生成coredns 部署yaml

vi coredns.yaml
# __MACHINE_GENERATED_WARNING__

apiVersion: v1
kind: ServiceAccount
metadata:
  name: coredns
  namespace: kube-system
  labels:
      kubernetes.io/cluster-service: "true"
      addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: Reconcile
  name: system:coredns
rules:
- apiGroups:
  - ""
  resources:
  - endpoints
  - services
  - pods
  - namespaces
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    addonmanager.kubernetes.io/mode: EnsureExists
  name: system:coredns
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:coredns
subjects:
- kind: ServiceAccount
  name: coredns
  namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
  labels:
      addonmanager.kubernetes.io/mode: EnsureExists
data:
  Corefile: |
    .:53 {
        errors
        health {
            lameduck 5s
        }
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
            pods verified
            endpoint_pod_names
            fallthrough in-addr.arpa ip6.arpa
            ttl 30
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        reload
        loadbalance
    }
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    kubernetes.io/name: "CoreDNS"
spec:
  # replicas: not specified here:
  # 1. In order to make Addon Manager do not reconcile this replicas parameter.
  # 2. Default is 1.
  # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
  replicas: 2
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
  selector:
    matchLabels:
      k8s-app: kube-dns
  template:
    metadata:
      labels:
        k8s-app: kube-dns
      annotations:
        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
    spec:
      priorityClassName: system-cluster-critical
      serviceAccountName: coredns
      tolerations:
        - key: "CriticalAddonsOnly"
          operator: "Exists"
      nodeSelector:
        beta.kubernetes.io/os: linux
      containers:
      - name: coredns
        image: coredns/coredns
        imagePullPolicy: Always
        resources:
          limits:
            memory: 100Mi
          requests:
            cpu: 100m
            memory: 70Mi
        args: [ "-conf", "/etc/coredns/Corefile" ]
        volumeMounts:
        - name: config-volume
          mountPath: /etc/coredns
          readOnly: true
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        - containerPort: 9153
          name: metrics
          protocol: TCP
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        readinessProbe:
          httpGet:
            path: /ready
            port: 8181
            scheme: HTTP
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            add:
            - NET_BIND_SERVICE
            drop:
            - all
          readOnlyRootFilesystem: true
      dnsPolicy: Default
      volumes:
        - name: config-volume
          configMap:
            name: coredns
            items:
            - key: Corefile
              path: Corefile
---
apiVersion: v1
kind: Service
metadata:
  name: kube-dns-v6
  namespace: kube-system
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    kubernetes.io/name: "CoreDNS"
spec:
  selector:
    k8s-app: kube-dns
  clusterIP: 8888:8000::2
  ipFamily: IPv6
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
    protocol: TCP
  - name: metrics
    port: 9153
    protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  name: kube-dns-v4
  namespace: kube-system
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    kubernetes.io/name: "CoreDNS"
spec:
  selector:
    k8s-app: kube-dns
  clusterIP: 10.66.0.2
  ipFamily: IPv4
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
    protocol: TCP
  - name: metrics
    port: 9153
    protocol: TCP
# 配置双栈service IP 对外提供dns服务

部署CoreDNS

 kubectl apply -f coredns.yaml

验证 CoreDNS

root@Qist:/mnt/g/work/ipv6/1/yaml# kubectl -n kube-system  get pod | grep coredns
coredns-68c964545b-flw76                   1/1     Running   0          16h
coredns-68c964545b-gpmxs                   1/1     Running   0          16h
# POD 运行正常
root@Qist:/mnt/g/work/ipv6/1/yaml# kubectl -n kube-system  get svc | grep kube-dns
kube-dns-v4   ClusterIP   10.66.0.2              53/UDP,53/TCP,9153/TCP   16h
kube-dns-v6   ClusterIP   8888:8000::2           53/UDP,53/TCP,9153/TCP   16h
# 验证双栈 service ip 是否能解析域名
[root@k8s-master-1 conf]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.66.0.1:443 rr
  -> 192.168.2.175:5443           Masq    1      1          0
  -> 192.168.2.176:5443           Masq    1      0          0
  -> 192.168.2.177:5443           Masq    1      1          0
TCP  10.66.0.2:53 rr
  -> 10.83.196.192:53             Masq    1      0          0
  -> 10.87.152.128:53             Masq    1      0          0
TCP  10.66.0.2:9153 rr
  -> 10.83.196.192:9153           Masq    1      0          0
  -> 10.87.152.128:9153           Masq    1      0          0
TCP  10.66.252.143:8080 rr
  -> 10.81.251.192:8080           Masq    1      0          0
UDP  10.66.0.2:53 rr
  -> 10.83.196.192:53             Masq    1      0          0
  -> 10.87.152.128:53             Masq    1      0          0
TCP  [8888:8000::2]:53 rr
  -> [fd00::3:c4c0]:53            Masq    1      0          0
  -> [fd00::7:9880]:53            Masq    1      0          0
TCP  [8888:8000::2]:9153 rr
  -> [fd00::3:c4c0]:9153          Masq    1      0          0
  -> [fd00::7:9880]:9153          Masq    1      0          0
UDP  [8888:8000::2]:53 rr
  -> [fd00::3:c4c0]:53            Masq    1      0          0
  -> [fd00::7:9880]:53            Masq    1      0          0
# 负载都已经命中后端
[root@k8s-master-1 conf]# dig @10.66.0.2 www.qq.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> @10.66.0.2 www.qq.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53193
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: c98eef107aa1d9cf (echoed)
;; QUESTION SECTION:
;www.qq.com.                    IN      A

;; ANSWER SECTION:
www.qq.com.             30      IN      CNAME   public-v6.sparta.mig.tencent-cloud.net.
public-v6.sparta.mig.tencent-cloud.net. 30 IN A 113.96.232.215

;; Query time: 15 msec
;; SERVER: 10.66.0.2#53(10.66.0.2)
;; WHEN: Fri May 08 10:35:25 CST 2020
;; MSG SIZE  rcvd: 167
root@k8s-master-1 conf]# dig @8888:8000::2 www.qq.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> @8888:8000::2 www.qq.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35246
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 97748662740b5eae (echoed)
;; QUESTION SECTION:
;www.qq.com.                    IN      A

;; ANSWER SECTION:
www.qq.com.             5       IN      CNAME   public-v6.sparta.mig.tencent-cloud.net.
public-v6.sparta.mig.tencent-cloud.net. 5 IN A  113.96.232.215

;; Query time: 14 msec
;; SERVER: 8888:8000::2#53(8888:8000::2)
;; WHEN: Fri May 08 10:35:50 CST 2020
;; MSG SIZE  rcvd: 167
[root@k8s-master-1 conf]# dig  @8888:8000::2 www.qq.com aaaa

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> @8888:8000::2 www.qq.com aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5136
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: c2911723c65e05f1 (echoed)
;; QUESTION SECTION:
;www.qq.com.                    IN      AAAA

;; ANSWER SECTION:
www.qq.com.             9       IN      CNAME   public-v6.sparta.mig.tencent-cloud.net.
public-v6.sparta.mig.tencent-cloud.net. 9 IN AAAA 240e:ff:f101:10::15f

;; Query time: 9 msec
;; SERVER: 8888:8000::2#53(8888:8000::2)
;; WHEN: Fri May 08 10:36:40 CST 2020
;; MSG SIZE  rcvd: 179
# ipv6 解析 正常返回
[root@k8s-master-1 conf]# ping6 www.qq.com
PING www.qq.com(240e:ff:f101:10::15f (240e:ff:f101:10::15f)) 56 data bytes
64 bytes from 240e:ff:f101:10::15f (240e:ff:f101:10::15f): icmp_seq=1 ttl=55 time=7.78 ms
64 bytes from 240e:ff:f101:10::15f (240e:ff:f101:10::15f): icmp_seq=2 ttl=55 time=8.24 ms
64 bytes from 240e:ff:f101:10::15f (240e:ff:f101:10::15f): icmp_seq=3 ttl=55 time=8.34 ms
^C
--- www.qq.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 7.777/8.116/8.336/0.264 ms
/ # ping6 kube-dns-v6.kube-system.svc.cluster.local
PING kube-dns-v6.kube-system.svc.cluster.local (8888:8000::2): 56 data bytes
64 bytes from 8888:8000::2: seq=0 ttl=64 time=0.118 ms
64 bytes from 8888:8000::2: seq=1 ttl=64 time=0.115 ms
64 bytes from 8888:8000::2: seq=2 ttl=64 time=0.108 ms
^C
--- kube-dns-v6.kube-system.svc.cluster.local ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.108/0.113/0.118 ms
/ #
/ #
/ #
/ # ping6 kube-dns-v4.kube-system.svc.cluster.local
ping6: bad address 'kube-dns-v4.kube-system.svc.cluster.local'
/ # ping kube-dns-v4.kube-system.svc.cluster.local
PING kube-dns-v4.kube-system.svc.cluster.local (10.66.0.2): 56 data bytes
64 bytes from 10.66.0.2: seq=0 ttl=64 time=0.110 ms
64 bytes from 10.66.0.2: seq=1 ttl=64 time=0.107 ms
^C
--- kube-dns-v4.kube-system.svc.cluster.local ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.107/0.108/0.110 ms
# ipv6 ipv4 正常解析