playbook部署coredns

说明test1是主控节点,目的是给test4 node节点安装coredns,

1、coredns-1.2.2.tar.gz安装包放到主控节点/server/software/k8s/目录下,由playbook中的docker导入镜像

2、准备hosts文件

cat >/k8s/profile/hosts <<EOF

[k8s]

192.168.0.91

192.168.0.92

192.168.0.93

[test0]

192.168.0.92

192.168.0.93

[test1]

192.168.0.91

[test2]

192.168.0.92

[test3]

192.168.0.93

[test4]

192.168.0.94

EOF

3、准备playbook文件

cat >/k8s/profile/deploy_coredns.yaml <<EOF

- hosts: test4

  remote_user: root

  become: yes

  become_method: sudo

  vars:

    cluster_dns_svc_ip: 10.254.0.2

    iface: ens33

  tasks:

    - name: copy coredns config file

      template: src=/k8s/profile/coredns.yaml.j2 dest=/k8s/profile/coredns.yaml

    - name: mkdir directory for coredns package

      file: dest=/server/software/k8s/ state=directory mode=0755

    - name: copy coredns-1.2.2.tar

      copy: src=/server/software/k8s/coredns-1.2.2.tar.gz dest=/server/software/k8s/

    - name: load coredns-1.2.2.tar.gz to docker

      shell: docker load < /server/software/k8s/coredns-1.2.2.tar.gz

    - name: install_coredns

      command: kubectl apply -f /k8s/profile/coredns.yaml

EOF

4、准备coredns模板文件

cat >/k8s/profile/coredns.yaml.j2 <<EOF

apiVersion: v1

kind: ServiceAccount

metadata:

  name: coredns

  namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRole

metadata:

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: system:coredns

rules:

- apiGroups:

  - ""

  resources:

  - endpoints

  - services

  - pods

  - namespaces

  verbs:

  - list

  - watch

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: system:coredns

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: system:coredns

subjects:

- kind: ServiceAccount

  name: coredns

  namespace: kube-system

---

apiVersion: v1

kind: ConfigMap

metadata:

  name: coredns

  namespace: kube-system

data:

  Corefile: |

    .:53 {

        errors

        health

        kubernetes cluster.local. in-addr.arpa ip6.arpa {

          pods insecure

          upstream

          fallthrough in-addr.arpa ip6.arpa

        }

        prometheus :9153

        proxy . /etc/resolv.conf

        cache 30

        reload

        loadbalance

    }

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: coredns

  namespace: kube-system

  labels:

    k8s-app: kube-dns

    kubernetes.io/name: "CoreDNS"

spec:

  replicas: 2

  strategy:

    type: RollingUpdate

    rollingUpdate:

      maxUnavailable: 1

  selector:

    matchLabels:

      k8s-app: kube-dns

  template:

    metadata:

      labels:

        k8s-app: kube-dns

    spec:

      serviceAccountName: coredns

      tolerations:

        - key: node-role.kubernetes.io/master

          effect: NoSchedule

        - key: "CriticalAddonsOnly"

          operator: "Exists"

      containers:

      - name: coredns

        image: coredns/coredns:1.2.0

        imagePullPolicy: IfNotPresent

        resources:

          limits:

            memory: 170Mi

          requests:

            cpu: 100m

            memory: 70Mi

        args: [ "-conf", "/etc/coredns/Corefile" ]

        volumeMounts:

        - name: config-volume

          mountPath: /etc/coredns

          readOnly: true

        ports:

        - containerPort: 53

          name: dns

          protocol: UDP

        - containerPort: 53

          name: dns-tcp

          protocol: TCP

        - containerPort: 9153

          name: metrics

          protocol: TCP

        securityContext:

          allowPrivilegeEscalation: false

          capabilities:

            add:

            - NET_BIND_SERVICE

            drop:

            - all

          readOnlyRootFilesystem: true

        livenessProbe:

          httpGet:

            path: /health

            port: 8080

            scheme: HTTP

          initialDelaySeconds: 60

          timeoutSeconds: 5

          successThreshold: 1

          failureThreshold: 5

      dnsPolicy: Default

      volumes:

        - name: config-volume

          configMap:

            name: coredns

            items:

            - key: Corefile

              path: Corefile

---

apiVersion: v1

kind: Service

metadata:

  name: kube-dns

  namespace: kube-system

  annotations:

    prometheus.io/port: ""

    prometheus.io/scrape: "true"

  labels:

    k8s-app: kube-dns

    kubernetes.io/cluster-service: "true"

    kubernetes.io/name: "CoreDNS"

spec:

  selector:

    k8s-app: kube-dns

  clusterIP: {{ cluster_dns_svc_ip }}

  ports:

  - name: dns

    port: 53

    protocol: UDP

  - name: dns-tcp

    port: 53

    protocol: TCP

EOF

5、开始部署

[root@test1 profile]# ansible-playbook /k8s/profile/deploy_coredns.yaml

playbook部署coredns的更多相关文章

  1. 部署coredns

      1 前提:     1.1不依赖kubeadm的方式,适用于不是使用kubeadm创建的k8s集群,或者kubeadm初始化集群之后,删除了dns相关部署.      1.2 DNS IP :10 ...

  2. 10、二进制安装K8s之部署CoreDNS 和Dashboard

    二进制安装K8s之部署CoreDNS 和Dashboard CoreDNS 和Dashboard 的yaml文件在 k8s源代码压缩包里面可以找到对应的配置文件,很多人从网上直接下载使用别人的,会导致 ...

  3. suse 12 二进制部署 Kubernetets 1.19.7 - 第11章 - 部署coredns组件

    文章目录 1.11.0.部署coredns 1.11.1.测试coredns功能 suse 12 二进制部署 Kubernetes 集群系列合集: suse 12 二进制部署 Kubernetets ...

  4. playbook部署flanneld

    定义playbook的主机组 说明: 1.playbook的主机组和ansible的主机组不一样, 2.playbook的主机组文件必须要和playbook文件在同一个目录下否则会报如下错误: [ro ...

  5. 通过PlayBook部署Zabbix

    编写Linux初始化剧本 初始化剧本环节,主要用户实现关闭Selinux关闭防火墙,一起配置一下阿里云的YUM源地址,和安装EPEL源,为后期的zabbix安装做好铺垫工作. 1.在安装Zabbix之 ...

  6. 通过Playbook部署LAMP

    Ansible的PlayBook文件格式为YAML语言,所以希望你在编写PlayBook前对YAML语法有一定的了解,否则在运行PlayBook的时候经常碰到语法错误提示,这里我们通过介绍批量部署LA ...

  7. playbook部署nginx

    定义playbook的主机组 说明: 1.playbook的主机组和ansible的主机组不一样, 2.playbook的主机组文件必须要和playbook文件在同一个目录下否则会报如下错误: [ro ...

  8. Kubernets二进制安装(15)之安装部署coredns

    在运维主机上(mfyxw50.mfyxw.com)准备Coredns镜像文件,以docker镜像文件的方式部署到Kubernetes集群中去. 1.下载coredns镜像 [root@mfyxw50 ...

  9. ansible playbook部署ELK集群系统

    一.介绍 总共4台机器,分别为 192.168.1.99 192.168.1.100 192.168.1.210 192.168.1.211 服务所在机器为: redis:192.168.1.211 ...

随机推荐

  1. ACM中值得注意/利用的C++语法特性

    C++ 的易踩坑点 随时补充 STL不能边循环边erase() //自己写的求交集RE了 for (set <int> ::iterator it = s.begin(); it != s ...

  2. linux基础_使用指令2

    1.cat指令 功能:查看文件内容,是以只读的方式打开. 语法:cat [] 要查看的文件 选项: -n:显示行号 末尾加 | more:分页 使用细节: cat只能浏览文件,而不能修改文件,为了浏览 ...

  3. python一些方便excel行操作的函数(一)

    import collections class headhandler(): def __init__(self,mylist): self.mystorage={} self.mylist = m ...

  4. [Spring Boot] Set Context path for application in application.properties

    If you were using Microservice with Spring Boot to build different REST API endpoints, context path ...

  5. 上下文管理器和else块

    一.if 语句之外的 else块 else 子句不仅能在 if 语句中使用,还能在for.while和try语句中使用. (1)for :仅当 for 循环运行完毕时(即 for 循环没有被break ...

  6. 小米oj 判断是否为连乘数字串

     判断是否为连乘数字串 序号:#32难度:非常难时间限制:1000ms内存限制:10M 描述 给出一个字符串S,判断S是否为连乘字符串. 连乘字符串定义为: 字符串拆分成若干数字,后面的数字(从第三个 ...

  7. [Luogu] 聪明的质监员

    https://www.luogu.org/problemnew/show/P1314 满足单调性 所以,二分W,进行检验 #include <iostream> #include < ...

  8. ACM省赛及蓝桥总结,且随疾风前行,身后亦须留心

    今年算是开始正式打比赛了,真正打起比赛来感觉的确是和平时训练不太一样,最重要的还是在心态和信心上. ACM省赛是拿下个银牌,昭哥上来就把K题金牌题给当签到题给签掉了,可惜我们没有利用好这一题.感觉第一 ...

  9. CSP-S 模拟测试 51 题解

    考试过程: 惯例先看一遍三道题,T1 一开始反应要求割点,但是这是有向图,肯定不能求割点,康了一下数据范围,有40%是树的,还不错,决定待会在打. 看T2 字符串题,完了我字符串最弱了,肯定只能打暴力 ...

  10. 【线性代数】4-2:投影(Porjections)

    title: [线性代数]4-2:投影(Porjections) categories: Mathematic Linear Algebra keywords: Projections Project ...