playbook部署coredns

说明test1是主控节点,目的是给test4 node节点安装coredns,

1、coredns-1.2.2.tar.gz安装包放到主控节点/server/software/k8s/目录下,由playbook中的docker导入镜像

2、准备hosts文件

cat >/k8s/profile/hosts <<EOF

[k8s]

192.168.0.91

192.168.0.92

192.168.0.93

[test0]

192.168.0.92

192.168.0.93

[test1]

192.168.0.91

[test2]

192.168.0.92

[test3]

192.168.0.93

[test4]

192.168.0.94

EOF

3、准备playbook文件

cat >/k8s/profile/deploy_coredns.yaml <<EOF

- hosts: test4

  remote_user: root

  become: yes

  become_method: sudo

  vars:

    cluster_dns_svc_ip: 10.254.0.2

    iface: ens33

  tasks:

    - name: copy coredns config file

      template: src=/k8s/profile/coredns.yaml.j2 dest=/k8s/profile/coredns.yaml

    - name: mkdir directory for coredns package

      file: dest=/server/software/k8s/ state=directory mode=0755

    - name: copy coredns-1.2.2.tar

      copy: src=/server/software/k8s/coredns-1.2.2.tar.gz dest=/server/software/k8s/

    - name: load coredns-1.2.2.tar.gz to docker

      shell: docker load < /server/software/k8s/coredns-1.2.2.tar.gz

    - name: install_coredns

      command: kubectl apply -f /k8s/profile/coredns.yaml

EOF

4、准备coredns模板文件

cat >/k8s/profile/coredns.yaml.j2 <<EOF

apiVersion: v1

kind: ServiceAccount

metadata:

  name: coredns

  namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRole

metadata:

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: system:coredns

rules:

- apiGroups:

  - ""

  resources:

  - endpoints

  - services

  - pods

  - namespaces

  verbs:

  - list

  - watch

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: system:coredns

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: system:coredns

subjects:

- kind: ServiceAccount

  name: coredns

  namespace: kube-system

---

apiVersion: v1

kind: ConfigMap

metadata:

  name: coredns

  namespace: kube-system

data:

  Corefile: |

    .:53 {

        errors

        health

        kubernetes cluster.local. in-addr.arpa ip6.arpa {

          pods insecure

          upstream

          fallthrough in-addr.arpa ip6.arpa

        }

        prometheus :9153

        proxy . /etc/resolv.conf

        cache 30

        reload

        loadbalance

    }

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: coredns

  namespace: kube-system

  labels:

    k8s-app: kube-dns

    kubernetes.io/name: "CoreDNS"

spec:

  replicas: 2

  strategy:

    type: RollingUpdate

    rollingUpdate:

      maxUnavailable: 1

  selector:

    matchLabels:

      k8s-app: kube-dns

  template:

    metadata:

      labels:

        k8s-app: kube-dns

    spec:

      serviceAccountName: coredns

      tolerations:

        - key: node-role.kubernetes.io/master

          effect: NoSchedule

        - key: "CriticalAddonsOnly"

          operator: "Exists"

      containers:

      - name: coredns

        image: coredns/coredns:1.2.0

        imagePullPolicy: IfNotPresent

        resources:

          limits:

            memory: 170Mi

          requests:

            cpu: 100m

            memory: 70Mi

        args: [ "-conf", "/etc/coredns/Corefile" ]

        volumeMounts:

        - name: config-volume

          mountPath: /etc/coredns

          readOnly: true

        ports:

        - containerPort: 53

          name: dns

          protocol: UDP

        - containerPort: 53

          name: dns-tcp

          protocol: TCP

        - containerPort: 9153

          name: metrics

          protocol: TCP

        securityContext:

          allowPrivilegeEscalation: false

          capabilities:

            add:

            - NET_BIND_SERVICE

            drop:

            - all

          readOnlyRootFilesystem: true

        livenessProbe:

          httpGet:

            path: /health

            port: 8080

            scheme: HTTP

          initialDelaySeconds: 60

          timeoutSeconds: 5

          successThreshold: 1

          failureThreshold: 5

      dnsPolicy: Default

      volumes:

        - name: config-volume

          configMap:

            name: coredns

            items:

            - key: Corefile

              path: Corefile

---

apiVersion: v1

kind: Service

metadata:

  name: kube-dns

  namespace: kube-system

  annotations:

    prometheus.io/port: ""

    prometheus.io/scrape: "true"

  labels:

    k8s-app: kube-dns

    kubernetes.io/cluster-service: "true"

    kubernetes.io/name: "CoreDNS"

spec:

  selector:

    k8s-app: kube-dns

  clusterIP: {{ cluster_dns_svc_ip }}

  ports:

  - name: dns

    port: 53

    protocol: UDP

  - name: dns-tcp

    port: 53

    protocol: TCP

EOF

5、开始部署

[root@test1 profile]# ansible-playbook /k8s/profile/deploy_coredns.yaml

playbook部署coredns的更多相关文章

  1. 部署coredns

      1 前提:     1.1不依赖kubeadm的方式,适用于不是使用kubeadm创建的k8s集群,或者kubeadm初始化集群之后,删除了dns相关部署.      1.2 DNS IP :10 ...

  2. 10、二进制安装K8s之部署CoreDNS 和Dashboard

    二进制安装K8s之部署CoreDNS 和Dashboard CoreDNS 和Dashboard 的yaml文件在 k8s源代码压缩包里面可以找到对应的配置文件,很多人从网上直接下载使用别人的,会导致 ...

  3. suse 12 二进制部署 Kubernetets 1.19.7 - 第11章 - 部署coredns组件

    文章目录 1.11.0.部署coredns 1.11.1.测试coredns功能 suse 12 二进制部署 Kubernetes 集群系列合集: suse 12 二进制部署 Kubernetets ...

  4. playbook部署flanneld

    定义playbook的主机组 说明: 1.playbook的主机组和ansible的主机组不一样, 2.playbook的主机组文件必须要和playbook文件在同一个目录下否则会报如下错误: [ro ...

  5. 通过PlayBook部署Zabbix

    编写Linux初始化剧本 初始化剧本环节,主要用户实现关闭Selinux关闭防火墙,一起配置一下阿里云的YUM源地址,和安装EPEL源,为后期的zabbix安装做好铺垫工作. 1.在安装Zabbix之 ...

  6. 通过Playbook部署LAMP

    Ansible的PlayBook文件格式为YAML语言,所以希望你在编写PlayBook前对YAML语法有一定的了解,否则在运行PlayBook的时候经常碰到语法错误提示,这里我们通过介绍批量部署LA ...

  7. playbook部署nginx

    定义playbook的主机组 说明: 1.playbook的主机组和ansible的主机组不一样, 2.playbook的主机组文件必须要和playbook文件在同一个目录下否则会报如下错误: [ro ...

  8. Kubernets二进制安装(15)之安装部署coredns

    在运维主机上(mfyxw50.mfyxw.com)准备Coredns镜像文件,以docker镜像文件的方式部署到Kubernetes集群中去. 1.下载coredns镜像 [root@mfyxw50 ...

  9. ansible playbook部署ELK集群系统

    一.介绍 总共4台机器,分别为 192.168.1.99 192.168.1.100 192.168.1.210 192.168.1.211 服务所在机器为: redis:192.168.1.211 ...

随机推荐

  1. 海康威视面试-java应用开发

    一面:技术面 (1)对着简历问本科学过的java相关课程,都学了哪些东西.很懵逼,很早之前学的东西,我都记不清楚了 (2)网络编程相关知识,我也不太懂,就回答了网络协议这块的知识 (3)线程相关,线程 ...

  2. HashMap源码分析一

           HashMap在java编程中,算使用频率top10中的类了.这里是关于HashMap的源码的分析.一个类的源码分析,要看他的来龙去脉,他的历史迭代.一来从以前的版本开始分析,由易到难: ...

  3. TODO redis学习笔记

    redis官网教程地址:http://try.redis.io/ redis脚本和命令部分来自:https://www.runoob.com/redis/redis-security.html red ...

  4. django + ckeditor + 七牛云,图片上传到七牛云

    传送门 本人使用的是 Django 的自带的管理后台,安装 ckeditor 富文本编辑器后,上传图片的时候直接传到七牛云的.

  5. numba初体验

    numba初体验 今天在知乎上发现了一个很神奇的包numba,可以用jit的方式大幅提高计算型python代码的效率,一起来看一下 安装 numba的安装方式很简单,使用pip或者anacoda都可以 ...

  6. [Debug] Debugger Statements

    For example you have the following code; function reverse(str) { let reversed = ""; for (l ...

  7. 原生JS实现拖动滑块验证登录效果

    ♀分享一组利用原生JS实现拖动滑块验证效果 ♀在这个组代码中涉及三个方面的知识: ⑴事件处理 ⑵添加验证标记 ⑶选择器的封装   代码如下: <!DOCTYPE html> <htm ...

  8. 一个参数既可以是const还可以是volatile

    可以的,例如只读的状态寄存器.它是volatile因为它可能被意想不到地改变.它是const因为程序不应该试图去修改它. 一个定义为volatile的变量是说这变量可能会被意想不到地改变,这样,编译器 ...

  9. hdu6568 Math (概率dp)

    题目链接: http://acm.hdu.edu.cn/showproblem.php?pid=6568 题意: 在$0$到$L$的坐标轴运输货物,在每个整数点可能丢失货物,丢失概率为$p$,丢失后可 ...

  10. scarpy crawl 爬取微信小程序文章(将数据通过异步的方式保存的数据库中)

    import scrapy from scrapy.linkextractors import LinkExtractor from scrapy.spiders import CrawlSpider ...