playbook部署coredns

playbook部署coredns

说明test1是主控节点,目的是给test4 node节点安装coredns,

1、coredns-1.2.2.tar.gz安装包放到主控节点/server/software/k8s/目录下,由playbook中的docker导入镜像

2、准备hosts文件

cat >/k8s/profile/hosts <<EOF
[k8s]
192.168.0.91
192.168.0.92
192.168.0.93

[test0]
192.168.0.92
192.168.0.93


[test1]
192.168.0.91

[test2]
192.168.0.92

[test3]
192.168.0.93

[test4]
192.168.0.94
EOF


3、准备playbook文件

cat >/k8s/profile/deploy_coredns.yaml <<EOF
- hosts: test4
  remote_user: root
  become: yes
  become_method: sudo
  vars:
    cluster_dns_svc_ip: 10.254.0.2
    iface: ens33
  tasks:
    - name: copy coredns config file
      template: src=/k8s/profile/coredns.yaml.j2 dest=/k8s/profile/coredns.yaml
    - name: mkdir directory for coredns package
      file: dest=/server/software/k8s/ state=directory mode=0755
    - name: copy coredns-1.2.2.tar
      copy: src=/server/software/k8s/coredns-1.2.2.tar.gz dest=/server/software/k8s/
    - name: load coredns-1.2.2.tar.gz to docker
      shell: docker load < /server/software/k8s/coredns-1.2.2.tar.gz
    - name: install_coredns
      command: kubectl apply -f /k8s/profile/coredns.yaml
EOF


4、准备coredns模板文件


cat >/k8s/profile/coredns.yaml.j2 <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: coredns
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: system:coredns
rules:
- apiGroups:
  - ""
  resources:
  - endpoints
  - services
  - pods
  - namespaces
  verbs:
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: system:coredns
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:coredns
subjects:
- kind: ServiceAccount
  name: coredns
  namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        errors
        health
        kubernetes cluster.local. in-addr.arpa ip6.arpa {
          pods insecure
          upstream
          fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        proxy . /etc/resolv.conf
        cache 30
        reload
        loadbalance
    }
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: coredns
  namespace: kube-system
  labels:
    k8s-app: kube-dns
    kubernetes.io/name: "CoreDNS"
spec:
  replicas: 2
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
  selector:
    matchLabels:
      k8s-app: kube-dns
  template:
    metadata:
      labels:
        k8s-app: kube-dns
    spec:
      serviceAccountName: coredns
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
        - key: "CriticalAddonsOnly"
          operator: "Exists"
      containers:
      - name: coredns
        image: coredns/coredns:1.2.0
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            memory: 170Mi
          requests:
            cpu: 100m
            memory: 70Mi
        args: [ "-conf", "/etc/coredns/Corefile" ]
        volumeMounts:
        - name: config-volume
          mountPath: /etc/coredns
          readOnly: true
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        - containerPort: 9153
          name: metrics
          protocol: TCP
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            add:
            - NET_BIND_SERVICE
            drop:
            - all
          readOnlyRootFilesystem: true
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
      dnsPolicy: Default
      volumes:
        - name: config-volume
          configMap:
            name: coredns
            items:
            - key: Corefile
              path: Corefile
---
apiVersion: v1
kind: Service
metadata:
  name: kube-dns
  namespace: kube-system
  annotations:
    prometheus.io/port: "9153"
    prometheus.io/scrape: "true"
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "CoreDNS"
spec:
  selector:
    k8s-app: kube-dns
  clusterIP: cluster_dns_svc_ip
  ports:
  - name: dns
    port: 53
    protocol: UDP
  - name: dns-tcp
    port: 53
    protocol: TCP
EOF


5、开始部署

[root@test1 profile]# ansible-playbook /k8s/profile/deploy_coredns.yaml 

 

上一篇:kube-dns和coreDNS的使用


下一篇:【转】浅谈React、Flux 与 Redux