Kubernetes系列之Coredns and Dashboard介绍篇

本次系列使用的所需部署包版本都使用的目前最新的或最新稳定版，安装包地址请到公众号内回复【K8s实战】获取

介绍

---

项目地址:https://github.com/coredns/coredns

CoreDNS是一个Go语言实现的链式插件DNS服务端，是CNCF成员，是一个高性能、易扩展的DNS服务端。可以很方便的部署在k8s集群中，用来代替kube-dns。

下载coredns 编排

---

[root@master-01 ]#mkdir /opt/coredns && cd /opt/coredns[root@master-01 coredns]# wget https://raw.githubusercontent.com/coredns/deployment/master/kubernetes/coredns.yaml.sed[root@master-01 coredns]# wget https://raw.githubusercontent.com/coredns/deployment/master/kubernetes/deploy.sh

修改编排文件

---

主要用到了deploy.sh和coredns.yam.sed，由于不是从kube-dns转到coredns，所以要注释掉kubectl相关操作，修改REVERSE_CIDRS、DNS_DOMAIN、CLUSTER_DNS_IP等变量为实际值

[root@master-01 coredns]# chmod +x deploy.sh[root@master-01 coredns]# ./deploy.sh -s -r 10.254.0.0/16 -i 10.254.0.10 -d cluster.local > coredns.yaml[root@master-01 coredns]# diff coredns.yaml coredns.yaml.sed 58c58< kubernetes cluster.local 10.254.0.0/16 {---> kubernetes CLUSTER_DOMAIN REVERSE_CIDRS {62c62< }---> }FEDERATIONS64c64< forward . /etc/resolv.conf---> forward . UPSTREAMNAMESERVER69c69< }---> }STUBDOMAINS171c171< clusterIP: 10.254.0.10---> clusterIP: CLUSTER_DNS_IP

部署coredns

---

[root@master-01 coredns]# kubectl create -f coredns.yamlserviceaccount/coredns createdclusterrole.rbac.authorization.k8s.io/system:coredns createdclusterrolebinding.rbac.authorization.k8s.io/system:coredns createdconfigmap/coredns createddeployment.apps/coredns createdservice/kube-dns created

测试功能

---

查看svc地址

[root@master-02 kubernetes]# kubectl get svcNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEkubernetes ClusterIP 10.254.0.1 <none> 443/TCP 19hnginx NodePort 10.254.58.237 <none> 80:34542/TCP 15h

起个busybox测试

[root@master-01 coredns]# kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools1If you don't see a command prompt, try pressing enter.dnstools# lsbin dev etc home lib media mnt proc root run sbin srv sys tmp usr vardnstools# ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:11:2F:02 inet addr:172.17.47.2 Bcast:172.17.47.255 Mask:255.255.255.0UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1RX packets:8 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0UP LOOPBACK RUNNING MTU:65536 Metric:1RX packets:0 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)dnstools# nslookup kubernetesServer: 10.254.0.10Address: 10.254.0.10#53Name: kubernetes.default.svc.cluster.localAddress: 10.254.0.1dnstools# nslookup nginxServer: 10.254.0.10Address: 10.254.0.10#53Name: nginx.default.svc.cluster.localAddress: 10.254.58.237dnstools# cat /etc/resolv.conf nameserver 10.254.0.10search default.svc.cluster.local. svc.cluster.local. cluster.local.options ndots:5dnstools# dnstools# ping baidu.comPING baidu.com (123.125.115.110): 56 data bytes64 bytes from 123.125.115.110: seq=0 ttl=127 time=36.423 ms64 bytes from 123.125.115.110: seq=1 ttl=127 time=35.546 ms

至此coredns部署完成，接下来安装dashboard组件

dashboard部署

---

由于国内不能下载gcr.io下的镜像，所以使用阿里云的

下载编排文件

[root@master-01]#mkdir /opt/dashboard &&cd /opt/dashboard[root@master-01dashboard]#wget https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml

修改其中image地址为阿里云的地址

spec:containers:- name: kubernetes-dashboardimage: registry.cn-beijing.aliyuncs.com/minminmsn/kubernetes-dashboard:v1.10.1

修改其中Service配置，将type: ClusterIP改成NodePort,便于通过Node端口访问

# ------------------- Dashboard Service ------------------- kind: ServiceapiVersion: v1metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kube-systemspec:type: NodePortports:- port: 443targetPort: 8443selector:k8s-app: kubernetes-dashboard

生产自定义证书

---

[root@master-01 dashboard]# openssl req -nodes -newkey rsa:2048 -keyout dashboard.key -out dashboard.csr -subj "/C=/ST=/L=/O=/OU=/CN=kubernetes-dashboardGenerating a 2048 bit RSA private key...................+++................................................+++writing new private key to 'dashboard.key'-----No value provided for Subject Attribute C, skippedNo value provided for Subject Attribute ST, skippedNo value provided for Subject Attribute L, skippedNo value provided for Subject Attribute O, skippedNo value provided for Subject Attribute OU, skipped[root@master-01 dashboard]# openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crtSignature oksubject=/CN=kubernetes-dashboardGetting Private key[root@master-01 dashboard]# kubectl create secret generic kubernetes-dashboard-certs --from-file=. -n kube-systemsecret/kubernetes-dashboard-certs created

如果有购买证书的话，直接创建srcret即可

[root@master-01 dashboard]# kubectl create secret generic kubernetes-dashboard-certs --from-file=certs -n kube-systemsecret/kubernetes-dashboard-certs created

开始创建kubernetes-dashboard

[root@master-01 dashboard]# kubectl apply -f kubernetes-dashboard.yaml Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl applysecret/kubernetes-dashboard-certs configuredsecret/kubernetes-dashboard-csrf createdserviceaccount/kubernetes-dashboard createdrole.rbac.authorization.k8s.io/kubernetes-dashboard-minimal createdrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal createddeployment.apps/kubernetes-dashboard createdservice/kubernetes-dashboard created

查看服务状态

[root@master-01 dashboard]# kubectl get pod -nkube-system -owideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATEScoredns-5d668bd598-dt4qm 1/1 Running 0 96m 172.17.79.3 192.168.209.132 <none> <none>coredns-5d668bd598-f5g96 1/1 Running 1 14h 172.17.44.2 192.168.209.131 <none> <none>kubernetes-dashboard-cb55bd5bd-gc84g 1/1 Running 0 55s 172.17.47.2 192.168.209.133 <none> <none>[root@master-01 dashboard]# kubectl -nkube-system get ep -owideNAME ENDPOINTS AGEkube-controller-manager <none> 20hkube-dns 172.17.44.2:53,172.17.79.3:53,172.17.44.2:53 + 3 more... 14hkube-scheduler <none> 20hkubernetes-dashboard 172.17.47.2:8443 97s[root@master-01 dashboard]# kubectl -nkube-system get svc -owideNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTORkube-dns ClusterIP 10.254.0.10 <none> 53/UDP,53/TCP,9153/TCP 14h k8s-app=kube-dnskubernetes-dashboard NodePort 10.254.65.137 <none> 443:49365/TCP 101s k8s-app=kubernetes-dashboard

浏览器访问

---

选择token访问，token获取方法如下

获取token

[root@master-01 dashboard]# cat /k8s/yaml/admin-token.yaml kind: ClusterRoleBindingapiVersion: rbac.authorization.k8s.io/v1beta1metadata:name: adminannotations:rbac.authorization.kubernetes.io/autoupdate: "true"roleRef:kind: ClusterRolename: cluster-adminapiGroup: rbac.authorization.k8s.iosubjects:- kind: ServiceAccountname: adminnamespace: kube-system---apiVersion: v1kind: ServiceAccountmetadata:name: adminnamespace: kube-systemlabels:kubernetes.io/cluster-service: "true"addonmanager.kubernetes.io/mode: Reconcile[root@master-01 dashboard]# kubectl apply -f admin-token.yaml clusterrolebinding.rbac.authorization.k8s.io/admin createdserviceaccount/admin created[root@master-01 dashboard]# kubectl describe secret/$(kubectl get secret -nkube-system |grep admin|awk '{print $1}') -nkube-systemName: admin-token-7lxxtNamespace: kube-systemLabels: <none>Annotations: kubernetes.io/service-account.name: adminkubernetes.io/service-account.uid: a913db42-4473-11e9-8484-000c29721372Type: kubernetes.io/service-account-tokenData====ca.crt: 1363 bytesnamespace: 11 bytestoken: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi03bHh4dCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImE5MTNkYjQyLTQ0NzMtMTFlOS04NDg0LTAwMGMyOTcyMTM3MiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.ioFkVN9L_teW8Dda3vBGwiZVVL45tLghbPHQboSXEAq6C4sqnxZzKCfltO_B8hW2Cnkwzkghkw4YH6QvQuRQ7rakOYHUbVDynlt1TpjsBYNXTUp_DVCzNYLgK8ddkbG3SNnAurjqAAT7q4Cyy7e3v6h4vxmghyTTYRpYgtkpjxH-26TWD0FpwdO8iSfCnroNjUrEbm1vfCNRgJome7XNMLNZKcxB27V1wZk2Lk8suA67PtOv2iM_oL4UrO-qiVtLnq8mOqtwiJhk9eNk2zaDw0_2qZs9BsdYQwOB3pUkKEXktm9mIU4IUQXvBUKtA5Fltc6ZZ0WPv2x5JQ9d3PsVuw

访问任意一个节点IP端口是NodePort动态生成的

出现如下页面，选择令牌，输出刚查出的token，点击登录

首页如下

好了，本章介绍了如何部署k8s组件coredns和dashboard，敬请期待后续分享，谢谢

END

如果您觉得不错，请别忘了转发、分享、点赞让更多的人去学习， 您的举手之劳，就是对小编最好的支持，非常感谢！