Kubernetes学习之路(七)之Coredns和Dashboard二进制部署
一、CoreDNS部署
在 Cluster 中,除了可以通过 Cluster IP 访问 Service,Kubernetes 还提供了更为方便的 DNS 访问。
(1)编辑coredns.yaml文件
[root@linux-node1 ~]# vim coredns.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.: {
errors
health
kubernetes cluster.local. in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :
proxy . /etc/resolv.conf
cache
}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
replicas:
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable:
selector:
matchLabels:
k8s-app: coredns
template:
metadata:
labels:
k8s-app: coredns
spec:
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: "CriticalAddonsOnly"
operator: "Exists"
containers:
- name: coredns
image: coredns/coredns:1.0.
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
ports:
- containerPort:
name: dns
protocol: UDP
- containerPort:
name: dns-tcp
protocol: TCP
livenessProbe:
httpGet:
path: /health
port:
scheme: HTTP
initialDelaySeconds:
timeoutSeconds:
successThreshold:
failureThreshold:
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: coredns
clusterIP: 10.1.0.2
ports:
- name: dns
port:
protocol: UDP
- name: dns-tcp
port:
protocol: TCP
(2)创建coredns
[root@linux-node1 ~]# kubectl create -f coredns.yaml
serviceaccount "coredns" created
clusterrole.rbac.authorization.k8s.io "system:coredns" created
clusterrolebinding.rbac.authorization.k8s.io "system:coredns" created
configmap "coredns" created
deployment.extensions "coredns" created
service "coredns" created
(3)查看coredns服务
[root@linux-node1 ~]# kubectl get deployment -n kube-system
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
coredns 1m
[root@linux-node1 ~]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
coredns ClusterIP 10.1.0.2 <none> /UDP,/TCP 1m [root@linux-node1 ~]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-77c989547b-d84n8 / Running 2m
coredns-77c989547b-j4ms2 / Running 2m
(4)Pod容器中进行域名解析测试
[root@linux-node1 ~]# kubectl run alpine --rm -ti --image=alpine -- /bin/sh
If you don't see a command prompt, try pressing enter. / # nslookup httpd-svc
nslookup: can't resolve '(null)': Name does not resolve Name: httpd-svc
Address : 10.1.230.129 / # wget httpd-svc:
Connecting to httpd-svc: (10.1.230.129:)
index.html % |********************************************************************************************************************************************| :: ETA
二、Dashboard部署
从github上下载dashboard的yaml文件:https://github.com/unixhot/salt-kubernetes
[root@linux-node1 dashboard]# ll
total
-rw-r--r-- root root Aug : admin-user-sa-rbac.yaml
-rw-r--r-- root root Aug : kubernetes-dashboard.yaml
-rw-r--r-- root root Aug : ui-admin-rbac.yaml
-rw-r--r-- root root Aug : ui-read-rbac.yaml [root@linux-node1 dashboard]# kubectl create -f .
serviceaccount "admin-user" created
clusterrolebinding.rbac.authorization.k8s.io "admin-user" created
secret "kubernetes-dashboard-certs" created
serviceaccount "kubernetes-dashboard" created
role.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created
rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created
deployment.apps "kubernetes-dashboard" created
service "kubernetes-dashboard" created
clusterrole.rbac.authorization.k8s.io "ui-admin" created
rolebinding.rbac.authorization.k8s.io "ui-admin-binding" created
clusterrole.rbac.authorization.k8s.io "ui-read" created
rolebinding.rbac.authorization.k8s.io "ui-read-binding" created [root@linux-node1 dashboard]# kubectl get pods -o wide -n kube-system
NAME READY STATUS RESTARTS AGE IP NODE
coredns-77c989547b-d84n8 / Running 55m 10.2.99.7 192.168.56.13
coredns-77c989547b-j4ms2 / Running 55m 10.2.76.6 192.168.56.12
kubernetes-dashboard-66c9d98865-mps22 / Running 4m 10.2.76.12 192.168.56.12 [root@linux-node1 dashboard]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
coredns ClusterIP 10.1.0.2 <none> /UDP,/TCP 56m
kubernetes-dashboard NodePort 10.1.234.201 <none> :/TCP 5m
从上可以看到kubernetes的dashboard服务的ip为:10.1.234.201,其映射到宿主机的端口为38974,由于master上没有部署kube-porxy,所以需要直接访问https://192.168.56.12:38974,如图:
选择令牌登陆,获取令牌的方法如下:
[root@linux-node1 dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-mz7p9
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name=admin-user
kubernetes.io/service-account.uid=c2a85113-acc9-11e8-a800-000c29ce4fa7
Type: kubernetes.io/service-account-token
Data
====
namespace: bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLW16N3A5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjMmE4NTExMy1hY2M5LTExZTgtYTgwMC0wMDBjMjljZTRmYTciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.V4aEkKDBcK4RkuXRzwdAyoJRBrxAnc8axLLxGCGiduwv5Qa0HFe2WQWtny6FI-MpUP-dzrxahWSwaFcKKvVdzfBuXTbnPDBkhcrpAuzDsL0vo-GwHAAl88n8yZ67QmBwPVWH2CBrrTwWqALAfR2wNKtrUEigg-qbTQ05slP8WmbeckfzHTeZpQqegO3fz0BNBrJqi2TFDaftPm_vWSEsPWzWE9AyvfiVwGrfc_mmzHpOyxXAQXQLxJunfklwt0kuENO6sRRJ2HGvZ6HnCGZYZj0p-kjh5uAv-q_X2cMPIAhXgH7gHdYeiSXvEGA2Qz6tBE2pgN6S4F_xj6b4JT7kAQ
ca.crt: bytes
点击登录后的界面如下:
Kubernetes学习之路(七)之Coredns和Dashboard二进制部署的更多相关文章
- Kubernetes学习之路(26)之kubeasz+ansible部署集群
目录 1.环境说明 2.准备工作 3.分步骤安装 3.1.创建证书和安装准备 3.2.安装etcd集群 3.3.安装docker 3.4.安装master节点 3.5.安装node节点 3.6.部署集 ...
- Kubernetes学习之路目录
Kubernetes基础篇 环境说明 版本说明 系统环境 Centos 7.2 Kubernetes版本 v1.11.2 Docker版本 v18.09 Kubernetes学习之路(一)之概念和架构 ...
- Kubernetes学习之路(十五)之Ingress和Ingress Controller
目录 一.什么是Ingress? 1.Pod 漂移问题 2.端口管理问题 3.域名分配及动态更新问题 二.如何创建Ingress资源 三.Ingress资源类型 1.单Service资源型Ingres ...
- Kubernetes学习之路(二十五)之Helm程序包管理器
目录 1.Helm的概念和架构 2.部署Helm (1)下载helm (2)部署Tiller 3.helm的使用 4.chart 目录结构 5.chart模板 6.定制安装MySQL chart (1 ...
- Kubernetes学习之路(二十三)之资源指标和集群监控
目录 1.资源指标和资源监控 2.Weave Scope监控集群 (1)Weave Scope部署 (2)使用 Scope (3)拓扑结构 (4)实时资源监控 (5)在线操作 (6)强大的搜索功能 2 ...
- Kubernetes学习之路(二十)之K8S组件运行原理详解总结
目录 一.看图说K8S 二.K8S的概念和术语 三.K8S集群组件 1.Master组件 2.Node组件 3.核心附件 四.K8S的网络模型 五.Kubernetes的核心对象详解 1.Pod资源对 ...
- Kubernetes学习之路(四)之Node节点二进制部署
K8S Node节点部署 1.部署kubelet (1)二进制包准备 [root@linux-node1 ~]# cd /usr/local/src/kubernetes/server/bin/ [r ...
- Kubernetes学习之路(八)之Kubeadm部署集群
一.环境说明 节点名称 ip地址 部署说明 Pod 网段 Service网段 系统说明 k8s-master 192.168.56.11 docker.kubeadm.kubectl.kubelet ...
- Kubernetes学习之路(九)之kubernetes命令式快速创建应用
1.使用命令kubectl run创建应用 语法: kubectl run NAME --image=image [--env="key=value"] [--port=port] ...
随机推荐
- 细说C#继承
简介 继承(封装.多态)是面向对象编程三大特性之一,继承的思想就是摈弃代码的冗余,实现更好的重用性. 继承从字面上理解,无外乎让人想到某人继承某人的某些东西,一个给一个拿.这个语义在生活中,就像 家族 ...
- Oracle诊断工具 - ORA-1578 Troubleshooting Tool
Oracle support网站提供ORA-1578错误诊断工具:ORA-1578 Troubleshooting Tool. ORA-1578 Troubleshooting Tool根据分析上传的 ...
- [控件] ChangeColorLabel
ChangeColorLabel 效果 源码 // // ChangeColorLabel.h // YXMWeather // // Created by XianMingYou on 15/6/2 ...
- 前端 网络三剑客之html 02
html 四.表单标签 form标签: input系列:内敛标签 1.明文: 姓名:<input type="text" name="user" plac ...
- 面对对象程序设计_task2_C++视频教程
lessons about C++ 1月份的事情不该留到2月份来做,这几天看了几个地方的C++视频教程,不习惯于云课堂的话多等等,最终还是选择了慕课网上面的资源,也安下心来看了一些内容,下面附上课程详 ...
- 第一次项目冲刺(Alpha版本)2017/11/14
一.站立式会议 在宿舍进行了第一次会议 会议内容: 1.做了简单的分工 2.提出个人对任务是否有困难 3.规定完成时间在第三天之前 4.商量初步的代码规范 二.分工 三.任务分解图 四.燃尽图 五.数 ...
- 自定义input[type="checkbox"]的样式
对复选框自定义样式,我们以前一直用的脚本来实现,不过现在可以使用新的伪类 :checkbox 来实现. 如果直接对复选框设置样式,那么这个伪类并不实用,因为没有多少样式能够对复选框起作用.不过,倒是可 ...
- SGU---104 DP
题目链接: https://cn.vjudge.net/problem/SGU-104 题目大意: 假设你想以最美观的方式布置花店的橱窗,你有F束花,每束花的品种都不一样,同时,你至少有同样数量的花瓶 ...
- BZOJ 1305 dance跳舞 二分+最大流
题目链接: https://www.lydsy.com/JudgeOnline/problem.php?id=1305 题目大意: 一次舞会有n个男孩和n个女孩.每首曲子开始时,所有男孩和女孩恰好配成 ...
- acl 4 year statistics