7j8G7nhfpj0LuE0A8OtsSBj7ZooIL+dyYLxFm27+EvfSzgHua/GYXrK3Qol9a03bwNxEAeMt2ix/bptzgCeGwFhY7ouAufwIOA/PSni3nJ8B3DAElgtjXwxs8k+Al/BdiVfDWh0PPDAAjhXGvgTnVjkwujzbk1t4TWkOB24TBBwrjH2JQZnaC6xGsPdCT296MHA/MgKWC2NfL7Blp2ov8AM88/gNbX8osCrc5xMAA2Ho6wIXHTt1+4C1iZwMW8NvzYcCN67vAICBMPZ1galip3QXcAXHXzyVlB8AYyiT5wAYCWNfF1gtYGYWAufhNynyTWqiDwPOjeelnQiYShMQBr5+YNIWzMwy4CX69afv1NNRwHr07FKEwDT4hTPs6wL7P+tCxQKXm/eifJ963wmMF7hCYWBXGJdpAsBUopkZAyv3j3+i9PUtTa/U9VcAGC1wmgAwFsa+LnBooLxj4K0t2qjo8AAwWuAIAO8TznoSANMEZmYErA14p3EyMF7gSgLAQBj4ImBVg5kZAM/8u4VAJwJ7l+2GADAQBr4A2D+1Z0oMnKM3Y2cD4wUOAANh5IuB6cJOsxg4Q0eeCwwXuFETBnZLDfSVA1NwZsbAJXwN/C+B7771BAAjYeyLgX0z8yACVlawx1NaXh+5TcMLHACGwtgXA6OZ2QUObdGsorfabjIsr4wcNOACB4CBMPLFwOHpcuwx8NWgLXTJURW0H1gtngUOA8cLLz1FAsOZWQ4MfFH5B8CV7x75b4D/NHduS47CMBCVwYFAiDEmCQT+/z/3ZWumah1otZdL/MxMZc5gybJanU8tLI9DhF8PESXJ10k64PAxyn1LiPisMhr/N8kNHF+bpwPOis95+juS3IJOrsgQYBlXj2mWFVHRgHGC+4pj2kKjbG4ufKGRLmdtTTJgc12WKn1BofE7zBTXzAhwtlIqP9h5gmTAbq1xcHqpvBbHBgRY7suXPTl/ROMB4wR36mUPKjXnNwLcrVxXXimRZTLgDBSiZ15XYj3XAwAWv3zh7gnAXtIAx6Etnq888cIdX/fZDgDul1tGvf4Vtn0S4M8J7i7ROq1lhCVHzzwGvBpYbJ5AOEgq4EEzZn5K01MrmqvNOmDTLrft+8FSRzQecFBpO05p26tlnw7oIso14YnJ3i5aL6DF0wMuleqkM4Qn+smcAKRTL1Y65UDQVAO+WK2+7gTplH54usjWAXek+K+LCuxEwGMLul0R4EPFfz8L18zzKmDxIKSCN95LIuBGr3GujpevErqxGQDuLaPuyUAfBAPGg6Mx4OME2DhQVgUJWAIzQnBFfRAeMI5N1XEjBBiwjCxg0+qHYG7wt/GA8capDh+CqYkpCoykjPKWesio2gywEwD4qDEuDNjUJGCptQqUAB5MB3w1APBhg4gYsPQtCbib00Zpi3wrwM1FAOBjR2lrZBXCARY3J623bAS4yAQAPnIYHAOWkgSc2xS+T7MV4CAA8LF2BhiwBAwYP4+lPBsBdgIAH2XIgQHjTf+SrRw5auEAG5Dg9ID3t5TBgM3EWR88eMAVCVieYM5aDXgHUyQAmKiZR9nIFckJC/gFnALUgHew9QKAiZq5A3+EXspDAw7gP64GvIcxXQvfHl2B7tiozSf+y1JSNQ31gRYDQb6HteKQ4B3s4QucflRrDW8OKiHBujCO3s0u5qAjwKR0vnkDozL1emgd5W6EWa1ud7l97G0n3jhYzACOEMlHtVpjeBA/mLf/7IOoQsa7y+b7GDR3Rbw98fKQLy+5xv7VIXowIhy1ztUfbdzLYrz7cbrvRb/K+nf7wPPQpAXsEQ/7l2AXW97/AGkCwaNsIif8zU3y5eZaO/mK/jKDV1s872/Fz11K5TLE1zzEiP1km8ndDMcj3JvmFfqdvubhD8TgHPiN+LViAAAAAElFTkSuQmCC"/><div class="info"><p><span>Server address:</span> <span>10.244.2.64:80</span></p><p><span>Server name:</span> <span>nginx-demo-574b6ddfd8-j487f</span></p><p class="smaller"><span>Date:</span> <span>02/Nov/2020:02:27:02 +0000</span></p><p class="smaller"><span>URI:</span> <span>/</span></p></div><div class="check"><input type="checkbox" id="check" onchange="changeCookie()"> Auto Refresh</div>    <div id="footer">        <div id="center" align="center">            Request ID: e68c7defa2d82165824b27397b7c05b2<br/>            ? NGINX, Inc. 2018        </div>    </div></body></html>

#可以正常访问到 POD 的前端页面,从而实现pod的互通

#访问不同命名空间的POD,只需在 在service 后面加上 .命名空间名称

首先查看 下另一个命令空间的POD,service 信息

[root@master-1 ~]# kubectl get pods,service -n grafana NAME                           READY   STATUS    RESTARTS   AGEpod/grafana-588856b7f5-shxgg   1/1     Running   1          37hNAME              TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGEservice/grafana   NodePort   10.0.0.56    <none>        80:30768/TCP   41h

#再次进入到 busybox 容器里面

/ # ping grafana.grafana -c 4PING grafana.grafana.svc.cluster.local (10.0.0.56) 56(84) bytes of data.64 bytes from grafana.grafana.svc.cluster.local (10.0.0.56): icmp_seq=1 ttl=64 time=0.071 ms64 bytes from grafana.grafana.svc.cluster.local (10.0.0.56): icmp_seq=2 ttl=64 time=0.098 ms64 bytes from grafana.grafana.svc.cluster.local (10.0.0.56): icmp_seq=3 ttl=64 time=0.120 ms64 bytes from grafana.grafana.svc.cluster.local (10.0.0.56): icmp_seq=4 ttl=64 time=0.104 ms--- grafana.grafana.svc.cluster.local ping statistics ---4 packets transmitted, 4 received, 0% packet loss, time 4msrtt min/avg/max/mdev = 0.071/0.098/0.120/0.019 ms/ # curl grafana.grafana<a href="/login">Found</a>.

#可以看到可以正常ping通,也可以访问到页面内容

备注:

#如果出现下面报错是hosts解析出错重新配置hosts解析

Error from server: error dialing backend: dial tcp: lookup

#添加hosts解析(主机侧的DNS 解析,master,node ,LB 等)

cat >/etc/hosts<<'EOF'

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.2.190 k8s-master1

192.168.2.191 k8s-master2

192.168.2.192 k8s-node1

192.168.2.193 k8s-node2

192.168.2.194 k8s-node3

192.168.2.195 k8s-LB01

192.168.2.196 k8s-LB02

EOF

上一篇 2023-02-09 19:08:09
下一篇 2023-02-09 19:22:33

相关推荐

本站部分内容由互联网用户自发贡献,该文观点仅代表作者本人,本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。

如发现本站有涉嫌抄袭侵权/违法违规等内容,请联系我们举报!一经查实,本站将立刻删除。