最新消息:XAMPP默认安装之后是很不安全的,我们只需要点击左方菜单的 "安全"选项,按照向导操作即可完成安全设置。

coredns 排错记

XAMPP相关 admin 287浏览 0评论

CoreDNS 安装
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:coredns
rules:
- apiGroups:
- “”
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: “true”
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system

apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
log
errors
health
kubernetes cluster.local 172.0.0.0/8 in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
proxy . /etc/resolv.conf
cache 30
reload
}

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/name: “CoreDNS”
spec:
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: coredns
template:
metadata:
labels:
k8s-app: coredns
spec:
serviceAccountName: coredns
tolerations:
- key: “CriticalAddonsOnly”
operator: “Exists”
containers:
- name: coredns
image: hub.issll.com/kubernetes/coredns:1.1.0
imagePullPolicy: IfNotPresent
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8081
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile

apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/cluster-service: “true”
kubernetes.io/name: “CoreDNS”
spec:
selector:
k8s-app: coredns
clusterIP: 172.21.0.2
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
在master结点上执行

kubectl apply -f coredns.yaml
主要修改文件
nodes结点上的/etc/resolv.conf

$ cat /etc/resolv.conf
# Generated by NetworkManager
search default.svc.cluster.local middleware.svc.cluster.local svc.cluster.local cluster.local
nameserver 192.168.1.254
打印每个pods上的出错日志
for p in $(kubectl get pods –namespace=kube-system -l k8s-app=coredns -o name); do kubectl logs –namespace=kube-system $p; done
用busybox 检验coredns解析效果
kubectl exec -ti busybox — nslookup redis-master
因为结点上的search 域的设定,等于

kubectl exec -ti busybox — nslookup redis-master.middleware.svc.cluster.local
这里 redis-master 是布署在 middleware 命名空间下的一个pod

CoreDNS 已知 Bug
重新加载时,在启动新服务器实例之前停止运行状况处理程序。如果新服务器无法启动,则初始服务器实例仍然可用且仍然提供DNS查询,但Health处理程序保持关闭状态。在成功重新加载或完全重新启动CoreDNS之前,Health运行状况不会回复HTTP请求。

后记
在新 pod 创建后, CoreDNS 更新有问题, 需要解决

转载请注明:XAMPP中文组官网 » coredns 排错记