forked from easzlab/kubeasz
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
255 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
# 在deploy节点生成CA相关证书,以供整个集群使用 | ||
- hosts: deploy | ||
roles: | ||
- ca | ||
- deploy | ||
|
||
# 集群节点的公共配置任务 | ||
- hosts: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,198 @@ | ||
--- | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: kube-dns | ||
namespace: kube-system | ||
labels: | ||
addonmanager.kubernetes.io/mode: EnsureExists | ||
|
||
--- | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: kube-dns | ||
namespace: kube-system | ||
labels: | ||
kubernetes.io/cluster-service: "true" | ||
addonmanager.kubernetes.io/mode: Reconcile | ||
|
||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: kube-dns | ||
namespace: kube-system | ||
labels: | ||
k8s-app: kube-dns | ||
kubernetes.io/cluster-service: "true" | ||
addonmanager.kubernetes.io/mode: Reconcile | ||
kubernetes.io/name: "KubeDNS" | ||
spec: | ||
selector: | ||
k8s-app: kube-dns | ||
clusterIP: 10.68.0.2 | ||
ports: | ||
- name: dns | ||
port: 53 | ||
protocol: UDP | ||
- name: dns-tcp | ||
port: 53 | ||
protocol: TCP | ||
|
||
--- | ||
apiVersion: extensions/v1beta1 | ||
kind: Deployment | ||
metadata: | ||
name: kube-dns | ||
namespace: kube-system | ||
labels: | ||
k8s-app: kube-dns | ||
kubernetes.io/cluster-service: "true" | ||
addonmanager.kubernetes.io/mode: Reconcile | ||
spec: | ||
# replicas: not specified here: | ||
# 1. In order to make Addon Manager do not reconcile this replicas parameter. | ||
# 2. Default is 1. | ||
# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. | ||
strategy: | ||
rollingUpdate: | ||
maxSurge: 10% | ||
maxUnavailable: 0 | ||
selector: | ||
matchLabels: | ||
k8s-app: kube-dns | ||
template: | ||
metadata: | ||
labels: | ||
k8s-app: kube-dns | ||
annotations: | ||
scheduler.alpha.kubernetes.io/critical-pod: '' | ||
spec: | ||
tolerations: | ||
- key: "CriticalAddonsOnly" | ||
operator: "Exists" | ||
volumes: | ||
- name: kube-dns-config | ||
configMap: | ||
name: kube-dns | ||
optional: true | ||
containers: | ||
- name: kubedns | ||
#image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5 | ||
image: mirrorgooglecontainers/k8s-dns-kube-dns-amd64:1.14.5 | ||
resources: | ||
# TODO: Set memory limits when we've profiled the container for large | ||
# clusters, then set request = limit to keep this container in | ||
# guaranteed class. Currently, this container falls into the | ||
# "burstable" category so the kubelet doesn't backoff from restarting it. | ||
limits: | ||
memory: 170Mi | ||
requests: | ||
cpu: 100m | ||
memory: 70Mi | ||
livenessProbe: | ||
httpGet: | ||
path: /healthcheck/kubedns | ||
port: 10054 | ||
scheme: HTTP | ||
initialDelaySeconds: 60 | ||
timeoutSeconds: 5 | ||
successThreshold: 1 | ||
failureThreshold: 5 | ||
readinessProbe: | ||
httpGet: | ||
path: /readiness | ||
port: 8081 | ||
scheme: HTTP | ||
# we poll on pod startup for the Kubernetes master service and | ||
# only setup the /readiness HTTP server once that's available. | ||
initialDelaySeconds: 3 | ||
timeoutSeconds: 5 | ||
args: | ||
- --domain=cluster.local. | ||
- --dns-port=10053 | ||
- --config-dir=/kube-dns-config | ||
- --v=2 | ||
env: | ||
- name: PROMETHEUS_PORT | ||
value: "10055" | ||
ports: | ||
- containerPort: 10053 | ||
name: dns-local | ||
protocol: UDP | ||
- containerPort: 10053 | ||
name: dns-tcp-local | ||
protocol: TCP | ||
- containerPort: 10055 | ||
name: metrics | ||
protocol: TCP | ||
volumeMounts: | ||
- name: kube-dns-config | ||
mountPath: /kube-dns-config | ||
- name: dnsmasq | ||
#image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5 | ||
image: mirrorgooglecontainers/k8s-dns-dnsmasq-nanny-amd64:1.14.5 | ||
livenessProbe: | ||
httpGet: | ||
path: /healthcheck/dnsmasq | ||
port: 10054 | ||
scheme: HTTP | ||
initialDelaySeconds: 60 | ||
timeoutSeconds: 5 | ||
successThreshold: 1 | ||
failureThreshold: 5 | ||
args: | ||
- -v=2 | ||
- -logtostderr | ||
- -configDir=/etc/k8s/dns/dnsmasq-nanny | ||
- -restartDnsmasq=true | ||
- -- | ||
- -k | ||
- --cache-size=1000 | ||
- --log-facility=- | ||
- --server=/cluster.local./127.0.0.1#10053 | ||
- --server=/in-addr.arpa/127.0.0.1#10053 | ||
- --server=/ip6.arpa/127.0.0.1#10053 | ||
ports: | ||
- containerPort: 53 | ||
name: dns | ||
protocol: UDP | ||
- containerPort: 53 | ||
name: dns-tcp | ||
protocol: TCP | ||
# see: https://github.com/kubernetes/kubernetes/issues/29055 for details | ||
resources: | ||
requests: | ||
cpu: 150m | ||
memory: 20Mi | ||
volumeMounts: | ||
- name: kube-dns-config | ||
mountPath: /etc/k8s/dns/dnsmasq-nanny | ||
- name: sidecar | ||
#image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5 | ||
image: mirrorgooglecontainers/k8s-dns-sidecar-amd64:1.14.5 | ||
livenessProbe: | ||
httpGet: | ||
path: /metrics | ||
port: 10054 | ||
scheme: HTTP | ||
initialDelaySeconds: 60 | ||
timeoutSeconds: 5 | ||
successThreshold: 1 | ||
failureThreshold: 5 | ||
args: | ||
- --v=2 | ||
- --logtostderr | ||
- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local.,5,A | ||
- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local.,5,A | ||
ports: | ||
- containerPort: 10054 | ||
name: metrics | ||
protocol: TCP | ||
resources: | ||
requests: | ||
memory: 20Mi | ||
cpu: 10m | ||
dnsPolicy: Default # Don't use cluster DNS. | ||
serviceAccountName: kube-dns |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
### 说明 | ||
|
||
+ 本目录为k8s集群的插件 kube-dns的配置目录,初始时本目录为空 | ||
+ 本目录为k8s集群的插件 kube-dns的配置目录 | ||
+ 因kubedns.yaml文件中参数(CLUSTER_DNS_SVC_IP, CLUSTER_DNS_DOMAIN)根据hosts文件设置而定,需要使用ansible template模块替换参数后生成 | ||
+ 运行 `ansible-playbook 01.prepare.yml`后该目录下生成kubedns.yaml 文件 | ||
+ kubedns.yaml [模板文件](../../roles/deploy/template/kubedns.yaml.j2) | ||
+ 运行 `ansible-playbook 01.prepare.yml`后会重新生成该目录下的kubedns.yaml 文件 | ||
+ kubedns.yaml [模板文件](../../roles/deploy/templates/kubedns.yaml.j2) |