playbook部署coredns 说明test1是主控节点,目的是给test4 node节点安装coredns, 1、coredns-1.2.2.tar.gz安装包放到主控节点/server/software/k8s/目录下,由playbook中的docker导入镜像 2、准备hosts文件 cat >/k8s/profile/hosts <<EOF [k8s] 192.168.0.91 192.168.0.92 192.168.0.93 [test0] 192.168.0.92 192.168.0.93 [test1] 192.168.0.91 [test2] 192.168.0.92 [test3] 192.168.0.93 [test4] 192.168.0.94 EOF 3、准备playbook文件 cat >/k8s/profile/deploy_coredns.yaml <<EOF - hosts: test4 remote_user: root become: yes become_method: sudo vars: cluster_dns_svc_ip: 10.254.0.2 iface: ens33 tasks: - name: copy coredns config file template: src=/k8s/profile/coredns.yaml.j2 dest=/k8s/profile/coredns.yaml - name: mkdir directory for coredns package file: dest=/server/software/k8s/ state=directory mode=0755 - name: copy coredns-1.2.2.tar copy: src=/server/software/k8s/coredns-1.2.2.tar.gz dest=/server/software/k8s/ - name: load coredns-1.2.2.tar.gz to docker shell: docker load < /server/software/k8s/coredns-1.2.2.tar.gz - name: install_coredns command: kubectl apply -f /k8s/profile/coredns.yaml EOF 4、准备coredns模板文件 cat >/k8s/profile/coredns.yaml.j2 <<EOF apiVersion: v1 kind: ServiceAccount metadata: name: coredns namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: labels: kubernetes.io/bootstrapping: rbac-defaults name: system:coredns rules: - apiGroups: - "" resources: - endpoints - services - pods - namespaces verbs: - list - watch --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" labels: kubernetes.io/bootstrapping: rbac-defaults name: system:coredns roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:coredns subjects: - kind: ServiceAccount name: coredns namespace: kube-system --- apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system data: Corefile: | .:53 { errors health kubernetes cluster.local. in-addr.arpa ip6.arpa { pods insecure upstream fallthrough in-addr.arpa ip6.arpa } prometheus :9153 proxy . /etc/resolv.conf cache 30 reload loadbalance } --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: coredns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/name: "CoreDNS" spec: replicas: 2 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 selector: matchLabels: k8s-app: kube-dns template: metadata: labels: k8s-app: kube-dns spec: serviceAccountName: coredns tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - key: "CriticalAddonsOnly" operator: "Exists" containers: - name: coredns image: coredns/coredns:1.2.0 imagePullPolicy: IfNotPresent resources: limits: memory: 170Mi requests: cpu: 100m memory: 70Mi args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: - name: config-volume mountPath: /etc/coredns readOnly: true ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP - containerPort: 9153 name: metrics protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_BIND_SERVICE drop: - all readOnlyRootFilesystem: true livenessProbe: httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 dnsPolicy: Default volumes: - name: config-volume configMap: name: coredns items: - key: Corefile path: Corefile --- apiVersion: v1 kind: Service metadata: name: kube-dns namespace: kube-system annotations: prometheus.io/port: "9153" prometheus.io/scrape: "true" labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS" spec: selector: k8s-app: kube-dns clusterIP: cluster_dns_svc_ip ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53 protocol: TCP EOF 5、开始部署 [root@test1 profile]# ansible-playbook /k8s/profile/deploy_coredns.yaml