部署UI

下载yaml文件
https://github.com/kubernetes/kubernetes

[root@k8s-master1 ~]# git clone https://github.com/kubernetes/kubernetes.git
[root@k8s-master1 ~]# cd kubernetes/cluster/addons/dashboard/
[root@k8s-master1 dashboard]# ll
total
-rw-r--r-- root root Dec : dashboard-configmap.yaml
-rw-r--r-- root root Dec : dashboard-controller.yaml
-rw-r--r-- root root Dec : dashboard-rbac.yaml
-rw-r--r-- root root Dec : dashboard-secret.yaml
-rw-r--r-- root root Dec : dashboard-service.yaml

修改文件内容

默认kubernetes-dashboard是官网默认镜像地址,需要FQ,咱们这里用阿里云的镜像就可以。
.....
spec:
priorityClassName: system-cluster-critical
containers:
- name: kubernetes-dashboard
image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1
....
修改svc的类型
....
spec:
  type: NodePort
  selector:
    k8s-app: kubernetes-dashboard
  ports:
  - port: 443
    targetPort: 8443
    nodePort: 30001

基于yaml创建

kubectl create -f dashboard-rbac.yaml
kubectl create -f dashboard-secret.yaml
kubectl create -f dashboard-configmap.yaml
kubectl create -f dashboard-controller.yaml
kubectl create -f dashboard-service.yaml

查看

[root@localhost dashboard]# kubectl get pod,svc,deploy -n kube-system -o wide
NAME                                        READY   STATUS    RESTARTS   AGE    IP            NODE            NOMINATED NODE   READINESS GATES
pod/kubernetes-dashboard-7d5f7c58f5-6ggrv   1/1     Running   0          3m2s   172.17.50.2   192.168.0.221   <none>           <none> NAME                           TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE   SELECTOR
service/kubernetes-dashboard   NodePort   10.0.0.84    <none>        443:30001/TCP   88s   k8s-app=kubernetes-dashboard NAME                                         READY   UP-TO-DATE   AVAILABLE   AGE    CONTAINERS             IMAGES                                                                                   SELECTOR
deployment.extensions/kubernetes-dashboard   1/1     1            1           3m2s   kubernetes-dashboard   registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1   k8s-app=kubernetes-dashboard

创建角色绑定

[root@localhost dashboard]# vim k8s-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io [root@localhost dashboard]# kubectl apply -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin create

获取令牌

[root@localhost dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-token | awk '{print $1}')
Name: dashboard-admin-token-txkkz
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 7dbf9a60-805a-11e9-b018-525400828c1f Type: kubernetes.io/service-account-token Data
====
ca.crt: bytes
namespace: bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmbmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdHhra3oiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiN2RiZjlhNjAtODA1YS0xMWU5LWIwMTgtNTI1NDAwODI4YzFmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1Utc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.ccan7T6t7bGbvOaOOQKj_NYalEezlPz38CCYo6vuNi-FTYQ11HsRBZPcwJMdcRg0maKc-RR3S5JY9KLzhoZlHWSDjrD2CFoXa-1c8iWKYTxMuGiAwWFw_NhUZchoXIBRlCQTkOTNhVjmtKn82oV6OhyyCsgxNKN_5uWtpEREsNXS5AKMesQei9N7Vr5QdPRh3mDrNKPQstbzTN-EWgjjOXYdkeIsUghvh15uJ9bOXs1p0ket9_wgrPz6rdHhhSyv-JJLhk6h3EpnZnzLk659ejmOMv838MWC1KeTlUM7xnAcQPYYHsa59RBAdUcCczZhGACwn4AXWWxaDWBkyg

浏览器访问

解决谷歌浏览器不能显示

[root@localhost dashboard]# vim dashboard-csr.json
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size":
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
} #生成证书
[root@localhost dashboard]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem -ca-key=/opt/kubernetes/ssl/ca-key.pem -config=/opt/kubernetes/ssl/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard #删除secret
[root@localhost dashboard]# kubectl delete secret kubernetes-dashboard-certs -n kube-system
secret "kubernetes-dashboard-certs" deleted
[root@localhost dashboard]# kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
secret/kubernetes-dashboard-certs created #修改yaml文件,指定刚才生成的证书
[root@localhost dashboard]# vim dashboard-controller.yaml
....
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem
.... #重新部署
[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml

部署coredns

下载yaml文件:https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns/coredns

[root@k8s-master1 demo]# cat coredns.yaml
# Warning: This is a file generated from the base underscore template file: coredns.yaml.base apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.: {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :
proxy . /etc/resolv.conf
cache
loop
reload
loadbalance
}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
# replicas: not specified here:
# . In order to make Addon Manager do not reconcile this replicas parameter.
# . Default is .
# . Will be tuned in real time if DNS horizontal auto-scaling is turned on.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable:
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: "CriticalAddonsOnly"
operator: "Exists"
containers:
- name: coredns
image: coredns/coredns:1.2.
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort:
name: dns
protocol: UDP
- containerPort:
name: dns-tcp
protocol: TCP
- containerPort:
name: metrics
protocol: TCP
livenessProbe:
httpGet:
path: /health
port:
scheme: HTTP
initialDelaySeconds:
timeoutSeconds:
successThreshold:
failureThreshold:
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: ""
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.0.0.2
ports:
- name: dns
port:
protocol: UDP
- name: dns-tcp
port:
protocol: TCP

创建pod

[root@k8s-master1 demo]# kubectl apply -f coredns.yaml

测试域名解析

[root@k8s-master1 demo]# kubectl run -it --image=busybox:1.28. --rm --restart=Never sh
If you don't see a command prompt, try pressing enter.
/ # nslookup kubernetes
Server: 10.0.0.2
Address : 10.0.0.2 kube-dns.kube-system.svc.cluster.local Name: kubernetes
Address : 10.0.0.1 kubernetes.default.svc.cluster.local

k8s1.13.0二进制部署-Dashboard和coredns(五)的更多相关文章

  1. k8s1.13.0二进制部署-node节点(四)

    Master apiserver启用TLS认证后,Node节点kubelet组件想要加入集群,必须使用CA签发的有效证书才能与apiserver通信,当Node节点很多时,签署证书是一件很繁琐的事情, ...

  2. k8s1.13.0二进制部署-master节点(三)

    部署apiserver 创建生成CSR的JSON配置文件 [root@k8s-master1 ssl]# vim kubernetes-csr.json { "CN": " ...

  3. k8s1.13.0二进制部署-ETCD集群(一)

    Kubernetes集群中主要存在两种类型的节点:master.minion节点. Minion节点为运行 Docker容器的节点,负责和节点上运行的 Docker 进行交互,并且提供了代理功能.Ma ...

  4. k8s1.13.0二进制部署-flannel网络(二)

    Flannel容器集群网络部署 Overlay Network:覆盖网络,在基础网络上叠加的一种虚拟网络技术模式,该网络中的主机通过虚拟链路连接起来.VXLAN:将源数据包封装到UDP中,并使用基础网 ...

  5. 高可用安装k8s1.13.0 --不能带cavisor、不能加cni ,带上这两个总是报错,kubelet无法启动

    高可用安装k8s1.13.0 --不能带cavisor,总是报错,kubelet无法启动

  6. k8s二进制部署 - dashboard安装

    配置资源清单rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard ...

  7. k8s1.20环境搭建部署(二进制版本)

    1.前提知识 1.1 生产环境部署K8s集群的两种方式 kubeadm Kubeadm是一个K8s部署工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes集群 ...

  8. 【原】二进制部署 k8s 1.18.3

    二进制部署 k8s 1.18.3 1.相关前置信息 1.1 版本信息 kube_version: v1.18.3 etcd_version: v3.4.9 flannel: v0.12.0 cored ...

  9. k8s-1.15.0集群部署+dashboard

    环境:外网环境硬件master-centos7.4  2核4G node1-centos7.4     2核4Gnode2-centos7.4     2核4G软件:三台服务器 :docker-19. ...

随机推荐

  1. Elastic-job使用及原理

    一.原理 elastic-job有lite版和cloud版,最大的区别是有无调度中心,笔者采用的是lite版本,无中心化. tips: 第一台服务器上线触发主服务器选举.主服务器一旦下线,则重新触发选 ...

  2. 纯CSS,多个半圆以中心点旋转

    效果图: html代码: <div style=" background:#000; position: relative; width:300px; height:300px;&qu ...

  3. Codevs 2765 隐形的翅膀

    2765 隐形的翅膀   题目描述 Description 天使告诉小杉,每只翅膀都有长度,两只翅膀的长度之比越接近黄金分割比例(黄金分割比= 0.6180339887498949),就越完美. 现在 ...

  4. 在Mybatis中处理sql中的大于号小于号

    因为xml格式中,不能随便出现"<".“>”等符号,所以在sql中这一类的符号要进行特殊处理 第一种方法:使用转义字符替换特殊的符号 例如 SELECT * FROM ...

  5. Postgresql 10 自带扩展模块功能说明

    adminpackadminpack提供了许多支持功能,pgAdmin 和其他管理和管理工具可以使用它们来提供其他功能,例如远程管理服务器日志文件.所有这些功能的使用仅限于超级用户. citext 该 ...

  6. Java程序动态编译Java源文件

    最近接触到公司一个项目,需要将生成的源码动态编译,记录下学习过程. 先贴出官网推荐写法: JavaCompiler.CompilationTask getTask(Writer out,        ...

  7. Serilog 是 ASP.NET Core 的一个插件,可以简化日志记录

    [翻译] ASP.NET Core 利用 Docker.ElasticSearch.Kibana 来记录日志 原文: Logging with ElasticSearch, Kibana, ASP.N ...

  8. 管道是如何随着WebHost的开启被构建出来的?

    管道是如何随着WebHost的开启被构建出来的? 注册的服务器和中间件共同构成了ASP.NET Core用于处理请求的管道, 这样一个管道是在我们启动作为应用宿主的WebHost时构建出来的.要深刻了 ...

  9. High waits on control file sequential read

    High waits on control file sequential read (文档 ID 2277867.1) In case we run into an issue where cont ...

  10. Dev控件工具箱安装

    安装目录\Components\Tools,打开命令行 安装DEV工具 $ ToolboxCreator.exe /ini:toolboxcreator.ini 移除DEV工具 $ ToolboxCr ...