• 一、CoreDNS部署

在 Cluster 中,除了可以通过 Cluster IP 访问 Service,Kubernetes 还提供了更为方便的 DNS 访问。

(1)编辑coredns.yaml文件

[root@linux-node1 ~]# vim coredns.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

  name: coredns

  namespace: kube-system

  labels:

      kubernetes.io/cluster-service: "true"

      addonmanager.kubernetes.io/mode: Reconcile

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

    addonmanager.kubernetes.io/mode: Reconcile

  name: system:coredns

rules:

- apiGroups:

  - ""

  resources:

  - endpoints

  - services

  - pods

  - namespaces

  verbs:

  - list

  - watch

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

    addonmanager.kubernetes.io/mode: EnsureExists

  name: system:coredns

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: system:coredns

subjects:

- kind: ServiceAccount

  name: coredns

  namespace: kube-system

---

apiVersion: v1

kind: ConfigMap

metadata:

  name: coredns

  namespace: kube-system

  labels:

      addonmanager.kubernetes.io/mode: EnsureExists

data:

  Corefile: |

    .: {

        errors

        health

        kubernetes cluster.local. in-addr.arpa ip6.arpa {

            pods insecure

            upstream

            fallthrough in-addr.arpa ip6.arpa

        }

        prometheus :

        proxy . /etc/resolv.conf

        cache

    }

---

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: coredns

  namespace: kube-system

  labels:

    k8s-app: coredns

    kubernetes.io/cluster-service: "true"

    addonmanager.kubernetes.io/mode: Reconcile

    kubernetes.io/name: "CoreDNS"

spec:

  replicas:

  strategy:

    type: RollingUpdate

    rollingUpdate:

      maxUnavailable:

  selector:

    matchLabels:

      k8s-app: coredns

  template:

    metadata:

      labels:

        k8s-app: coredns

    spec:

      serviceAccountName: coredns

      tolerations:

        - key: node-role.kubernetes.io/master

          effect: NoSchedule

        - key: "CriticalAddonsOnly"

          operator: "Exists"

      containers:

      - name: coredns

        image: coredns/coredns:1.0.

        imagePullPolicy: IfNotPresent

        resources:

          limits:

            memory: 170Mi

          requests:

            cpu: 100m

            memory: 70Mi

        args: [ "-conf", "/etc/coredns/Corefile" ]

        volumeMounts:

        - name: config-volume

          mountPath: /etc/coredns

        ports:

        - containerPort:

          name: dns

          protocol: UDP

        - containerPort:

          name: dns-tcp

          protocol: TCP

        livenessProbe:

          httpGet:

            path: /health

            port:

            scheme: HTTP

          initialDelaySeconds:

          timeoutSeconds:

          successThreshold:

          failureThreshold:

      dnsPolicy: Default

      volumes:

        - name: config-volume

          configMap:

            name: coredns

            items:

            - key: Corefile

              path: Corefile

---

apiVersion: v1

kind: Service

metadata:

  name: coredns

  namespace: kube-system

  labels:

    k8s-app: coredns

    kubernetes.io/cluster-service: "true"

    addonmanager.kubernetes.io/mode: Reconcile

    kubernetes.io/name: "CoreDNS"

spec:

  selector:

    k8s-app: coredns

  clusterIP: 10.1.0.2

  ports:

  - name: dns

    port:

    protocol: UDP

  - name: dns-tcp

    port:

    protocol: TCP

(2)创建coredns

[root@linux-node1 ~]# kubectl create -f coredns.yaml

serviceaccount "coredns" created

clusterrole.rbac.authorization.k8s.io "system:coredns" created

clusterrolebinding.rbac.authorization.k8s.io "system:coredns" created

configmap "coredns" created

deployment.extensions "coredns" created

service "coredns" created

(3)查看coredns服务

[root@linux-node1 ~]# kubectl get deployment -n kube-system

NAME      DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE

coredns                                            1m

[root@linux-node1 ~]# kubectl get svc -n kube-system

NAME      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE

coredns   ClusterIP   10.1.0.2     <none>        /UDP,/TCP   1m

[root@linux-node1 ~]# kubectl get pod -n kube-system

NAME                       READY     STATUS    RESTARTS   AGE

coredns-77c989547b-d84n8   /       Running             2m

coredns-77c989547b-j4ms2   /       Running             2m

(4)Pod容器中进行域名解析测试

[root@linux-node1 ~]# kubectl run alpine --rm -ti --image=alpine -- /bin/sh

If you don't see a command prompt, try pressing enter.

/ # nslookup httpd-svc

nslookup: can't resolve '(null)': Name does not resolve

Name:      httpd-svc

Address : 10.1.230.129

/ # wget httpd-svc:

Connecting to httpd-svc: (10.1.230.129:)

index.html           % |********************************************************************************************************************************************|       :: ETA

  • 二、Dashboard部署

从github上下载dashboard的yaml文件:https://github.com/unixhot/salt-kubernetes

[root@linux-node1 dashboard]# ll

total

-rw-r--r--  root root   Aug  : admin-user-sa-rbac.yaml

-rw-r--r--  root root  Aug  : kubernetes-dashboard.yaml

-rw-r--r--  root root   Aug  : ui-admin-rbac.yaml

-rw-r--r--  root root   Aug  : ui-read-rbac.yaml

[root@linux-node1 dashboard]# kubectl create -f .

serviceaccount "admin-user" created

clusterrolebinding.rbac.authorization.k8s.io "admin-user" created

secret "kubernetes-dashboard-certs" created

serviceaccount "kubernetes-dashboard" created

role.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created

rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created

deployment.apps "kubernetes-dashboard" created

service "kubernetes-dashboard" created

clusterrole.rbac.authorization.k8s.io "ui-admin" created

rolebinding.rbac.authorization.k8s.io "ui-admin-binding" created

clusterrole.rbac.authorization.k8s.io "ui-read" created

rolebinding.rbac.authorization.k8s.io "ui-read-binding" created

[root@linux-node1 dashboard]# kubectl get pods  -o wide -n kube-system

NAME                                    READY     STATUS    RESTARTS   AGE       IP           NODE

coredns-77c989547b-d84n8                /       Running             55m       10.2.99.7    192.168.56.13

coredns-77c989547b-j4ms2                /       Running             55m       10.2.76.6    192.168.56.12

kubernetes-dashboard-66c9d98865-mps22   /       Running             4m        10.2.76.12   192.168.56.12

[root@linux-node1 dashboard]# kubectl get svc -n kube-system

NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE

coredns                ClusterIP   10.1.0.2       <none>        /UDP,/TCP   56m

kubernetes-dashboard   NodePort    10.1.234.201   <none>        :/TCP   5m

从上可以看到kubernetes的dashboard服务的ip为:10.1.234.201,其映射到宿主机的端口为38974,由于master上没有部署kube-porxy,所以需要直接访问https://192.168.56.12:38974,如图:

选择令牌登陆,获取令牌的方法如下:

[root@linux-node1 dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

Name:         admin-user-token-mz7p9

Namespace:    kube-system

Labels:       <none>

Annotations:  kubernetes.io/service-account.name=admin-user

              kubernetes.io/service-account.uid=c2a85113-acc9-11e8-a800-000c29ce4fa7

Type:  kubernetes.io/service-account-token

Data

====

namespace:   bytes

token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLW16N3A5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjMmE4NTExMy1hY2M5LTExZTgtYTgwMC0wMDBjMjljZTRmYTciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.V4aEkKDBcK4RkuXRzwdAyoJRBrxAnc8axLLxGCGiduwv5Qa0HFe2WQWtny6FI-MpUP-dzrxahWSwaFcKKvVdzfBuXTbnPDBkhcrpAuzDsL0vo-GwHAAl88n8yZ67QmBwPVWH2CBrrTwWqALAfR2wNKtrUEigg-qbTQ05slP8WmbeckfzHTeZpQqegO3fz0BNBrJqi2TFDaftPm_vWSEsPWzWE9AyvfiVwGrfc_mmzHpOyxXAQXQLxJunfklwt0kuENO6sRRJ2HGvZ6HnCGZYZj0p-kjh5uAv-q_X2cMPIAhXgH7gHdYeiSXvEGA2Qz6tBE2pgN6S4F_xj6b4JT7kAQ

ca.crt:      bytes 

点击登录后的界面如下:

Kubernetes学习之路(七)之Coredns和Dashboard二进制部署的更多相关文章

  1. Kubernetes学习之路(26)之kubeasz+ansible部署集群

    目录 1.环境说明 2.准备工作 3.分步骤安装 3.1.创建证书和安装准备 3.2.安装etcd集群 3.3.安装docker 3.4.安装master节点 3.5.安装node节点 3.6.部署集 ...

  2. Kubernetes学习之路目录

    Kubernetes基础篇 环境说明 版本说明 系统环境 Centos 7.2 Kubernetes版本 v1.11.2 Docker版本 v18.09 Kubernetes学习之路(一)之概念和架构 ...

  3. Kubernetes学习之路(十五)之Ingress和Ingress Controller

    目录 一.什么是Ingress? 1.Pod 漂移问题 2.端口管理问题 3.域名分配及动态更新问题 二.如何创建Ingress资源 三.Ingress资源类型 1.单Service资源型Ingres ...

  4. Kubernetes学习之路(二十五)之Helm程序包管理器

    目录 1.Helm的概念和架构 2.部署Helm (1)下载helm (2)部署Tiller 3.helm的使用 4.chart 目录结构 5.chart模板 6.定制安装MySQL chart (1 ...

  5. Kubernetes学习之路(二十三)之资源指标和集群监控

    目录 1.资源指标和资源监控 2.Weave Scope监控集群 (1)Weave Scope部署 (2)使用 Scope (3)拓扑结构 (4)实时资源监控 (5)在线操作 (6)强大的搜索功能 2 ...

  6. Kubernetes学习之路(二十)之K8S组件运行原理详解总结

    目录 一.看图说K8S 二.K8S的概念和术语 三.K8S集群组件 1.Master组件 2.Node组件 3.核心附件 四.K8S的网络模型 五.Kubernetes的核心对象详解 1.Pod资源对 ...

  7. Kubernetes学习之路(四)之Node节点二进制部署

    K8S Node节点部署 1.部署kubelet (1)二进制包准备 [root@linux-node1 ~]# cd /usr/local/src/kubernetes/server/bin/ [r ...

  8. Kubernetes学习之路(八)之Kubeadm部署集群

    一.环境说明 节点名称 ip地址 部署说明 Pod 网段 Service网段 系统说明 k8s-master 192.168.56.11 docker.kubeadm.kubectl.kubelet ...

  9. Kubernetes学习之路(九)之kubernetes命令式快速创建应用

    1.使用命令kubectl run创建应用 语法: kubectl run NAME --image=image [--env="key=value"] [--port=port] ...

随机推荐

  1. 使用ASP.Net WebAPI构建REST服务——客户端

    原文的链接:http://www.cnblogs.com/TianFang/p/3724449.html WebAPI是标准的Http协议,支持Http协议的客户端(如浏览器)都可以访问.但是,有的时 ...

  2. Mybatis将结果放入map时别名不是驼峰形式

    查询时如果给字段起别名,并且将查询结果映射到一个Map,那么Map的key将是忽略大小写的.映射到一个实体类是没这个问题的. state as addState 从Map中取值时应该:map.get( ...

  3. [翻译] SCRecorder

    SCRecorder https://github.com/rFlex/SCRecorder An easy Vine/Instagram like video and/or audio record ...

  4. MagicalRecord使用中的注意事项

    MagicalRecord使用中的注意事项 使用CoreData [1] 使用CoreData [2] 使用CoreData [3] 使用CoreData [4] 使用MagicalRecord操作C ...

  5. Python学习---爬虫学习[scrapy框架初识]

    Scrapy Scrapy是一个框架,可以帮助我们进行创建项目,运行项目,可以帮我们下载,解析网页,同时支持cookies和自定义其他功能. Scrapy是一个为了爬取网站数据,提取结构性数据而编写的 ...

  6. windows 查看端口号,杀进程

    查看端口号: 开始--运行--cmd netstat –and 杀进程: windows任务管理器         查看--显示列-PID 相关知识: 一台机器的80端口被httpd (apache) ...

  7. TITLE: BizTalk Server 2013 Administration Console

    TITLE: BizTalk Server 2013 Administration Console------------------------------ Could not store tran ...

  8. ssh连接CentOS7服务器

    ssh原理: ssh是一种专为远程登陆会话和其他网络服务提供安全性的协议,主要用于远程登陆. ssh采用公钥加密,在远程连接时,远程主机接收到用户的登录请求,将自己的公钥发送给用户,用户使用这个公钥将 ...

  9. 基于easyui开发Web版Activiti流程定制器详解(二)——文件列表

    上一篇我们介绍了目录结构,这篇给大家整理一个文件列表以及详细说明,方便大家查找文件. 由于设计器文件主要保存在wf/designer和js/designer目录下,所以主要针对这两个目录进行详细说明. ...

  10. OOP——构造函数、析构函数

    我们在创建和销毁对象时需要执行一些任务.例如,在创建对象时给属性赋值,在对象销毁时关闭数据连接等,这时就需要构造函数和析构函数. 在PHP中构造函数和析构函数是固定的,如下: // 构造函数 func ...