Cloud Native应用交付

  • 首页
  • 关于本站
  • 个人介绍
  • Downloads
  • Repo
    • Github
    • Container
  • F5
    • F5 Python SDK
    • F5-container
    • F5-LBaaS
  • 社交
    • 联系我
    • 微信/微博
    • 公众号
    • 打赏赞助
行至水穷处 坐看云起时
Cloud Native Application Services: cnadn.net
  1. 首页
  2. 容器/k8s
  3. 正文

kube-dns deployment文件分析

2017年07月10日 6121点热度 0人点赞 0条评论

YAML
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
[root@docker1 kubedns]# cat kubedns-controller.yaml
# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
 
# Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
# in sync with this file.
 
# Warning: This is a file generated from the base underscore template file: kubedns-controller.yaml.base
 
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: kube-dns
  namespace: kube-system
  #deployment自定义标签
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
#Spec--pod详细定义
spec:
  # replicas: not specified here:
  # 1. In order to make Addon Manager do not reconcile this replicas parameter.
  # 2. Default is 1.
  # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
  strategy:
    rollingUpdate:
      maxSurge: 10%
      maxUnavailable: 0
  selector:
    matchLabels:
      k8s-app: kube-dns
  template:
    metadata:
      labels:
        k8s-app: kube-dns
      #自定义注解,调度中的关键pod
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      tolerations:
      - key: "CriticalAddonsOnly"
        operator: "Exists"
      #pod的volume定义,提供给pod内所有container mount
      volumes:
      - name: kube-dns-config
        #使用config map配置,cm可以通过kubectl get cm -n kube-system获得
###################################################
#[root@docker1 ~]# kubectl get cm -n kube-system -o yaml
#apiVersion: v1
#items:
#- apiVersion: v1
#  kind: ConfigMap
# metadata:
#    creationTimestamp: 2017-07-09T15:07:48Z
#    labels:
#      addonmanager.kubernetes.io/mode: EnsureExists
#    name: kube-dns
#    namespace: kube-system
#    resourceVersion: "5693"
#    selfLink: /api/v1/namespaces/kube-system/configmaps/kube-dns
#    uid: 5ebf1bf0-64b8-11e7-ae06-000c29420d98
#kind: List
#resourceVersion: ""
#selfLink: ""
##################################################
        configMap:
          name: kube-dns
          optional: true
      ####开始具体容器的定义####
      containers:
      - name: kubedns
      ###kubedns容器负责和k8s API接口通信获得相关服务信息并进行DNS注册,使用内存树状保存dns配置
        image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.4
        resources:
          # TODO: Set memory limits when we've profiled the container for large
          # clusters, then set request = limit to keep this container in
          # guaranteed class. Currently, this container falls into the
          # "burstable" category so the kubelet doesn't backoff from restarting it.
          limits:
            memory: 170Mi
          requests:
            cpu: 100m
            memory: 70Mi
        ##livnessprboe负责探测相关容器是否存活(running),如果超过5次探测失败就要kill掉,重启该容器
        livenessProbe:
          httpGet:
            path: /healthcheck/kubedns
            port: 10054
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        ##readiness 用于检测容器服务是否已经就绪(ready状态),如果不就绪,service里就会删除该pod
        readinessProbe:
          httpGet:
            path: /readiness
            port: 8081
            scheme: HTTP
          # we poll on pod startup for the Kubernetes master service and
          # only setup the /readiness HTTP server once that's available.
          initialDelaySeconds: 3
          timeoutSeconds: 5
        ##容器启动参数
        args:
        - --domain=cluster.local.
        - --dns-port=10053
        - --config-dir=/kube-dns-config
        - --v=2
        #{{ pillar['federations_domain_map'] }}
        - --kube-master-url=http://172.16.199.17:8080
        #容器环境变量
        env:
        - name: PROMETHEUS_PORT
          value: "10055"
        ports:
        - containerPort: 10053
          name: dns-local
          protocol: UDP
        - containerPort: 10053
          name: dns-tcp-local
          protocol: TCP
        - containerPort: 10055
          name: metrics
          protocol: TCP
        #具体容器volume挂载,这里的name必须等于spec.template.spec.volume下的名称定义
        volumeMounts:
        - name: kube-dns-config
          mountPath: /kube-dns-config
      - name: dnsmasq
      ##dnsmasq提供缓存,并对其它pod提供DNS查询接口,该容器实际上是service里定义的真实dns通信端口
        image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.4
        livenessProbe:
          httpGet:
            path: /healthcheck/dnsmasq
            port: 10054
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        args:
        - -v=2
        - -logtostderr
        - -configDir=/etc/k8s/dns/dnsmasq-nanny
        - -restartDnsmasq=true
        - --
        - -k
        ##dnsmasq缓存大小
        - --cache-size=1000
        - --log-facility=-
        ##指定dnsmasq的上级查询服务器
        - --server=/cluster.local./127.0.0.1#10053
        - --server=/in-addr.arpa/127.0.0.1#10053
        - --server=/ip6.arpa/127.0.0.1#10053
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
        resources:
          requests:
            cpu: 150m
            memory: 20Mi
        volumeMounts:
        - name: kube-dns-config
          mountPath: /etc/k8s/dns/dnsmasq-nanny
      - name: sidecar
      ##sidecar负责对上述两个容器服务进行健康性探测,执行具体的dnsprobe请求来确认dns服务是否正常
      ##对外暴露了10054端口,可通过curl http://pod-ip/metrics获得输出
        image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.4
        livenessProbe:
          httpGet:
            path: /metrics
            port: 10054
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        args:
        - --v=2
        - --logtostderr
        - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local.,5,A
        - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local.,5,A
        ports:
        - containerPort: 10054
          name: metrics
          protocol: TCP
        resources:
          requests:
            memory: 20Mi
            cpu: 10m
      dnsPolicy: Default  # Don't use cluster DNS. 使得pod使用kubelet设置的DNS
      serviceAccountName: kube-dns

 

相关文章

  • 优雅下线业务Pod的方法
  • 项目:k8s Gateway API 的BIG-IP实现
  • CIS增强版在线文档
  • F5 CES 用融合的思想保护k8s出向流量安全
  • 是时候思考k8s出向流量安全了
本作品采用 知识共享署名-非商业性使用 4.0 国际许可协议 进行许可
标签: kube-dns
最后更新:2017年07月14日

纳米

linjing.io

打赏 点赞
< 上一篇
下一篇 >

文章评论

razz evil exclaim smile redface biggrin eek confused idea lol mad twisted rolleyes wink cool arrow neutral cry mrgreen drooling persevering
取消回复

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据。

纳米

linjing.io

☁️迈向Cloud Native ADC ☁️

认证获得:
TOGAF: ID 152743
Kubernetes: CKA #664
Microsoft: MCSE MCDBA
Cisco: CCNP
Juniper: JNCIS
F5:
F5 Certified Solution Expert, Security
F5 Certified Technology Specialist, LTM/GTM/APM/ASM
F5 Certified BIG-IP Administrator
  • 点击查看本博技术要素列表
  • 归档
    分类目录
    • Automation
    • Avi Networks
    • Cisco ACI
    • CISCO资源
    • F5 with ELK
    • F5-Tech tips
    • F5技术
    • Juniper
    • Linux
    • NGINX
    • SDN
    • ServiceMesh
    • WEB编程
    • WINDOWS相关
    • 业界文章
    • 交换机技术
    • 化云为雨/Openstack
    • 协议原理
    • 容器/k8s
    • 我的工作
    • 我的生活
    • 网站技术
    • 路由器技术
    • 项目案例
    标签聚合
    network nginx DNS gtm k8s api irule bigip docker flannel istio neutron openstack envoy F5
    最近评论
    纳米 发布于 3 个月前(08月18日) 已回复邮件
    11 发布于 3 个月前(08月16日) 多谢大佬的资料 2023-8-16 9:53 邮箱:mab**ng@sina.cn
    纳米 发布于 5 个月前(07月07日) 感谢感谢支持。忙于一些工作,确实更新少了一些。
    yyds 发布于 5 个月前(07月07日) 大佬终于更新啦 ,顶 !
    纳米 发布于 1 年前(10月31日) 已提供谢谢
    浏览次数
    • Downloads - 111,618 views
    • 迄今为止最全最深入的BIGIP-DNS/GTM原理及培训资料 - 88,749 views
    • Github - 86,273 views
    • 联系我 - 84,895 views
    • F5常见log日志解释 - 63,644 views
    • Sniffer Pro 4 70 530抓包软件 中文版+视频教程 - 56,263 views
    • 这篇文档您是否感兴趣 - 48,062 views
    • 迄今为止最全最深入的BIGIP-DNS/GTM原理及培训资料 - 45,687 views
    • F5利用Elastic stack(ELK)进行应用数据挖掘系列(2)-DNS - 32,539 views
    • 关于本站 - 32,081 views
    链接表
    • Jimmy Song‘s Blog
    • SDNap
    • SDNlab
    • SDN论坛
    • Service Mesh社区
    • 三斗室
    • 个人profile

    COPYRIGHT © 2023 Cloud Native 应用交付. ALL RIGHTS RESERVED.

    Theme Kratos Made By Seaton Jiang

    京ICP备14048088号-1

    京公网安备 11010502041506号