二进制部署coredns与kube-apiserver通讯

准备

mkdir -p /opt/coredns/{ssl,cfg,bin}
tar zxf coredns_1.6.5_linux_amd64.tgz
cp coredns /opt/coredns/bin

认证文件

# cd到kube-apiserver的ca目录下
cat > coredns-csr.json <

 
 # 生成coredns的用户token
COREDNS_TOKEN=$(head -c 16 /dev/urandom | od -An -t x | tr -d ' ')
echo ${COREDNS_TOKEN},coredns,11000,"system:coredns" >> /opt/kubernetes/cfg/token.csv #这里要修改为实际的token.csv文件存放位置
systemctl restart kube-apiserver
 
 # 生成coredns.kubeconfig
kubectl config set-cluster kubernetes \
--certificate-authority=./ca.pem \
--embed-certs=true \
--server=https://192.168.3.210:6443 \ #这里修改为自己master IP和port
--kubeconfig=coredns.kubeconfig

kubectl config set-credentials coredns \
--token=c16e4b6c0b61a0ed2cdca9b3a845ff50 \ #刚才生成的COREDNS_TOKEN
--kubeconfig=coredns.kubeconfig

kubectl config set-context default \
--cluster=kubernetes \
--user=coredns \
--kubeconfig=coredns.kubeconfig

kubectl config use-context default --kubeconfig=coredns.kubeconfig

cp coredns.kubeconfig /opt/coredns/cfg
 
 # Corefile.conf
vim /opt/coredns/cfg/Corefile.conf
.:53 {
    errors
    #health {   # 这三行要注释掉，health会检查8080端口，coredns跑在pod里没问题，跑在物理机上8080有可能会被其他进程占用，就会报错
    #  lameduck 5s
    #}
    ready
    kubernetes cluster.local 10.0.0.0/24 {
      endpoint https://192.168.3.210:6443 #修改为自己的master IP和Port
      tls /opt/coredns/ssl/ca.pem /opt/core/ssl/kube-coredns-key.pem /opt/coredns/ssl/kube-coredns.pem
      kubeconfig /opt/coredns/cfg/coredns.kubeconfig default
      pods insecure
      fallthrough in-addr.arpa ip6.arpa
    }
    prometheus :9153
    forward . /etc/resolv.conf
    cache 30
    loop
    reload
    loadbalance
} 
 
  
  添加权限 
  
 kubectl create clusterrole system:coredns --verbs=get,list,watch --resources=namespaces,endpoints,services
kubectl create clusterrolebinding kube-coredns --clusterrole=system:coredns --user=coredns
# coredns会向kube-apiserver {get, list, watch} {namespaces, services, endpoints}这三种资源
 
  
  运行coredns 
  
 /opt/coredns/bin/coredns -conf=/opt/coredns/cfg/Corefile.conf
.:53
[INFO] plugin/reload: Running configuration MD5 = 2299af1028b5058798532783d2adcecf
CoreDNS-1.6.5
linux/amd64, go1.13.4, c2fd1b2
 
  
  其他 
    
    开机启动coredns 
   
  
  
 cat > /usr/lib/systemd/system/coredns.service <
 
 useradd coredns -s /sbin/nologin
systemctl daemon-reload
systemctl enable coredns && systemctl start coredns
systemctl status coredns

二进制部署coredns与kube-apiserver通讯

你可能感兴趣的:(二进制部署coredns与kube-apiserver通讯)