部署UI

下载yaml文件
https://github.com/kubernetes/kubernetes

[root@k8s-master1 ~]# git clone https://github.com/kubernetes/kubernetes.git

[root@k8s-master1 ~]# cd kubernetes/cluster/addons/dashboard/

[root@k8s-master1 dashboard]# ll

total

-rw-r--r--  root root   Dec  : dashboard-configmap.yaml

-rw-r--r--  root root  Dec  : dashboard-controller.yaml

-rw-r--r--  root root  Dec  : dashboard-rbac.yaml

-rw-r--r--  root root   Dec  : dashboard-secret.yaml

-rw-r--r--  root root   Dec  : dashboard-service.yaml

修改文件内容

默认kubernetes-dashboard是官网默认镜像地址,需要FQ,咱们这里用阿里云的镜像就可以。

.....

    spec:

      priorityClassName: system-cluster-critical

      containers:

      - name: kubernetes-dashboard

        image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1

....

修改svc的类型

....

spec:
  type: NodePort
  selector:
    k8s-app: kubernetes-dashboard
  ports:
  - port: 443
    targetPort: 8443
    nodePort: 30001

基于yaml创建

kubectl create -f dashboard-rbac.yaml

kubectl create -f dashboard-secret.yaml

kubectl create -f dashboard-configmap.yaml

kubectl create -f dashboard-controller.yaml

kubectl create -f dashboard-service.yaml

查看

[root@localhost dashboard]# kubectl get pod,svc,deploy -n kube-system -o wide
NAME                                        READY   STATUS    RESTARTS   AGE    IP            NODE            NOMINATED NODE   READINESS GATES
pod/kubernetes-dashboard-7d5f7c58f5-6ggrv   1/1     Running   0          3m2s   172.17.50.2   192.168.0.221   <none>           <none>

NAME                           TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE   SELECTOR
service/kubernetes-dashboard   NodePort   10.0.0.84    <none>        443:30001/TCP   88s   k8s-app=kubernetes-dashboard

NAME                                         READY   UP-TO-DATE   AVAILABLE   AGE    CONTAINERS             IMAGES                                                                                   SELECTOR
deployment.extensions/kubernetes-dashboard   1/1     1            1           3m2s   kubernetes-dashboard   registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1   k8s-app=kubernetes-dashboard

创建角色绑定

[root@localhost dashboard]# vim k8s-admin.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

  name: dashboard-admin

  namespace: kube-system

---

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1beta1

metadata:

  name: dashboard-admin

subjects:

  - kind: ServiceAccount

    name: dashboard-admin

    namespace: kube-system

roleRef:

  kind: ClusterRole

  name: cluster-admin

  apiGroup: rbac.authorization.k8s.io

[root@localhost dashboard]# kubectl apply -f k8s-admin.yaml 
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin create

获取令牌

[root@localhost dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-token | awk '{print $1}')

Name:         dashboard-admin-token-txkkz

Namespace:    kube-system

Labels:       <none>

Annotations:  kubernetes.io/service-account.name: dashboard-admin

              kubernetes.io/service-account.uid: 7dbf9a60-805a-11e9-b018-525400828c1f

Type:  kubernetes.io/service-account-token

Data

====

ca.crt:      bytes

namespace:   bytes

token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmbmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdHhra3oiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiN2RiZjlhNjAtODA1YS0xMWU5LWIwMTgtNTI1NDAwODI4YzFmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1Utc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.ccan7T6t7bGbvOaOOQKj_NYalEezlPz38CCYo6vuNi-FTYQ11HsRBZPcwJMdcRg0maKc-RR3S5JY9KLzhoZlHWSDjrD2CFoXa-1c8iWKYTxMuGiAwWFw_NhUZchoXIBRlCQTkOTNhVjmtKn82oV6OhyyCsgxNKN_5uWtpEREsNXS5AKMesQei9N7Vr5QdPRh3mDrNKPQstbzTN-EWgjjOXYdkeIsUghvh15uJ9bOXs1p0ket9_wgrPz6rdHhhSyv-JJLhk6h3EpnZnzLk659ejmOMv838MWC1KeTlUM7xnAcQPYYHsa59RBAdUcCczZhGACwn4AXWWxaDWBkyg

浏览器访问

解决谷歌浏览器不能显示

[root@localhost dashboard]# vim dashboard-csr.json

{

    "CN": "Dashboard",

    "hosts": [],

    "key": {

        "algo": "rsa",

        "size":

    },

    "names": [

        {

            "C": "CN",

            "L": "BeiJing",

            "ST": "BeiJing"

        }

    ]

}

#生成证书

[root@localhost dashboard]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem -ca-key=/opt/kubernetes/ssl/ca-key.pem -config=/opt/kubernetes/ssl/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard

#删除secret

[root@localhost dashboard]# kubectl delete secret kubernetes-dashboard-certs -n kube-system

secret "kubernetes-dashboard-certs" deleted

[root@localhost dashboard]# kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system

secret/kubernetes-dashboard-certs created

#修改yaml文件,指定刚才生成的证书

[root@localhost dashboard]# vim dashboard-controller.yaml

....

        args:

          # PLATFORM-SPECIFIC ARGS HERE

          - --auto-generate-certificates

          - --tls-key-file=dashboard-key.pem

          - --tls-cert-file=dashboard.pem

....

#重新部署

[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml

部署coredns

下载yaml文件:https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns/coredns

[root@k8s-master1 demo]# cat coredns.yaml

# Warning: This is a file generated from the base underscore template file: coredns.yaml.base

apiVersion: v1

kind: ServiceAccount

metadata:

  name: coredns

  namespace: kube-system

  labels:

      kubernetes.io/cluster-service: "true"

      addonmanager.kubernetes.io/mode: Reconcile

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

    addonmanager.kubernetes.io/mode: Reconcile

  name: system:coredns

rules:

- apiGroups:

  - ""

  resources:

  - endpoints

  - services

  - pods

  - namespaces

  verbs:

  - list

  - watch

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

    addonmanager.kubernetes.io/mode: EnsureExists

  name: system:coredns

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: system:coredns

subjects:

- kind: ServiceAccount

  name: coredns

  namespace: kube-system

---

apiVersion: v1

kind: ConfigMap

metadata:

  name: coredns

  namespace: kube-system

  labels:

      addonmanager.kubernetes.io/mode: EnsureExists

data:

  Corefile: |

    .: {

        errors

        health

        kubernetes cluster.local in-addr.arpa ip6.arpa {

            pods insecure

            upstream

            fallthrough in-addr.arpa ip6.arpa

        }

        prometheus :

        proxy . /etc/resolv.conf

        cache

        loop

        reload

        loadbalance

    }

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: coredns

  namespace: kube-system

  labels:

    k8s-app: kube-dns

    kubernetes.io/cluster-service: "true"

    addonmanager.kubernetes.io/mode: Reconcile

    kubernetes.io/name: "CoreDNS"

spec:

  # replicas: not specified here:

  # . In order to make Addon Manager do not reconcile this replicas parameter.

  # . Default is .

  # . Will be tuned in real time if DNS horizontal auto-scaling is turned on.

  strategy:

    type: RollingUpdate

    rollingUpdate:

      maxUnavailable:

  selector:

    matchLabels:

      k8s-app: kube-dns

  template:

    metadata:

      labels:

        k8s-app: kube-dns

      annotations:

        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'

    spec:

      serviceAccountName: coredns

      tolerations:

        - key: node-role.kubernetes.io/master

          effect: NoSchedule

        - key: "CriticalAddonsOnly"

          operator: "Exists"

      containers:

      - name: coredns

        image: coredns/coredns:1.2.

        imagePullPolicy: IfNotPresent

        resources:

          limits:

            memory: 170Mi

          requests:

            cpu: 100m

            memory: 70Mi

        args: [ "-conf", "/etc/coredns/Corefile" ]

        volumeMounts:

        - name: config-volume

          mountPath: /etc/coredns

          readOnly: true

        ports:

        - containerPort:

          name: dns

          protocol: UDP

        - containerPort:

          name: dns-tcp

          protocol: TCP

        - containerPort:

          name: metrics

          protocol: TCP

        livenessProbe:

          httpGet:

            path: /health

            port:

            scheme: HTTP

          initialDelaySeconds:

          timeoutSeconds:

          successThreshold:

          failureThreshold:

        securityContext:

          allowPrivilegeEscalation: false

          capabilities:

            add:

            - NET_BIND_SERVICE

            drop:

            - all

          readOnlyRootFilesystem: true

      dnsPolicy: Default

      volumes:

        - name: config-volume

          configMap:

            name: coredns

            items:

            - key: Corefile

              path: Corefile

---

apiVersion: v1

kind: Service

metadata:

  name: kube-dns

  namespace: kube-system

  annotations:

    prometheus.io/port: ""

    prometheus.io/scrape: "true"

  labels:

    k8s-app: kube-dns

    kubernetes.io/cluster-service: "true"

    addonmanager.kubernetes.io/mode: Reconcile

    kubernetes.io/name: "CoreDNS"

spec:

  selector:

    k8s-app: kube-dns

  clusterIP: 10.0.0.2

  ports:

  - name: dns

    port:

    protocol: UDP

  - name: dns-tcp

    port:

    protocol: TCP

创建pod

[root@k8s-master1 demo]# kubectl apply -f coredns.yaml

测试域名解析

[root@k8s-master1 demo]# kubectl run -it --image=busybox:1.28. --rm --restart=Never sh

If you don't see a command prompt, try pressing enter.

/ # nslookup kubernetes

Server:    10.0.0.2

Address : 10.0.0.2 kube-dns.kube-system.svc.cluster.local

Name:      kubernetes

Address : 10.0.0.1 kubernetes.default.svc.cluster.local

k8s1.13.0二进制部署-Dashboard和coredns(五)的更多相关文章

  1. k8s1.13.0二进制部署-node节点(四)

    Master apiserver启用TLS认证后,Node节点kubelet组件想要加入集群,必须使用CA签发的有效证书才能与apiserver通信,当Node节点很多时,签署证书是一件很繁琐的事情, ...

  2. k8s1.13.0二进制部署-master节点(三)

    部署apiserver 创建生成CSR的JSON配置文件 [root@k8s-master1 ssl]# vim kubernetes-csr.json { "CN": " ...

  3. k8s1.13.0二进制部署-ETCD集群(一)

    Kubernetes集群中主要存在两种类型的节点:master.minion节点. Minion节点为运行 Docker容器的节点,负责和节点上运行的 Docker 进行交互,并且提供了代理功能.Ma ...

  4. k8s1.13.0二进制部署-flannel网络(二)

    Flannel容器集群网络部署 Overlay Network:覆盖网络,在基础网络上叠加的一种虚拟网络技术模式,该网络中的主机通过虚拟链路连接起来.VXLAN:将源数据包封装到UDP中,并使用基础网 ...

  5. 高可用安装k8s1.13.0 --不能带cavisor、不能加cni ,带上这两个总是报错,kubelet无法启动

    高可用安装k8s1.13.0 --不能带cavisor,总是报错,kubelet无法启动

  6. k8s二进制部署 - dashboard安装

    配置资源清单rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard ...

  7. k8s1.20环境搭建部署(二进制版本)

    1.前提知识 1.1 生产环境部署K8s集群的两种方式 kubeadm Kubeadm是一个K8s部署工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes集群 ...

  8. 【原】二进制部署 k8s 1.18.3

    二进制部署 k8s 1.18.3 1.相关前置信息 1.1 版本信息 kube_version: v1.18.3 etcd_version: v3.4.9 flannel: v0.12.0 cored ...

  9. k8s-1.15.0集群部署+dashboard

    环境:外网环境硬件master-centos7.4  2核4G node1-centos7.4     2核4Gnode2-centos7.4     2核4G软件:三台服务器 :docker-19. ...

随机推荐

  1. [51nod] 1267 4个数和为0 暴力+二分

    给出N个整数,你来判断一下是否能够选出4个数,他们的和为0,可以则输出"Yes",否则输出"No". Input 第1行,1个数N,N为数组的长度(4 < ...

  2. ue4 enable input

    actor:  enable input 这个可以使多个actor接收输入 pawn: possese pawn使用enable input是不生效的 貌似不允许多个pawn同时接收输入,可以考虑直接 ...

  3. 计蒜课/ 微软大楼设计方案/中等(xjb)

    题目链接:https://nanti.jisuanke.com/t/15772 题意:中文题诶- 思路:对于坐标为p1(x1, y1), p2(x2, y2) 的两个核心, 其中 x1 <= x ...

  4. VMWare虚拟机Windows下的下载与安装

    原文链接:http://www.studyshare.cn/blog-front//software/details/1161/0一.下载此处收集各种开发工具软件,供下载官网下载:https://ww ...

  5. docker 使用数据库mysql

    1. docker pull mysql  获取mysql镜像 2. docker images 查看镜像列表 3.  docker run -itd -P mysql bash :启动mysql镜像 ...

  6. PostgreSQL - raise函数打印字符串

    raise函数 在PostgreSQL中,该函数用于打印字符串,类似于Java中的System.out.println(),Oracle中的dbms_output.put_line(). 用法如下: ...

  7. 在jquery中使用AJAX

    在jquery中使用封装好的AJAX会对开发效率起到极大的便利,因此掌握jquery中的一系列AJAX封装函数是做好页面数据交互的必备技能: 1.在之前,我们首先需要详细了解AJAX异步请求接受的五中 ...

  8. python之is 和 == 的区别//编码和解码

    一.is  和  ==  的区别: 1  .id()   内存地址 2.  ==   比较    #比较两边的值 3.   is    比较   #比较的是内存地址 数字,字符串,有小数据池 #数字小 ...

  9. Linux systemd 常用命令

    系统管理 systemctl 显示系统状态: $ systemctl status 立即激活单元: # systemctl start [单元] 立即停止单元: # systemctl stop [单 ...

  10. 使用CSS3的translate和transition功能,控制一个两个div块的联动

    之前的工作有接触到一些css3的新特性.div块的移动和回到初始位置,可以利用在开发中的很多地方.这里记录下来,下次就不用辛苦的灾区百度了. <html> <head> < ...