k8s1.13.0二进制部署-Dashboard和coredns(五)
部署UI
下载yaml文件
https://github.com/kubernetes/kubernetes
[root@k8s-master1 ~]# git clone https://github.com/kubernetes/kubernetes.git
[root@k8s-master1 ~]# cd kubernetes/cluster/addons/dashboard/
[root@k8s-master1 dashboard]# ll
total
-rw-r--r-- root root Dec : dashboard-configmap.yaml
-rw-r--r-- root root Dec : dashboard-controller.yaml
-rw-r--r-- root root Dec : dashboard-rbac.yaml
-rw-r--r-- root root Dec : dashboard-secret.yaml
-rw-r--r-- root root Dec : dashboard-service.yaml
修改文件内容
默认kubernetes-dashboard是官网默认镜像地址,需要FQ,咱们这里用阿里云的镜像就可以。
.....
spec:
priorityClassName: system-cluster-critical
containers:
- name: kubernetes-dashboard
image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1
....
修改svc的类型
....
spec:
type: NodePort
selector:
k8s-app: kubernetes-dashboard
ports:
- port: 443
targetPort: 8443
nodePort: 30001
基于yaml创建
kubectl create -f dashboard-rbac.yaml
kubectl create -f dashboard-secret.yaml
kubectl create -f dashboard-configmap.yaml
kubectl create -f dashboard-controller.yaml
kubectl create -f dashboard-service.yaml
查看
[root@localhost dashboard]# kubectl get pod,svc,deploy -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/kubernetes-dashboard-7d5f7c58f5-6ggrv 1/1 Running 0 3m2s 172.17.50.2 192.168.0.221 <none> <none> NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes-dashboard NodePort 10.0.0.84 <none> 443:30001/TCP 88s k8s-app=kubernetes-dashboard NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.extensions/kubernetes-dashboard 1/1 1 1 3m2s kubernetes-dashboard registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 k8s-app=kubernetes-dashboard
创建角色绑定
[root@localhost dashboard]# vim k8s-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io [root@localhost dashboard]# kubectl apply -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin create
获取令牌
[root@localhost dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-token | awk '{print $1}')
Name: dashboard-admin-token-txkkz
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 7dbf9a60-805a-11e9-b018-525400828c1f
Type: kubernetes.io/service-account-token
Data
====
ca.crt: bytes
namespace: bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmbmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdHhra3oiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiN2RiZjlhNjAtODA1YS0xMWU5LWIwMTgtNTI1NDAwODI4YzFmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1Utc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.ccan7T6t7bGbvOaOOQKj_NYalEezlPz38CCYo6vuNi-FTYQ11HsRBZPcwJMdcRg0maKc-RR3S5JY9KLzhoZlHWSDjrD2CFoXa-1c8iWKYTxMuGiAwWFw_NhUZchoXIBRlCQTkOTNhVjmtKn82oV6OhyyCsgxNKN_5uWtpEREsNXS5AKMesQei9N7Vr5QdPRh3mDrNKPQstbzTN-EWgjjOXYdkeIsUghvh15uJ9bOXs1p0ket9_wgrPz6rdHhhSyv-JJLhk6h3EpnZnzLk659ejmOMv838MWC1KeTlUM7xnAcQPYYHsa59RBAdUcCczZhGACwn4AXWWxaDWBkyg
浏览器访问
解决谷歌浏览器不能显示
[root@localhost dashboard]# vim dashboard-csr.json
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size":
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
} #生成证书
[root@localhost dashboard]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem -ca-key=/opt/kubernetes/ssl/ca-key.pem -config=/opt/kubernetes/ssl/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard #删除secret
[root@localhost dashboard]# kubectl delete secret kubernetes-dashboard-certs -n kube-system
secret "kubernetes-dashboard-certs" deleted
[root@localhost dashboard]# kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
secret/kubernetes-dashboard-certs created #修改yaml文件,指定刚才生成的证书
[root@localhost dashboard]# vim dashboard-controller.yaml
....
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem
.... #重新部署
[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml
部署coredns
下载yaml文件:https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns/coredns
[root@k8s-master1 demo]# cat coredns.yaml
# Warning: This is a file generated from the base underscore template file: coredns.yaml.base apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.: {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :
proxy . /etc/resolv.conf
cache
loop
reload
loadbalance
}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
# replicas: not specified here:
# . In order to make Addon Manager do not reconcile this replicas parameter.
# . Default is .
# . Will be tuned in real time if DNS horizontal auto-scaling is turned on.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable:
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: "CriticalAddonsOnly"
operator: "Exists"
containers:
- name: coredns
image: coredns/coredns:1.2.
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort:
name: dns
protocol: UDP
- containerPort:
name: dns-tcp
protocol: TCP
- containerPort:
name: metrics
protocol: TCP
livenessProbe:
httpGet:
path: /health
port:
scheme: HTTP
initialDelaySeconds:
timeoutSeconds:
successThreshold:
failureThreshold:
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: ""
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.0.0.2
ports:
- name: dns
port:
protocol: UDP
- name: dns-tcp
port:
protocol: TCP
创建pod
[root@k8s-master1 demo]# kubectl apply -f coredns.yaml
测试域名解析
[root@k8s-master1 demo]# kubectl run -it --image=busybox:1.28. --rm --restart=Never sh
If you don't see a command prompt, try pressing enter.
/ # nslookup kubernetes
Server: 10.0.0.2
Address : 10.0.0.2 kube-dns.kube-system.svc.cluster.local Name: kubernetes
Address : 10.0.0.1 kubernetes.default.svc.cluster.local
k8s1.13.0二进制部署-Dashboard和coredns(五)的更多相关文章
- k8s1.13.0二进制部署-node节点(四)
Master apiserver启用TLS认证后,Node节点kubelet组件想要加入集群,必须使用CA签发的有效证书才能与apiserver通信,当Node节点很多时,签署证书是一件很繁琐的事情, ...
- k8s1.13.0二进制部署-master节点(三)
部署apiserver 创建生成CSR的JSON配置文件 [root@k8s-master1 ssl]# vim kubernetes-csr.json { "CN": " ...
- k8s1.13.0二进制部署-ETCD集群(一)
Kubernetes集群中主要存在两种类型的节点:master.minion节点. Minion节点为运行 Docker容器的节点,负责和节点上运行的 Docker 进行交互,并且提供了代理功能.Ma ...
- k8s1.13.0二进制部署-flannel网络(二)
Flannel容器集群网络部署 Overlay Network:覆盖网络,在基础网络上叠加的一种虚拟网络技术模式,该网络中的主机通过虚拟链路连接起来.VXLAN:将源数据包封装到UDP中,并使用基础网 ...
- 高可用安装k8s1.13.0 --不能带cavisor、不能加cni ,带上这两个总是报错,kubelet无法启动
高可用安装k8s1.13.0 --不能带cavisor,总是报错,kubelet无法启动
- k8s二进制部署 - dashboard安装
配置资源清单rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard ...
- k8s1.20环境搭建部署(二进制版本)
1.前提知识 1.1 生产环境部署K8s集群的两种方式 kubeadm Kubeadm是一个K8s部署工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes集群 ...
- 【原】二进制部署 k8s 1.18.3
二进制部署 k8s 1.18.3 1.相关前置信息 1.1 版本信息 kube_version: v1.18.3 etcd_version: v3.4.9 flannel: v0.12.0 cored ...
- k8s-1.15.0集群部署+dashboard
环境:外网环境硬件master-centos7.4 2核4G node1-centos7.4 2核4Gnode2-centos7.4 2核4G软件:三台服务器 :docker-19. ...
随机推荐
- PHP之递归函数
https://www.cnsecer.com/4146.html http://www.jb51.net/article/71424.htm //一列数字的规则如下:1,1,2,3,5,8,13,2 ...
- Unity5.5 Lighting Scene
参考:https://docs.unity3d.com/Manual/GlobalIllumination.html Environment Lighting(环境光) Skybox: 天空盒材质,这 ...
- redis单机上部署集群
一.安装单机redis redis的安装:版本至少是3.2.8及其以上,这里以3.2.8版本为例说明 1.安装redis wget http://download.redis.io/releases ...
- argparse 在深度学习中的应用
argparse 介绍 argparse模块主要用来为脚本传递命令参数功能,使他们更加灵活. 代码: parser = argparse.ArgumentParser() #建立解析器,必须写 par ...
- ORA-01950:表空间“USERS”中无权限
ORA-01950:表空间“USERS”中无权限 解决方案: A)确认给用户授权了resource角色 B)取消限制 ALTER USER "HCCPMS" QUOTA UNLIM ...
- 用Java创建JMeter变量 - 终极指南
了解如何在Java中创建不同类型的JMeter变量,不同变量类型的详细信息以及如何避免错误. 在Apache JMeter™中编写负载或功能测试涉及使用不同类型的变量.变量有多种用途,例如,在以下情况 ...
- safari不支持new Date函数
最近在做移动Web的时候,在PC上用Chrome调试都成功了,但是在iPhone上真机一测就出现了奇怪的问题.经过一系列调试发现是日期相关的地方出现了问题.起初怀疑是生产环境的问题,但用Mac版的sa ...
- Python网络编程之基础
计算机网络基础 网络到底是什么?计算机之间如何通信的? 早期:联机 以太网:局域网与交换机 ******广播 主机之间“一对所有”的通讯模式,网络对其中每一台主机发出的信号都进行无条件复制并转发, 所 ...
- Django之Form组件归类
目录: Django内置字段 Django内置插件 常用选择插件 创建Form类时,主要涉及到 [字段] 和 [插件],字段用于对用户请求数据的验证,插件用于自动生成HTML; Field requi ...
- Jenkins执行yarn install报错:error An unexpected error occurred:"... ... :Unexpected end of JSON input"
解决方式: # cd /usr/local/n/versions/node/11.6.0/lib/(node的安装目录下) # rm -rf node_modules # yarn cache cle ...