playbook部署coredns

说明test1是主控节点,目的是给test4 node节点安装coredns,

1、coredns-1.2.2.tar.gz安装包放到主控节点/server/software/k8s/目录下,由playbook中的docker导入镜像

2、准备hosts文件

cat >/k8s/profile/hosts <<EOF

[k8s]

192.168.0.91

192.168.0.92

192.168.0.93

[test0]

192.168.0.92

192.168.0.93

[test1]

192.168.0.91

[test2]

192.168.0.92

[test3]

192.168.0.93

[test4]

192.168.0.94

EOF

3、准备playbook文件

cat >/k8s/profile/deploy_coredns.yaml <<EOF

- hosts: test4

  remote_user: root

  become: yes

  become_method: sudo

  vars:

    cluster_dns_svc_ip: 10.254.0.2

    iface: ens33

  tasks:

    - name: copy coredns config file

      template: src=/k8s/profile/coredns.yaml.j2 dest=/k8s/profile/coredns.yaml

    - name: mkdir directory for coredns package

      file: dest=/server/software/k8s/ state=directory mode=0755

    - name: copy coredns-1.2.2.tar

      copy: src=/server/software/k8s/coredns-1.2.2.tar.gz dest=/server/software/k8s/

    - name: load coredns-1.2.2.tar.gz to docker

      shell: docker load < /server/software/k8s/coredns-1.2.2.tar.gz

    - name: install_coredns

      command: kubectl apply -f /k8s/profile/coredns.yaml

EOF

4、准备coredns模板文件

cat >/k8s/profile/coredns.yaml.j2 <<EOF

apiVersion: v1

kind: ServiceAccount

metadata:

  name: coredns

  namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRole

metadata:

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: system:coredns

rules:

- apiGroups:

  - ""

  resources:

  - endpoints

  - services

  - pods

  - namespaces

  verbs:

  - list

  - watch

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: system:coredns

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: system:coredns

subjects:

- kind: ServiceAccount

  name: coredns

  namespace: kube-system

---

apiVersion: v1

kind: ConfigMap

metadata:

  name: coredns

  namespace: kube-system

data:

  Corefile: |

    .:53 {

        errors

        health

        kubernetes cluster.local. in-addr.arpa ip6.arpa {

          pods insecure

          upstream

          fallthrough in-addr.arpa ip6.arpa

        }

        prometheus :9153

        proxy . /etc/resolv.conf

        cache 30

        reload

        loadbalance

    }

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: coredns

  namespace: kube-system

  labels:

    k8s-app: kube-dns

    kubernetes.io/name: "CoreDNS"

spec:

  replicas: 2

  strategy:

    type: RollingUpdate

    rollingUpdate:

      maxUnavailable: 1

  selector:

    matchLabels:

      k8s-app: kube-dns

  template:

    metadata:

      labels:

        k8s-app: kube-dns

    spec:

      serviceAccountName: coredns

      tolerations:

        - key: node-role.kubernetes.io/master

          effect: NoSchedule

        - key: "CriticalAddonsOnly"

          operator: "Exists"

      containers:

      - name: coredns

        image: coredns/coredns:1.2.0

        imagePullPolicy: IfNotPresent

        resources:

          limits:

            memory: 170Mi

          requests:

            cpu: 100m

            memory: 70Mi

        args: [ "-conf", "/etc/coredns/Corefile" ]

        volumeMounts:

        - name: config-volume

          mountPath: /etc/coredns

          readOnly: true

        ports:

        - containerPort: 53

          name: dns

          protocol: UDP

        - containerPort: 53

          name: dns-tcp

          protocol: TCP

        - containerPort: 9153

          name: metrics

          protocol: TCP

        securityContext:

          allowPrivilegeEscalation: false

          capabilities:

            add:

            - NET_BIND_SERVICE

            drop:

            - all

          readOnlyRootFilesystem: true

        livenessProbe:

          httpGet:

            path: /health

            port: 8080

            scheme: HTTP

          initialDelaySeconds: 60

          timeoutSeconds: 5

          successThreshold: 1

          failureThreshold: 5

      dnsPolicy: Default

      volumes:

        - name: config-volume

          configMap:

            name: coredns

            items:

            - key: Corefile

              path: Corefile

---

apiVersion: v1

kind: Service

metadata:

  name: kube-dns

  namespace: kube-system

  annotations:

    prometheus.io/port: ""

    prometheus.io/scrape: "true"

  labels:

    k8s-app: kube-dns

    kubernetes.io/cluster-service: "true"

    kubernetes.io/name: "CoreDNS"

spec:

  selector:

    k8s-app: kube-dns

  clusterIP: {{ cluster_dns_svc_ip }}

  ports:

  - name: dns

    port: 53

    protocol: UDP

  - name: dns-tcp

    port: 53

    protocol: TCP

EOF

5、开始部署

[root@test1 profile]# ansible-playbook /k8s/profile/deploy_coredns.yaml

playbook部署coredns的更多相关文章

  1. 部署coredns

      1 前提:     1.1不依赖kubeadm的方式,适用于不是使用kubeadm创建的k8s集群,或者kubeadm初始化集群之后,删除了dns相关部署.      1.2 DNS IP :10 ...

  2. 10、二进制安装K8s之部署CoreDNS 和Dashboard

    二进制安装K8s之部署CoreDNS 和Dashboard CoreDNS 和Dashboard 的yaml文件在 k8s源代码压缩包里面可以找到对应的配置文件,很多人从网上直接下载使用别人的,会导致 ...

  3. suse 12 二进制部署 Kubernetets 1.19.7 - 第11章 - 部署coredns组件

    文章目录 1.11.0.部署coredns 1.11.1.测试coredns功能 suse 12 二进制部署 Kubernetes 集群系列合集: suse 12 二进制部署 Kubernetets ...

  4. playbook部署flanneld

    定义playbook的主机组 说明: 1.playbook的主机组和ansible的主机组不一样, 2.playbook的主机组文件必须要和playbook文件在同一个目录下否则会报如下错误: [ro ...

  5. 通过PlayBook部署Zabbix

    编写Linux初始化剧本 初始化剧本环节,主要用户实现关闭Selinux关闭防火墙,一起配置一下阿里云的YUM源地址,和安装EPEL源,为后期的zabbix安装做好铺垫工作. 1.在安装Zabbix之 ...

  6. 通过Playbook部署LAMP

    Ansible的PlayBook文件格式为YAML语言,所以希望你在编写PlayBook前对YAML语法有一定的了解,否则在运行PlayBook的时候经常碰到语法错误提示,这里我们通过介绍批量部署LA ...

  7. playbook部署nginx

    定义playbook的主机组 说明: 1.playbook的主机组和ansible的主机组不一样, 2.playbook的主机组文件必须要和playbook文件在同一个目录下否则会报如下错误: [ro ...

  8. Kubernets二进制安装(15)之安装部署coredns

    在运维主机上(mfyxw50.mfyxw.com)准备Coredns镜像文件,以docker镜像文件的方式部署到Kubernetes集群中去. 1.下载coredns镜像 [root@mfyxw50 ...

  9. ansible playbook部署ELK集群系统

    一.介绍 总共4台机器,分别为 192.168.1.99 192.168.1.100 192.168.1.210 192.168.1.211 服务所在机器为: redis:192.168.1.211 ...

随机推荐

  1. CodeForces - 1221E Game With String 分类讨论

    首先分析A能获胜的情况 A能获胜 当且仅当A拿完后所有剩下的都<b 所以一旦存在一个大小为X的 且 b<=X<a 则必是后手赢 当X为 a<=x<2*b 的时候 无论A或 ...

  2. Java&Selenium自动化测试之数据驱动

    一.摘要 本片博文以四个方式展示自动化测试的数据驱动,数组.CSV.Excel.Mysql 二.TestNG&Csv&Driven package testNGWithDataDriv ...

  3. 简单的jquery进度条插件LineProgressbar.js,myProgress.js

    参考   http://www.lanrenzhijia.com/jquery/4121.html demo下载 <script src="js/jquery.lineProgress ...

  4. no suitable method found to override

    no suitable method found to override http://bbs.csdn.net/topics/200001058 

  5. BZOJ 1195: [HNOI2006]最短母串 AC自动机+状压+搜索

    思路比较直接. 由于 $n$ 很小,直接定义 $f[i][j]$ 表示当前在自动机中的节点 $i,$ 被覆盖串的集合为 $j$ 的方案数. #include <bits/stdc++.h> ...

  6. SVN - Subversion

    Subversion yum install -y subversion 或者 subversion Edge 下载: # wget https://downloads-guests.open.col ...

  7. INLINE HOOK过简单驱动保护的理论知识和大概思路

    这里的简单驱动保护就是简单的HOOK掉内核API的现象 找到被HOOK的函数的当前地址在此地址处先修改页面保护属性然后写入5个字节.5个字节就是一个简单的JMP指令.这里说一下JMP指令,如下: 00 ...

  8. Noip 模拟题 T2 数字对

    2.数字对 [题目描述] 小H是个善于思考的学生,现在她又在思考一个有关序列的问题. 她的面前浮现出一个长度为n的序列{ai},她想找出一段区间[L, R](1 <= L <= R < ...

  9. 从斐波那契数列看java方法的调用过程

    先看斐波那契数列的定义: 斐波那契数列(Fibonacci sequence),又称黄金分割数列.因数学家列昂纳多·斐波那契(Leonardoda Fibonacci)以兔子繁殖为例子而引入,故又称为 ...

  10. Unicode 和utf-8的转换以及深拷贝和浅拷贝的区别

    必须掌握的点 一. (内存)Unicode二进制字符>>>>>>编码(encode)>>>>>>(硬盘)utf-8二进制字符 ( ...