[BIN] coredns

[BIN] coredns # 

# Corefile
source ~/.k8s.env

cat > ${COREDNSCFG} << EOF
.:53 {
    log
    errors
    bind ${NODEIP}
    health {
        lameduck 5s
    }
    ready
    kubernetes cluster.local in-addr.arpa ip6.arpa {
        pods insecure
        fallthrough in-addr.arpa ip6.arpa
        endpoint https://${NODEIP}:6443
        tls /etc/kubernetes/pki/apiserver-coredns-client.crt /etc/kubernetes/pki/apiserver-coredns-client.key /etc/kubernetes/pki/ca.crt
    }
    prometheus ${NODEIP}:9153
    forward . /etc/resolv.conf {
        max_concurrent 1000
    }
    cache 30
    loop
    reload
    loadbalance
 }
EOF

# 设置集群角色&绑定用户
echo '# 创建集群角色
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: coredns
rules:
- apiGroups: ["discovery.k8s.io"]
  resources: ["endpointslices"]
  verbs: ["get","watch","list"]
- apiGroups: [""]
  resources: ["endpoints","nodes","pods","namespaces","services"]
  verbs: ["get", "watch", "list"]
' | kubectl apply -f -

# 绑定用户
echo '# 绑定用户
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: coredns-access-resources
subjects:
- kind: User
  name: coredns
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: coredns
  apiGroup: rbac.authorization.k8s.io
' | kubectl apply -f -

# 更新Docker-compose
cat >> ${K8SDIR}/docker-compose.yaml << EOF
  coredns:
    image: registry.aliyuncs.com/google_containers/coredns:v1.10.1
    restart: always
    network_mode: "host"
    command:
      - -conf=/etc/coredns/Corefile
    volumes:
      - ${COREDNSDIR}:/etc/coredns
      - ${CERTDIR}:/etc/kubernetes/pki

EOF

# 创建Service & Endpoint
echo "
---
apiVersion: v1
kind: Service
metadata:
  namespace: kube-system
  name: kube-dns
spec:
  type: ClusterIP
  ports:
  - port: 53
    protocol: DNS
    targetPort: 53
    name: tcp
  clusterIP: ${DNSIP}
  ports:
  - name: dns
    port: 53
    protocol: UDP
    targetPort: 53
  - name: dns-tcp
    port: 53
    protocol: TCP
    targetPort: 53
  - name: metrics
    port: 9153
    protocol: TCP
    targetPort: 9153

---
apiVersion: v1
kind: Endpoints
metadata:
  namespace: kube-system
  name: kube-dns
subsets:
- addresses:
  - ip: ${NODEIP}
  ports:
  - name: dns-tcp
    port: 53
    protocol: TCP
  - name: dns
    port: 53
    protocol: UDP
  - name: metrics
    port: 9153
    protocol: TCP
" | kubectl apply -f -