kube-dns deployment文件分析

[root@docker1 kubedns]# cat kubedns-controller.yaml 
# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
# in sync with this file.

# Warning: This is a file generated from the base underscore template file: kubedns-controller.yaml.base

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: kube-dns
  namespace: kube-system
  #deployment自定义标签
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
#Spec--pod详细定义
spec:
  # replicas: not specified here:
  # 1. In order to make Addon Manager do not reconcile this replicas parameter.
  # 2. Default is 1.
  # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
  strategy:
    rollingUpdate:
      maxSurge: 10%
      maxUnavailable: 0
  selector:
    matchLabels:
      k8s-app: kube-dns
  template:
    metadata:
      labels:
        k8s-app: kube-dns
      #自定义注解，调度中的关键pod
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      tolerations:
      - key: "CriticalAddonsOnly"
        operator: "Exists"
      #pod的volume定义，提供给pod内所有container mount
      volumes:
      - name: kube-dns-config
        #使用config map配置，cm可以通过kubectl get cm -n kube-system获得
###################################################
#[root@docker1 ~]# kubectl get cm -n kube-system -o yaml
#apiVersion: v1
#items:
#- apiVersion: v1
#  kind: ConfigMap
# metadata:
#    creationTimestamp: 2017-07-09T15:07:48Z
#    labels:
#      addonmanager.kubernetes.io/mode: EnsureExists
#    name: kube-dns
#    namespace: kube-system
#    resourceVersion: "5693"
#    selfLink: /api/v1/namespaces/kube-system/configmaps/kube-dns
#    uid: 5ebf1bf0-64b8-11e7-ae06-000c29420d98
#kind: List
#resourceVersion: ""
#selfLink: ""
##################################################
        configMap:
          name: kube-dns
          optional: true
      ####开始具体容器的定义####
      containers:
      - name: kubedns
      ###kubedns容器负责和k8s API接口通信获得相关服务信息并进行DNS注册，使用内存树状保存dns配置
        image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.4
        resources:
          # TODO: Set memory limits when we've profiled the container for large
          # clusters, then set request = limit to keep this container in
          # guaranteed class. Currently, this container falls into the
          # "burstable" category so the kubelet doesn't backoff from restarting it.
          limits:
            memory: 170Mi
          requests:
            cpu: 100m
            memory: 70Mi
        ##livnessprboe负责探测相关容器是否存活（running），如果超过5次探测失败就要kill掉，重启该容器
        livenessProbe:
          httpGet:
            path: /healthcheck/kubedns
            port: 10054
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        ##readiness 用于检测容器服务是否已经就绪（ready状态），如果不就绪，service里就会删除该pod
        readinessProbe:
          httpGet:
            path: /readiness
            port: 8081
            scheme: HTTP
          # we poll on pod startup for the Kubernetes master service and
          # only setup the /readiness HTTP server once that's available.
          initialDelaySeconds: 3
          timeoutSeconds: 5
        ##容器启动参数
        args:
        - --domain=cluster.local.
        - --dns-port=10053
        - --config-dir=/kube-dns-config
        - --v=2
        #{{ pillar['federations_domain_map'] }}
        - --kube-master-url=http://172.16.199.17:8080
        #容器环境变量
        env:
        - name: PROMETHEUS_PORT
          value: "10055"
        ports:
        - containerPort: 10053
          name: dns-local
          protocol: UDP
        - containerPort: 10053
          name: dns-tcp-local
          protocol: TCP
        - containerPort: 10055
          name: metrics
          protocol: TCP
        #具体容器volume挂载，这里的name必须等于spec.template.spec.volume下的名称定义
        volumeMounts:
        - name: kube-dns-config
          mountPath: /kube-dns-config
      - name: dnsmasq
      ##dnsmasq提供缓存，并对其它pod提供DNS查询接口，该容器实际上是service里定义的真实dns通信端口
        image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.4
        livenessProbe:
          httpGet:
            path: /healthcheck/dnsmasq
            port: 10054
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        args:
        - -v=2
        - -logtostderr
        - -configDir=/etc/k8s/dns/dnsmasq-nanny
        - -restartDnsmasq=true
        - --
        - -k
        ##dnsmasq缓存大小
        - --cache-size=1000
        - --log-facility=-
        ##指定dnsmasq的上级查询服务器
        - --server=/cluster.local./127.0.0.1#10053
        - --server=/in-addr.arpa/127.0.0.1#10053
        - --server=/ip6.arpa/127.0.0.1#10053
        ports:
        - containerPort: 53
          name: dns
          protocol: UDP
        - containerPort: 53
          name: dns-tcp
          protocol: TCP
        # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
        resources:
          requests:
            cpu: 150m
            memory: 20Mi
        volumeMounts:
        - name: kube-dns-config
          mountPath: /etc/k8s/dns/dnsmasq-nanny
      - name: sidecar
      ##sidecar负责对上述两个容器服务进行健康性探测，执行具体的dnsprobe请求来确认dns服务是否正常
      ##对外暴露了10054端口，可通过curl http://pod-ip/metrics获得输出
        image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.4
        livenessProbe:
          httpGet:
            path: /metrics
            port: 10054
            scheme: HTTP
          initialDelaySeconds: 60
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 5
        args:
        - --v=2
        - --logtostderr
        - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local.,5,A
        - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local.,5,A
        ports:
        - containerPort: 10054
          name: metrics
          protocol: TCP
        resources:
          requests:
            memory: 20Mi
            cpu: 10m
      dnsPolicy: Default  # Don't use cluster DNS. 使得pod使用kubelet设置的DNS
      serviceAccountName: kube-dns

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

[root@docker1 kubedns]# cat kubedns-controller.yaml

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

# http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

# Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml

# in sync with this file.

# Warning: This is a file generated from the base underscore template file: kubedns-controller.yaml.base

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

namespace: kube-system

#deployment自定义标签

labels:

k8s-app: kube-dns

kubernetes.io/cluster-service: "true"

addonmanager.kubernetes.io/mode: Reconcile

#Spec--pod详细定义

spec:

# replicas: not specified here:

# 1. In order to make Addon Manager do not reconcile this replicas parameter.

# 2. Default is 1.

# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.

strategy:

rollingUpdate:

maxSurge: 10%

maxUnavailable: 0

selector:

matchLabels:

k8s-app: kube-dns

template:

metadata:

labels:

k8s-app: kube-dns

#自定义注解，调度中的关键pod

annotations:

scheduler.alpha.kubernetes.io/critical-pod: ''

spec:

tolerations:

- key: "CriticalAddonsOnly"

operator: "Exists"

#pod的volume定义，提供给pod内所有container mount

volumes:

- name: kube-dns-config

#使用config map配置，cm可以通过kubectl get cm -n kube-system获得

###################################################

#[root@docker1 ~]# kubectl get cm -n kube-system -o yaml

#apiVersion: v1

#items:

#- apiVersion: v1

# kind: ConfigMap

# metadata:

# creationTimestamp: 2017-07-09T15:07:48Z

# labels:

# addonmanager.kubernetes.io/mode: EnsureExists

# name: kube-dns

# namespace: kube-system

# resourceVersion: "5693"

# selfLink: /api/v1/namespaces/kube-system/configmaps/kube-dns

# uid: 5ebf1bf0-64b8-11e7-ae06-000c29420d98

#kind: List

#resourceVersion: ""

#selfLink: ""

##################################################

configMap:

optional: true

####开始具体容器的定义####

containers:

- name: kubedns

###kubedns容器负责和k8s API接口通信获得相关服务信息并进行DNS注册，使用内存树状保存dns配置

image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.4

resources:

# TODO: Set memory limits when we've profiled the container for large

# clusters, then set request = limit to keep this container in

# guaranteed class. Currently, this container falls into the

# "burstable" category so the kubelet doesn't backoff from restarting it.

limits:

memory: 170Mi

requests:

cpu: 100m

memory: 70Mi

##livnessprboe负责探测相关容器是否存活（running），如果超过5次探测失败就要kill掉，重启该容器

livenessProbe:

httpGet:

path: /healthcheck/kubedns

port: 10054

scheme: HTTP

initialDelaySeconds: 60

timeoutSeconds: 5

successThreshold: 1

failureThreshold: 5

##readiness 用于检测容器服务是否已经就绪（ready状态），如果不就绪，service里就会删除该pod

readinessProbe:

httpGet:

path: /readiness

port: 8081

scheme: HTTP

# we poll on pod startup for the Kubernetes master service and

# only setup the /readiness HTTP server once that's available.

initialDelaySeconds: 3

timeoutSeconds: 5

##容器启动参数

args:

- --domain=cluster.local.

- --dns-port=10053

- --config-dir=/kube-dns-config

- --v=2

#{{ pillar['federations_domain_map'] }}

- --kube-master-url=http://172.16.199.17:8080

#容器环境变量

env:

- name: PROMETHEUS_PORT

value: "10055"

ports:

- containerPort: 10053

protocol: UDP

- containerPort: 10053

protocol: TCP

- containerPort: 10055

protocol: TCP

#具体容器volume挂载，这里的name必须等于spec.template.spec.volume下的名称定义

volumeMounts:

- name: kube-dns-config

mountPath: /kube-dns-config

- name: dnsmasq

##dnsmasq提供缓存，并对其它pod提供DNS查询接口，该容器实际上是service里定义的真实dns通信端口

image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.4

livenessProbe:

httpGet:

path: /healthcheck/dnsmasq

port: 10054

scheme: HTTP

initialDelaySeconds: 60

timeoutSeconds: 5

successThreshold: 1

failureThreshold: 5

args:

- -v=2

- -logtostderr

- -configDir=/etc/k8s/dns/dnsmasq-nanny

- -restartDnsmasq=true

- --

- -k

##dnsmasq缓存大小

- --cache-size=1000

- --log-facility=-

##指定dnsmasq的上级查询服务器

- --server=/cluster.local./127.0.0.1#10053

- --server=/in-addr.arpa/127.0.0.1#10053

- --server=/ip6.arpa/127.0.0.1#10053

ports:

- containerPort: 53

protocol: UDP

- containerPort: 53

protocol: TCP

# see: https://github.com/kubernetes/kubernetes/issues/29055 for details

resources:

requests:

cpu: 150m

memory: 20Mi

volumeMounts:

- name: kube-dns-config

mountPath: /etc/k8s/dns/dnsmasq-nanny

- name: sidecar

##sidecar负责对上述两个容器服务进行健康性探测，执行具体的dnsprobe请求来确认dns服务是否正常

##对外暴露了10054端口，可通过curl http://pod-ip/metrics获得输出

image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.4

livenessProbe:

httpGet:

path: /metrics

port: 10054

scheme: HTTP

initialDelaySeconds: 60

timeoutSeconds: 5

successThreshold: 1

failureThreshold: 5

args:

- --v=2

- --logtostderr

- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local.,5,A

- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local.,5,A

ports:

- containerPort: 10054

protocol: TCP

resources:

requests:

memory: 20Mi

cpu: 10m

dnsPolicy: Default # Don't use cluster DNS. 使得pod使用kubelet设置的DNS

serviceAccountName: kube-dns

本作品采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可

相关文章

文章评论