• 一、CoreDNS部署

在 Cluster 中,除了可以通过 Cluster IP 访问 Service,Kubernetes 还提供了更为方便的 DNS 访问。

(1)编辑coredns.yaml文件

[root@linux-node1 ~]# vim coredns.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

  name: coredns

  namespace: kube-system

  labels:

      kubernetes.io/cluster-service: "true"

      addonmanager.kubernetes.io/mode: Reconcile

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

    addonmanager.kubernetes.io/mode: Reconcile

  name: system:coredns

rules:

- apiGroups:

  - ""

  resources:

  - endpoints

  - services

  - pods

  - namespaces

  verbs:

  - list

  - watch

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

    addonmanager.kubernetes.io/mode: EnsureExists

  name: system:coredns

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: system:coredns

subjects:

- kind: ServiceAccount

  name: coredns

  namespace: kube-system

---

apiVersion: v1

kind: ConfigMap

metadata:

  name: coredns

  namespace: kube-system

  labels:

      addonmanager.kubernetes.io/mode: EnsureExists

data:

  Corefile: |

    .: {

        errors

        health

        kubernetes cluster.local. in-addr.arpa ip6.arpa {

            pods insecure

            upstream

            fallthrough in-addr.arpa ip6.arpa

        }

        prometheus :

        proxy . /etc/resolv.conf

        cache

    }

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: coredns

  namespace: kube-system

  labels:

    k8s-app: coredns

    kubernetes.io/cluster-service: "true"

    addonmanager.kubernetes.io/mode: Reconcile

    kubernetes.io/name: "CoreDNS"

spec:

  replicas:

  strategy:

    type: RollingUpdate

    rollingUpdate:

      maxUnavailable:

  selector:

    matchLabels:

      k8s-app: coredns

  template:

    metadata:

      labels:

        k8s-app: coredns

    spec:

      serviceAccountName: coredns

      tolerations:

        - key: node-role.kubernetes.io/master

          effect: NoSchedule

        - key: "CriticalAddonsOnly"

          operator: "Exists"

      containers:

      - name: coredns

        image: coredns/coredns:1.0.

        imagePullPolicy: IfNotPresent

        resources:

          limits:

            memory: 170Mi

          requests:

            cpu: 100m

            memory: 70Mi

        args: [ "-conf", "/etc/coredns/Corefile" ]

        volumeMounts:

        - name: config-volume

          mountPath: /etc/coredns

        ports:

        - containerPort:

          name: dns

          protocol: UDP

        - containerPort:

          name: dns-tcp

          protocol: TCP

        livenessProbe:

          httpGet:

            path: /health

            port:

            scheme: HTTP

          initialDelaySeconds:

          timeoutSeconds:

          successThreshold:

          failureThreshold:

      dnsPolicy: Default

      volumes:

        - name: config-volume

          configMap:

            name: coredns

            items:

            - key: Corefile

              path: Corefile

---

apiVersion: v1

kind: Service

metadata:

  name: coredns

  namespace: kube-system

  labels:

    k8s-app: coredns

    kubernetes.io/cluster-service: "true"

    addonmanager.kubernetes.io/mode: Reconcile

    kubernetes.io/name: "CoreDNS"

spec:

  selector:

    k8s-app: coredns

  clusterIP: 10.1.0.2

  ports:

  - name: dns

    port:

    protocol: UDP

  - name: dns-tcp

    port:

    protocol: TCP

(2)创建coredns

[root@linux-node1 ~]# kubectl create -f coredns.yaml

serviceaccount "coredns" created

clusterrole.rbac.authorization.k8s.io "system:coredns" created

clusterrolebinding.rbac.authorization.k8s.io "system:coredns" created

configmap "coredns" created

deployment.extensions "coredns" created

service "coredns" created

(3)查看coredns服务

[root@linux-node1 ~]# kubectl get deployment -n kube-system

NAME      DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE

coredns                                            1m

[root@linux-node1 ~]# kubectl get svc -n kube-system

NAME      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE

coredns   ClusterIP   10.1.0.2     <none>        /UDP,/TCP   1m

[root@linux-node1 ~]# kubectl get pod -n kube-system

NAME                       READY     STATUS    RESTARTS   AGE

coredns-77c989547b-d84n8   /       Running             2m

coredns-77c989547b-j4ms2   /       Running             2m

(4)Pod容器中进行域名解析测试

[root@linux-node1 ~]# kubectl run alpine --rm -ti --image=alpine -- /bin/sh

If you don't see a command prompt, try pressing enter.

/ # nslookup httpd-svc

nslookup: can't resolve '(null)': Name does not resolve

Name:      httpd-svc

Address : 10.1.230.129

/ # wget httpd-svc:

Connecting to httpd-svc: (10.1.230.129:)

index.html           % |********************************************************************************************************************************************|       :: ETA

  • 二、Dashboard部署

从github上下载dashboard的yaml文件:https://github.com/unixhot/salt-kubernetes

[root@linux-node1 dashboard]# ll

total

-rw-r--r--  root root   Aug  : admin-user-sa-rbac.yaml

-rw-r--r--  root root  Aug  : kubernetes-dashboard.yaml

-rw-r--r--  root root   Aug  : ui-admin-rbac.yaml

-rw-r--r--  root root   Aug  : ui-read-rbac.yaml

[root@linux-node1 dashboard]# kubectl create -f .

serviceaccount "admin-user" created

clusterrolebinding.rbac.authorization.k8s.io "admin-user" created

secret "kubernetes-dashboard-certs" created

serviceaccount "kubernetes-dashboard" created

role.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created

rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created

deployment.apps "kubernetes-dashboard" created

service "kubernetes-dashboard" created

clusterrole.rbac.authorization.k8s.io "ui-admin" created

rolebinding.rbac.authorization.k8s.io "ui-admin-binding" created

clusterrole.rbac.authorization.k8s.io "ui-read" created

rolebinding.rbac.authorization.k8s.io "ui-read-binding" created

[root@linux-node1 dashboard]# kubectl get pods  -o wide -n kube-system

NAME                                    READY     STATUS    RESTARTS   AGE       IP           NODE

coredns-77c989547b-d84n8                /       Running             55m       10.2.99.7    192.168.56.13

coredns-77c989547b-j4ms2                /       Running             55m       10.2.76.6    192.168.56.12

kubernetes-dashboard-66c9d98865-mps22   /       Running             4m        10.2.76.12   192.168.56.12

[root@linux-node1 dashboard]# kubectl get svc -n kube-system

NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE

coredns                ClusterIP   10.1.0.2       <none>        /UDP,/TCP   56m

kubernetes-dashboard   NodePort    10.1.234.201   <none>        :/TCP   5m

从上可以看到kubernetes的dashboard服务的ip为:10.1.234.201,其映射到宿主机的端口为38974,由于master上没有部署kube-porxy,所以需要直接访问https://192.168.56.12:38974,如图:

选择令牌登陆,获取令牌的方法如下:

[root@linux-node1 dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

Name:         admin-user-token-mz7p9

Namespace:    kube-system

Labels:       <none>

Annotations:  kubernetes.io/service-account.name=admin-user

              kubernetes.io/service-account.uid=c2a85113-acc9-11e8-a800-000c29ce4fa7

Type:  kubernetes.io/service-account-token

Data

====

namespace:   bytes

token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLW16N3A5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjMmE4NTExMy1hY2M5LTExZTgtYTgwMC0wMDBjMjljZTRmYTciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.V4aEkKDBcK4RkuXRzwdAyoJRBrxAnc8axLLxGCGiduwv5Qa0HFe2WQWtny6FI-MpUP-dzrxahWSwaFcKKvVdzfBuXTbnPDBkhcrpAuzDsL0vo-GwHAAl88n8yZ67QmBwPVWH2CBrrTwWqALAfR2wNKtrUEigg-qbTQ05slP8WmbeckfzHTeZpQqegO3fz0BNBrJqi2TFDaftPm_vWSEsPWzWE9AyvfiVwGrfc_mmzHpOyxXAQXQLxJunfklwt0kuENO6sRRJ2HGvZ6HnCGZYZj0p-kjh5uAv-q_X2cMPIAhXgH7gHdYeiSXvEGA2Qz6tBE2pgN6S4F_xj6b4JT7kAQ

ca.crt:      bytes 

点击登录后的界面如下:

Kubernetes学习之路(七)之Coredns和Dashboard二进制部署的更多相关文章

  1. Kubernetes学习之路(26)之kubeasz+ansible部署集群

    目录 1.环境说明 2.准备工作 3.分步骤安装 3.1.创建证书和安装准备 3.2.安装etcd集群 3.3.安装docker 3.4.安装master节点 3.5.安装node节点 3.6.部署集 ...

  2. Kubernetes学习之路目录

    Kubernetes基础篇 环境说明 版本说明 系统环境 Centos 7.2 Kubernetes版本 v1.11.2 Docker版本 v18.09 Kubernetes学习之路(一)之概念和架构 ...

  3. Kubernetes学习之路(十五)之Ingress和Ingress Controller

    目录 一.什么是Ingress? 1.Pod 漂移问题 2.端口管理问题 3.域名分配及动态更新问题 二.如何创建Ingress资源 三.Ingress资源类型 1.单Service资源型Ingres ...

  4. Kubernetes学习之路(二十五)之Helm程序包管理器

    目录 1.Helm的概念和架构 2.部署Helm (1)下载helm (2)部署Tiller 3.helm的使用 4.chart 目录结构 5.chart模板 6.定制安装MySQL chart (1 ...

  5. Kubernetes学习之路(二十三)之资源指标和集群监控

    目录 1.资源指标和资源监控 2.Weave Scope监控集群 (1)Weave Scope部署 (2)使用 Scope (3)拓扑结构 (4)实时资源监控 (5)在线操作 (6)强大的搜索功能 2 ...

  6. Kubernetes学习之路(二十)之K8S组件运行原理详解总结

    目录 一.看图说K8S 二.K8S的概念和术语 三.K8S集群组件 1.Master组件 2.Node组件 3.核心附件 四.K8S的网络模型 五.Kubernetes的核心对象详解 1.Pod资源对 ...

  7. Kubernetes学习之路(四)之Node节点二进制部署

    K8S Node节点部署 1.部署kubelet (1)二进制包准备 [root@linux-node1 ~]# cd /usr/local/src/kubernetes/server/bin/ [r ...

  8. Kubernetes学习之路(八)之Kubeadm部署集群

    一.环境说明 节点名称 ip地址 部署说明 Pod 网段 Service网段 系统说明 k8s-master 192.168.56.11 docker.kubeadm.kubectl.kubelet ...

  9. Kubernetes学习之路(九)之kubernetes命令式快速创建应用

    1.使用命令kubectl run创建应用 语法: kubectl run NAME --image=image [--env="key=value"] [--port=port] ...

随机推荐

  1. oracle使用索引和不使用索引性能分析

    首先准备一张百万条数据的表,这样分析数据差距更形象! 下面用分页表数据对表进行分析,根据EMP_ID 字段排序,使用索引和不使用索引性能差距! sql查询语法准备,具体业务根据具体表书写sql语法: ...

  2. idea常用到的命令

    idea大小写转换:ctr+shift+u ctrl+alt+b,跳转到接口的方法实现处

  3. [翻译] USING GIT IN XCODE [4] 在XCODE中使用GIT[4]

    USING GIT IN XCODE LOOKING AT HISTORY Xcode provides a Versions editor, which has three different pe ...

  4. 检查windows系统支持的密码套件

    Windows 10客户端及Windows server 2016 服务器可以使用powershell 命令获得系统支持的密码套件列表,禁用启用相应的密码套件. #命令链接:https://techn ...

  5. Linux系统清除多余的账号

    清除多余的账号 注释掉/etc/passwd文件中nologin的行 grep 'nologin' /etc/passwd 注: 目前暂没想到用命令行替换,后面再想想

  6. 【转】什么是JavaScript

    转自mdn学习网站-什么是JavaScript 什么是JavaScript? 欢迎来到 MDN JavaScript 初学者的课程! 在第一篇文章中,我们将会站在一定的高度来俯看 JavaScript ...

  7. 《面向对象程序设计》c++第四次作业___calculator plus

    c++第四次作业 Calculator Plus git上的作业展示 Calculator 2.0 SourceCode in Git PS:这次作业orz感谢某同学用windows的dev c++帮 ...

  8. CSS控制图片和文字在同一行显示且对齐的3种方法

    CSS控制图片和文字在同一行显示且对齐的3种方法 在 HTML 代码中,有时会需要在文字旁边加上一个图标. 默认情况,是图片置顶对齐,文字置底对齐,所以通常图片高,文字低,不能水平居中对齐. 常见方法 ...

  9. MySQL管理.md

    用户管理 创建 举例 mysql> create user test@localhost identified by 'password'; Query OK, 0 rows affected ...

  10. 关于ssm框架使用mysql控制台出现警告问题

    使用MySQL时,总会时不时出现这种警告信息 警告信息:WARN: Establishing SSL connection without server's identity verification ...