一.需求
让每个pod访问dhyxtest.ceair.com可以定位到47.97.32.251
即相当于/etc/hosts中有47.97.32.251 dhyxtest.ceair.com
二.解决方案
1.在coredns.yaml中添加
hosts {
47.97.32.251 dhyxtest.ceair.com
fallthrough
}
最终的coredns.yaml的内容如下
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service:
"true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
-
""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate:
"true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.:
53
{
errors
health
kubernetes cluster.local. in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
hosts {
47.97
.
32.251
dhyxtest.ceair.com
fallthrough
}
prometheus :
9153
proxy . /etc/resolv.conf
cache
30
loop
reload
loadbalance
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service:
"true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name:
"CoreDNS"
spec:
replicas:
2
# replicas: not specified here:
#
1
. In order to make Addon Manager
do
not reconcile
this
replicas parameter.
#
2
. Default is
1
.
#
3
. Will be tuned in real time
if
DNS horizontal auto-scaling is turned on.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable:
1
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod:
'docker/default'
spec:
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key:
"CriticalAddonsOnly"
operator:
"Exists"
containers:
- name: coredns
image: coredns/coredns:
1.2
.
2
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [
"-conf"
,
"/etc/coredns/Corefile"
]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly:
true
ports:
- containerPort:
53
name: dns
protocol: UDP
- containerPort:
53
name: dns-tcp
protocol: TCP
- containerPort:
9153
name: metrics
protocol: TCP
livenessProbe:
httpGet:
path: /health
port:
8080
scheme: HTTP
initialDelaySeconds:
60
timeoutSeconds:
5
successThreshold:
1
failureThreshold:
5
securityContext:
allowPrivilegeEscalation:
false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem:
true
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port:
"9153"
prometheus.io/scrape:
"true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service:
"true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name:
"CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP:
10.254
.
0.2
ports:
- name: dns
port:
53
protocol: UDP
- name: dns-tcp
port:
53
protocol: TCP
|
2.kubectl apply -f coredns.yaml
3.效果
