因工作需要在kubernetes集群中部署ntp服务,查找了很多网上资料基本都是基于外网的,基于内网部署的实在是太少了,经过不断实验找到一个不太完美的方案,记录一下,以便各位大佬在临时需要的时候可以参考一下,话不多说,见下文:
ntp-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ntp
name: ntp
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: ntp
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: ntp
spec:
containers:
- image: seznam/ntpd:latest
imagePullPolicy: IfNotPresent
name: ntpd
ports:
- containerPort: 123
hostPort: 123 ##之前总是想通过service暴露但是结果不太理想选择这个方式希望##各位大佬有更好的方法给予评论,阿弥陀佛!!!
protocol: UDP
volumeMounts:
- mountPath: /etc/ntp.conf
name: conf
subPath: ntp.conf
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
name: ntp-config
name: conf
ntp.conf 配置文件没有去过多学习,如上文仅仅是应急使用,后期再好好学一下
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 127.127.1.0 prefer ####内网本地ntp这个需要加上#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client# Enable public key cryptography.
#cryptoincludefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys# Specify the key identifiers which are trusted.
#trustedkey 4 8 42# Specify the key identifier to use with the ntpdc utility.
#requestkey 8# Specify the key identifier to use with the ntpq utility.
#controlkey 8# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
创建configmap不用过多解释:
kubectl create cm ntp-config --from-file=ntp.conf
创建pod
kubectl apply -f ntp-deploy.yaml
linux主机测试:
windows再测试一下:
这样内网本地ntp服务 kubernetes部署好了,请各位大佬在线指正!阿弥陀佛。