k8s1.13.0二进制部署-Dashboard和coredns(五)
部署UI
下载yaml文件
https://github.com/kubernetes/kubernetes
[root@k8s-master1 ~]# git clone https://github.com/kubernetes/kubernetes.git
[root@k8s-master1 ~]# cd kubernetes/cluster/addons/dashboard/
[root@k8s-master1 dashboard]# ll
total
-rw-r--r-- root root Dec : dashboard-configmap.yaml
-rw-r--r-- root root Dec : dashboard-controller.yaml
-rw-r--r-- root root Dec : dashboard-rbac.yaml
-rw-r--r-- root root Dec : dashboard-secret.yaml
-rw-r--r-- root root Dec : dashboard-service.yaml
修改文件内容
默认kubernetes-dashboard是官网默认镜像地址,需要FQ,咱们这里用阿里云的镜像就可以。
.....
spec:
priorityClassName: system-cluster-critical
containers:
- name: kubernetes-dashboard
image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1
....
修改svc的类型
....
spec:
type: NodePort
selector:
k8s-app: kubernetes-dashboard
ports:
- port: 443
targetPort: 8443
nodePort: 30001
基于yaml创建
kubectl create -f dashboard-rbac.yaml
kubectl create -f dashboard-secret.yaml
kubectl create -f dashboard-configmap.yaml
kubectl create -f dashboard-controller.yaml
kubectl create -f dashboard-service.yaml
查看
[root@localhost dashboard]# kubectl get pod,svc,deploy -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/kubernetes-dashboard-7d5f7c58f5-6ggrv 1/1 Running 0 3m2s 172.17.50.2 192.168.0.221 <none> <none> NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes-dashboard NodePort 10.0.0.84 <none> 443:30001/TCP 88s k8s-app=kubernetes-dashboard NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.extensions/kubernetes-dashboard 1/1 1 1 3m2s kubernetes-dashboard registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 k8s-app=kubernetes-dashboard
创建角色绑定
[root@localhost dashboard]# vim k8s-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io [root@localhost dashboard]# kubectl apply -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin create
获取令牌
[root@localhost dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-token | awk '{print $1}')
Name: dashboard-admin-token-txkkz
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 7dbf9a60-805a-11e9-b018-525400828c1f
Type: kubernetes.io/service-account-token
Data
====
ca.crt: bytes
namespace: bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmbmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdHhra3oiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiN2RiZjlhNjAtODA1YS0xMWU5LWIwMTgtNTI1NDAwODI4YzFmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1Utc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.ccan7T6t7bGbvOaOOQKj_NYalEezlPz38CCYo6vuNi-FTYQ11HsRBZPcwJMdcRg0maKc-RR3S5JY9KLzhoZlHWSDjrD2CFoXa-1c8iWKYTxMuGiAwWFw_NhUZchoXIBRlCQTkOTNhVjmtKn82oV6OhyyCsgxNKN_5uWtpEREsNXS5AKMesQei9N7Vr5QdPRh3mDrNKPQstbzTN-EWgjjOXYdkeIsUghvh15uJ9bOXs1p0ket9_wgrPz6rdHhhSyv-JJLhk6h3EpnZnzLk659ejmOMv838MWC1KeTlUM7xnAcQPYYHsa59RBAdUcCczZhGACwn4AXWWxaDWBkyg
浏览器访问
解决谷歌浏览器不能显示
[root@localhost dashboard]# vim dashboard-csr.json
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size":
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
} #生成证书
[root@localhost dashboard]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem -ca-key=/opt/kubernetes/ssl/ca-key.pem -config=/opt/kubernetes/ssl/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard #删除secret
[root@localhost dashboard]# kubectl delete secret kubernetes-dashboard-certs -n kube-system
secret "kubernetes-dashboard-certs" deleted
[root@localhost dashboard]# kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
secret/kubernetes-dashboard-certs created #修改yaml文件,指定刚才生成的证书
[root@localhost dashboard]# vim dashboard-controller.yaml
....
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem
.... #重新部署
[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml
部署coredns
下载yaml文件:https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns/coredns
[root@k8s-master1 demo]# cat coredns.yaml
# Warning: This is a file generated from the base underscore template file: coredns.yaml.base apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.: {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :
proxy . /etc/resolv.conf
cache
loop
reload
loadbalance
}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
# replicas: not specified here:
# . In order to make Addon Manager do not reconcile this replicas parameter.
# . Default is .
# . Will be tuned in real time if DNS horizontal auto-scaling is turned on.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable:
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: "CriticalAddonsOnly"
operator: "Exists"
containers:
- name: coredns
image: coredns/coredns:1.2.
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort:
name: dns
protocol: UDP
- containerPort:
name: dns-tcp
protocol: TCP
- containerPort:
name: metrics
protocol: TCP
livenessProbe:
httpGet:
path: /health
port:
scheme: HTTP
initialDelaySeconds:
timeoutSeconds:
successThreshold:
failureThreshold:
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: ""
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.0.0.2
ports:
- name: dns
port:
protocol: UDP
- name: dns-tcp
port:
protocol: TCP
创建pod
[root@k8s-master1 demo]# kubectl apply -f coredns.yaml
测试域名解析
[root@k8s-master1 demo]# kubectl run -it --image=busybox:1.28. --rm --restart=Never sh
If you don't see a command prompt, try pressing enter.
/ # nslookup kubernetes
Server: 10.0.0.2
Address : 10.0.0.2 kube-dns.kube-system.svc.cluster.local Name: kubernetes
Address : 10.0.0.1 kubernetes.default.svc.cluster.local
k8s1.13.0二进制部署-Dashboard和coredns(五)的更多相关文章
- k8s1.13.0二进制部署-node节点(四)
Master apiserver启用TLS认证后,Node节点kubelet组件想要加入集群,必须使用CA签发的有效证书才能与apiserver通信,当Node节点很多时,签署证书是一件很繁琐的事情, ...
- k8s1.13.0二进制部署-master节点(三)
部署apiserver 创建生成CSR的JSON配置文件 [root@k8s-master1 ssl]# vim kubernetes-csr.json { "CN": " ...
- k8s1.13.0二进制部署-ETCD集群(一)
Kubernetes集群中主要存在两种类型的节点:master.minion节点. Minion节点为运行 Docker容器的节点,负责和节点上运行的 Docker 进行交互,并且提供了代理功能.Ma ...
- k8s1.13.0二进制部署-flannel网络(二)
Flannel容器集群网络部署 Overlay Network:覆盖网络,在基础网络上叠加的一种虚拟网络技术模式,该网络中的主机通过虚拟链路连接起来.VXLAN:将源数据包封装到UDP中,并使用基础网 ...
- 高可用安装k8s1.13.0 --不能带cavisor、不能加cni ,带上这两个总是报错,kubelet无法启动
高可用安装k8s1.13.0 --不能带cavisor,总是报错,kubelet无法启动
- k8s二进制部署 - dashboard安装
配置资源清单rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard ...
- k8s1.20环境搭建部署(二进制版本)
1.前提知识 1.1 生产环境部署K8s集群的两种方式 kubeadm Kubeadm是一个K8s部署工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes集群 ...
- 【原】二进制部署 k8s 1.18.3
二进制部署 k8s 1.18.3 1.相关前置信息 1.1 版本信息 kube_version: v1.18.3 etcd_version: v3.4.9 flannel: v0.12.0 cored ...
- k8s-1.15.0集群部署+dashboard
环境:外网环境硬件master-centos7.4 2核4G node1-centos7.4 2核4Gnode2-centos7.4 2核4G软件:三台服务器 :docker-19. ...
随机推荐
- Elastic-job使用及原理
一.原理 elastic-job有lite版和cloud版,最大的区别是有无调度中心,笔者采用的是lite版本,无中心化. tips: 第一台服务器上线触发主服务器选举.主服务器一旦下线,则重新触发选 ...
- 纯CSS,多个半圆以中心点旋转
效果图: html代码: <div style=" background:#000; position: relative; width:300px; height:300px;&qu ...
- Codevs 2765 隐形的翅膀
2765 隐形的翅膀 题目描述 Description 天使告诉小杉,每只翅膀都有长度,两只翅膀的长度之比越接近黄金分割比例(黄金分割比= 0.6180339887498949),就越完美. 现在 ...
- 在Mybatis中处理sql中的大于号小于号
因为xml格式中,不能随便出现"<".“>”等符号,所以在sql中这一类的符号要进行特殊处理 第一种方法:使用转义字符替换特殊的符号 例如 SELECT * FROM ...
- Postgresql 10 自带扩展模块功能说明
adminpackadminpack提供了许多支持功能,pgAdmin 和其他管理和管理工具可以使用它们来提供其他功能,例如远程管理服务器日志文件.所有这些功能的使用仅限于超级用户. citext 该 ...
- Java程序动态编译Java源文件
最近接触到公司一个项目,需要将生成的源码动态编译,记录下学习过程. 先贴出官网推荐写法: JavaCompiler.CompilationTask getTask(Writer out, ...
- Serilog 是 ASP.NET Core 的一个插件,可以简化日志记录
[翻译] ASP.NET Core 利用 Docker.ElasticSearch.Kibana 来记录日志 原文: Logging with ElasticSearch, Kibana, ASP.N ...
- 管道是如何随着WebHost的开启被构建出来的?
管道是如何随着WebHost的开启被构建出来的? 注册的服务器和中间件共同构成了ASP.NET Core用于处理请求的管道, 这样一个管道是在我们启动作为应用宿主的WebHost时构建出来的.要深刻了 ...
- High waits on control file sequential read
High waits on control file sequential read (文档 ID 2277867.1) In case we run into an issue where cont ...
- Dev控件工具箱安装
安装目录\Components\Tools,打开命令行 安装DEV工具 $ ToolboxCreator.exe /ini:toolboxcreator.ini 移除DEV工具 $ ToolboxCr ...