playbook部署coredns

说明test1是主控节点,目的是给test4 node节点安装coredns,

1、coredns-1.2.2.tar.gz安装包放到主控节点/server/software/k8s/目录下,由playbook中的docker导入镜像

2、准备hosts文件

cat >/k8s/profile/hosts <<EOF

[k8s]

192.168.0.91

192.168.0.92

192.168.0.93

[test0]

192.168.0.92

192.168.0.93

[test1]

192.168.0.91

[test2]

192.168.0.92

[test3]

192.168.0.93

[test4]

192.168.0.94

EOF

3、准备playbook文件

cat >/k8s/profile/deploy_coredns.yaml <<EOF

- hosts: test4

  remote_user: root

  become: yes

  become_method: sudo

  vars:

    cluster_dns_svc_ip: 10.254.0.2

    iface: ens33

  tasks:

    - name: copy coredns config file

      template: src=/k8s/profile/coredns.yaml.j2 dest=/k8s/profile/coredns.yaml

    - name: mkdir directory for coredns package

      file: dest=/server/software/k8s/ state=directory mode=0755

    - name: copy coredns-1.2.2.tar

      copy: src=/server/software/k8s/coredns-1.2.2.tar.gz dest=/server/software/k8s/

    - name: load coredns-1.2.2.tar.gz to docker

      shell: docker load < /server/software/k8s/coredns-1.2.2.tar.gz

    - name: install_coredns

      command: kubectl apply -f /k8s/profile/coredns.yaml

EOF

4、准备coredns模板文件

cat >/k8s/profile/coredns.yaml.j2 <<EOF

apiVersion: v1

kind: ServiceAccount

metadata:

  name: coredns

  namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRole

metadata:

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: system:coredns

rules:

- apiGroups:

  - ""

  resources:

  - endpoints

  - services

  - pods

  - namespaces

  verbs:

  - list

  - watch

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: system:coredns

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: system:coredns

subjects:

- kind: ServiceAccount

  name: coredns

  namespace: kube-system

---

apiVersion: v1

kind: ConfigMap

metadata:

  name: coredns

  namespace: kube-system

data:

  Corefile: |

    .:53 {

        errors

        health

        kubernetes cluster.local. in-addr.arpa ip6.arpa {

          pods insecure

          upstream

          fallthrough in-addr.arpa ip6.arpa

        }

        prometheus :9153

        proxy . /etc/resolv.conf

        cache 30

        reload

        loadbalance

    }

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: coredns

  namespace: kube-system

  labels:

    k8s-app: kube-dns

    kubernetes.io/name: "CoreDNS"

spec:

  replicas: 2

  strategy:

    type: RollingUpdate

    rollingUpdate:

      maxUnavailable: 1

  selector:

    matchLabels:

      k8s-app: kube-dns

  template:

    metadata:

      labels:

        k8s-app: kube-dns

    spec:

      serviceAccountName: coredns

      tolerations:

        - key: node-role.kubernetes.io/master

          effect: NoSchedule

        - key: "CriticalAddonsOnly"

          operator: "Exists"

      containers:

      - name: coredns

        image: coredns/coredns:1.2.0

        imagePullPolicy: IfNotPresent

        resources:

          limits:

            memory: 170Mi

          requests:

            cpu: 100m

            memory: 70Mi

        args: [ "-conf", "/etc/coredns/Corefile" ]

        volumeMounts:

        - name: config-volume

          mountPath: /etc/coredns

          readOnly: true

        ports:

        - containerPort: 53

          name: dns

          protocol: UDP

        - containerPort: 53

          name: dns-tcp

          protocol: TCP

        - containerPort: 9153

          name: metrics

          protocol: TCP

        securityContext:

          allowPrivilegeEscalation: false

          capabilities:

            add:

            - NET_BIND_SERVICE

            drop:

            - all

          readOnlyRootFilesystem: true

        livenessProbe:

          httpGet:

            path: /health

            port: 8080

            scheme: HTTP

          initialDelaySeconds: 60

          timeoutSeconds: 5

          successThreshold: 1

          failureThreshold: 5

      dnsPolicy: Default

      volumes:

        - name: config-volume

          configMap:

            name: coredns

            items:

            - key: Corefile

              path: Corefile

---

apiVersion: v1

kind: Service

metadata:

  name: kube-dns

  namespace: kube-system

  annotations:

    prometheus.io/port: ""

    prometheus.io/scrape: "true"

  labels:

    k8s-app: kube-dns

    kubernetes.io/cluster-service: "true"

    kubernetes.io/name: "CoreDNS"

spec:

  selector:

    k8s-app: kube-dns

  clusterIP: {{ cluster_dns_svc_ip }}

  ports:

  - name: dns

    port: 53

    protocol: UDP

  - name: dns-tcp

    port: 53

    protocol: TCP

EOF

5、开始部署

[root@test1 profile]# ansible-playbook /k8s/profile/deploy_coredns.yaml

playbook部署coredns的更多相关文章

  1. 部署coredns

      1 前提:     1.1不依赖kubeadm的方式,适用于不是使用kubeadm创建的k8s集群,或者kubeadm初始化集群之后,删除了dns相关部署.      1.2 DNS IP :10 ...

  2. 10、二进制安装K8s之部署CoreDNS 和Dashboard

    二进制安装K8s之部署CoreDNS 和Dashboard CoreDNS 和Dashboard 的yaml文件在 k8s源代码压缩包里面可以找到对应的配置文件,很多人从网上直接下载使用别人的,会导致 ...

  3. suse 12 二进制部署 Kubernetets 1.19.7 - 第11章 - 部署coredns组件

    文章目录 1.11.0.部署coredns 1.11.1.测试coredns功能 suse 12 二进制部署 Kubernetes 集群系列合集: suse 12 二进制部署 Kubernetets ...

  4. playbook部署flanneld

    定义playbook的主机组 说明: 1.playbook的主机组和ansible的主机组不一样, 2.playbook的主机组文件必须要和playbook文件在同一个目录下否则会报如下错误: [ro ...

  5. 通过PlayBook部署Zabbix

    编写Linux初始化剧本 初始化剧本环节,主要用户实现关闭Selinux关闭防火墙,一起配置一下阿里云的YUM源地址,和安装EPEL源,为后期的zabbix安装做好铺垫工作. 1.在安装Zabbix之 ...

  6. 通过Playbook部署LAMP

    Ansible的PlayBook文件格式为YAML语言,所以希望你在编写PlayBook前对YAML语法有一定的了解,否则在运行PlayBook的时候经常碰到语法错误提示,这里我们通过介绍批量部署LA ...

  7. playbook部署nginx

    定义playbook的主机组 说明: 1.playbook的主机组和ansible的主机组不一样, 2.playbook的主机组文件必须要和playbook文件在同一个目录下否则会报如下错误: [ro ...

  8. Kubernets二进制安装(15)之安装部署coredns

    在运维主机上(mfyxw50.mfyxw.com)准备Coredns镜像文件,以docker镜像文件的方式部署到Kubernetes集群中去. 1.下载coredns镜像 [root@mfyxw50 ...

  9. ansible playbook部署ELK集群系统

    一.介绍 总共4台机器,分别为 192.168.1.99 192.168.1.100 192.168.1.210 192.168.1.211 服务所在机器为: redis:192.168.1.211 ...

随机推荐

  1. mysql中的分区

    第18章:分区 目录 18.1. MySQL中的分区概述 18.2. 分区类型 18.2.1. RANGE分区 18.2.2. LIST分区 18.2.3. HASH分区 18.2.4. KEY分区 ...

  2. UVa1048 Low Cost Air Travel——最短路

    很好的一道题呀 思路 状态\(d(i,j)\)表示已经经过了行程单中的\(i\)个城市,目前在城市\(j\)的最小代价,直接建边跑最短路就行了 比如机票为\(ACBD\),行程单为\(CD\),那么对 ...

  3. hdfs基本使用

    基本命令 /usr/local/hadoop/bin/hadoop fs -ls / /usr/local/hadoop/bin/hadoop fs -mkdir /test # 创建目录 /usr/ ...

  4. Java数据库小项目02--管家婆项目

    目录 项目要求 开发环境搭建 工具类JDBCUtils 创建管家婆数据表 项目分层 MainApp层 MainView层 ZhangWuController层 ZhangWuService层 Zhan ...

  5. Huffman树、霍夫曼编码

    Huffman树指的是带权路径长度WPL最小的二叉树 WPL=路径*权值 Huffman常用于压缩编码,正常传输ABCDEF这些字母需要3位二进制树来描述,但由于一篇文章中ABCDEF这些字母出现的概 ...

  6. 016_linuxC++之_多重继承

    (一)代码 #include <iostream> #include <string.h> #include <unistd.h> using namespace ...

  7. LinkedBlockingQueue 实现 生产者 消费者

    转载:https://blog.csdn.net/sinat_36553913/article/details/79533606 Java中使用LinkedBlockingQueue实现生产者,消费者 ...

  8. [Sdwc] 线段

    线段有如下两类特点:1 x y, 表示第 x 条线段和第 y 条线段相交 (相交在这里指至少有一个公共点)2 x y,表示第 x 条线段在第 y 条线段的左边,且它们不相交.共有 m 个特点,每个特点 ...

  9. mysql 1045 - Access denied for user 'root'@'*.*.*.*' (using password YES)

    远程无法连接mysql 解决方法: 1.在服务器登录数据 mysql -uroot -hlocalhost -P3306 -p Enter password: Welcome to the MySQL ...

  10. Go语言编程中字符串切割方法小结

    1.func Fields(s string) []string,这个函数的作用是按照1:n个空格来分割字符串最后返回的是[]string的切片 复制代码代码如下: import ( "fm ...