From 1e5cc4bbf8f01ffb57955fda119204927e56d9f4 Mon Sep 17 00:00:00 2001 From: gjmzj Date: Wed, 4 Jul 2018 23:30:04 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9.gitignore=E5=BF=BD=E7=95=A5m?= =?UTF-8?q?anifests=E7=9B=AE=E5=BD=95=E7=9A=84kubedns=E5=92=8Ccoredns?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 2 + manifests/coredns/coredns.yaml | 177 ----------------------------- manifests/coredns/readme.md | 6 + manifests/kubedns/kubedns.yaml | 198 --------------------------------- manifests/kubedns/readme.md | 6 +- 5 files changed, 11 insertions(+), 378 deletions(-) delete mode 100644 manifests/coredns/coredns.yaml create mode 100644 manifests/coredns/readme.md delete mode 100644 manifests/kubedns/kubedns.yaml diff --git a/.gitignore b/.gitignore index 19c3ed2..909a20f 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,8 @@ down/* !down/download.sh !down/offline_images bin/* +manifests/kubedns/kubedns.yaml +manifests/coredns/coredns.yaml hosts *.crt *.pem diff --git a/manifests/coredns/coredns.yaml b/manifests/coredns/coredns.yaml deleted file mode 100644 index 5d7a808..0000000 --- a/manifests/coredns/coredns.yaml +++ /dev/null @@ -1,177 +0,0 @@ -# __MACHINE_GENERATED_WARNING__ - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: coredns - namespace: kube-system - labels: - kubernetes.io/cluster-service: "true" - addonmanager.kubernetes.io/mode: Reconcile ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - kubernetes.io/bootstrapping: rbac-defaults - addonmanager.kubernetes.io/mode: Reconcile - name: system:coredns -rules: -- apiGroups: - - "" - resources: - - endpoints - - services - - pods - - namespaces - verbs: - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - rbac.authorization.kubernetes.io/autoupdate: "true" - labels: - kubernetes.io/bootstrapping: rbac-defaults - addonmanager.kubernetes.io/mode: EnsureExists - name: system:coredns -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:coredns -subjects: -- kind: ServiceAccount - name: coredns - namespace: kube-system ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: EnsureExists -data: - Corefile: | - .:53 { - errors - health - kubernetes cluster.local. in-addr.arpa ip6.arpa { - pods insecure - upstream - fallthrough in-addr.arpa ip6.arpa - } - prometheus :9153 - proxy . /etc/resolv.conf - cache 30 - reload - } ---- -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: coredns - namespace: kube-system - labels: - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/name: "CoreDNS" -spec: - replicas: 2 - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - selector: - matchLabels: - k8s-app: kube-dns - template: - metadata: - labels: - k8s-app: kube-dns - annotations: - seccomp.security.alpha.kubernetes.io/pod: 'docker/default' - spec: - serviceAccountName: coredns - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - - key: "CriticalAddonsOnly" - operator: "Exists" - containers: - - name: coredns - image: coredns/coredns:1.1.3 - imagePullPolicy: IfNotPresent - resources: - limits: - memory: 170Mi - requests: - cpu: 100m - memory: 70Mi - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - readOnly: true - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_BIND_SERVICE - drop: - - all - readOnlyRootFilesystem: true - dnsPolicy: Default - volumes: - - name: config-volume - configMap: - name: coredns - items: - - key: Corefile - path: Corefile ---- -apiVersion: v1 -kind: Service -metadata: - name: kube-dns - namespace: kube-system - annotations: - prometheus.io/scrape: "true" - labels: - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/name: "CoreDNS" -spec: - selector: - k8s-app: kube-dns - clusterIP: 10.68.0.2 - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP diff --git a/manifests/coredns/readme.md b/manifests/coredns/readme.md new file mode 100644 index 0000000..10b2d90 --- /dev/null +++ b/manifests/coredns/readme.md @@ -0,0 +1,6 @@ +### 说明 + ++ 本目录为k8s集群的插件 coredns的配置目录,初始为空目录 ++ 因coredns.yaml文件中参数(CLUSTER_DNS_SVC_IP, CLUSTER_DNS_DOMAIN)根据hosts文件设置而定,需要使用ansible template模块替换参数后生成 ++ 运行 `ansible-playbook 07.cluster-addon.yml`后会生成该目录下的coredns.yaml 文件 ++ coredns.yaml [模板文件](../../roles/cluster-addon/templates/coredns.yaml.j2) diff --git a/manifests/kubedns/kubedns.yaml b/manifests/kubedns/kubedns.yaml deleted file mode 100644 index b60c81f..0000000 --- a/manifests/kubedns/kubedns.yaml +++ /dev/null @@ -1,198 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: kube-dns - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: EnsureExists - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kube-dns - namespace: kube-system - labels: - #kubernetes.io/cluster-service: "true" - addonmanager.kubernetes.io/mode: Reconcile - ---- -apiVersion: v1 -kind: Service -metadata: - name: kube-dns - namespace: kube-system - labels: - k8s-app: kube-dns - #kubernetes.io/cluster-service: "true" - addonmanager.kubernetes.io/mode: Reconcile - kubernetes.io/name: "KubeDNS" -spec: - selector: - k8s-app: kube-dns - clusterIP: 10.68.0.2 - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP - ---- -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: kube-dns - namespace: kube-system - labels: - k8s-app: kube-dns - #kubernetes.io/cluster-service: "true" - addonmanager.kubernetes.io/mode: Reconcile -spec: - # replicas: not specified here: - # 1. In order to make Addon Manager do not reconcile this replicas parameter. - # 2. Default is 1. - # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. - strategy: - rollingUpdate: - maxSurge: 10% - maxUnavailable: 0 - selector: - matchLabels: - k8s-app: kube-dns - template: - metadata: - labels: - k8s-app: kube-dns - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - tolerations: - - key: "CriticalAddonsOnly" - operator: "Exists" - volumes: - - name: kube-dns-config - configMap: - name: kube-dns - optional: true - containers: - - name: kubedns - #image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.10 - image: mirrorgooglecontainers/k8s-dns-kube-dns-amd64:1.14.10 - resources: - # TODO: Set memory limits when we've profiled the container for large - # clusters, then set request = limit to keep this container in - # guaranteed class. Currently, this container falls into the - # "burstable" category so the kubelet doesn't backoff from restarting it. - limits: - memory: 170Mi - requests: - cpu: 100m - memory: 70Mi - livenessProbe: - httpGet: - path: /healthcheck/kubedns - port: 10054 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - readinessProbe: - httpGet: - path: /readiness - port: 8081 - scheme: HTTP - # we poll on pod startup for the Kubernetes master service and - # only setup the /readiness HTTP server once that's available. - initialDelaySeconds: 3 - timeoutSeconds: 5 - args: - - --domain=cluster.local. - - --dns-port=10053 - - --config-dir=/kube-dns-config - - --v=2 - env: - - name: PROMETHEUS_PORT - value: "10055" - ports: - - containerPort: 10053 - name: dns-local - protocol: UDP - - containerPort: 10053 - name: dns-tcp-local - protocol: TCP - - containerPort: 10055 - name: metrics - protocol: TCP - volumeMounts: - - name: kube-dns-config - mountPath: /kube-dns-config - - name: dnsmasq - #image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.10 - image: mirrorgooglecontainers/k8s-dns-dnsmasq-nanny-amd64:1.14.10 - livenessProbe: - httpGet: - path: /healthcheck/dnsmasq - port: 10054 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - args: - - -v=2 - - -logtostderr - - -configDir=/etc/k8s/dns/dnsmasq-nanny - - -restartDnsmasq=true - - -- - - -k - - --cache-size=1000 - - --log-facility=- - - --server=/cluster.local./127.0.0.1#10053 - - --server=/in-addr.arpa/127.0.0.1#10053 - - --server=/ip6.arpa/127.0.0.1#10053 - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - # see: https://github.com/kubernetes/kubernetes/issues/29055 for details - resources: - requests: - cpu: 150m - memory: 20Mi - volumeMounts: - - name: kube-dns-config - mountPath: /etc/k8s/dns/dnsmasq-nanny - - name: sidecar - #image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.10 - image: mirrorgooglecontainers/k8s-dns-sidecar-amd64:1.14.10 - livenessProbe: - httpGet: - path: /metrics - port: 10054 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - args: - - --v=2 - - --logtostderr - - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local.,5,A - - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local.,5,A - ports: - - containerPort: 10054 - name: metrics - protocol: TCP - resources: - requests: - memory: 20Mi - cpu: 10m - dnsPolicy: Default # Don't use cluster DNS. - serviceAccountName: kube-dns diff --git a/manifests/kubedns/readme.md b/manifests/kubedns/readme.md index d3c2c31..f1f21d0 100644 --- a/manifests/kubedns/readme.md +++ b/manifests/kubedns/readme.md @@ -1,6 +1,6 @@ ### 说明 -+ 本目录为k8s集群的插件 kube-dns的配置目录 ++ 本目录为k8s集群的插件 kubedns的配置目录,初始为空目录 + 因kubedns.yaml文件中参数(CLUSTER_DNS_SVC_IP, CLUSTER_DNS_DOMAIN)根据hosts文件设置而定,需要使用ansible template模块替换参数后生成 -+ 运行 `ansible-playbook 01.prepare.yml`后会重新生成该目录下的kubedns.yaml 文件 -+ kubedns.yaml [模板文件](../../roles/deploy/templates/kubedns.yaml.j2) ++ 运行 `ansible-playbook 07.cluster-addon.yml`后会生成该目录下的kubedns.yaml 文件 ++ kubedns.yaml [模板文件](../../roles/cluster-addon/templates/kubedns.yaml.j2)