k8s1.13.0二进制部署-Dashboard和coredns(五)
部署UI
下载yaml文件
https://github.com/kubernetes/kubernetes
[root@k8s-master1 ~]# git clone https://github.com/kubernetes/kubernetes.git
[root@k8s-master1 ~]# cd kubernetes/cluster/addons/dashboard/
[root@k8s-master1 dashboard]# ll
total
-rw-r--r-- root root Dec : dashboard-configmap.yaml
-rw-r--r-- root root Dec : dashboard-controller.yaml
-rw-r--r-- root root Dec : dashboard-rbac.yaml
-rw-r--r-- root root Dec : dashboard-secret.yaml
-rw-r--r-- root root Dec : dashboard-service.yaml
修改文件内容
默认kubernetes-dashboard是官网默认镜像地址,需要FQ,咱们这里用阿里云的镜像就可以。
.....
spec:
priorityClassName: system-cluster-critical
containers:
- name: kubernetes-dashboard
image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1
....
修改svc的类型
....
spec:
type: NodePort
selector:
k8s-app: kubernetes-dashboard
ports:
- port: 443
targetPort: 8443
nodePort: 30001
基于yaml创建
kubectl create -f dashboard-rbac.yaml
kubectl create -f dashboard-secret.yaml
kubectl create -f dashboard-configmap.yaml
kubectl create -f dashboard-controller.yaml
kubectl create -f dashboard-service.yaml
查看
[root@localhost dashboard]# kubectl get pod,svc,deploy -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/kubernetes-dashboard-7d5f7c58f5-6ggrv 1/1 Running 0 3m2s 172.17.50.2 192.168.0.221 <none> <none> NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes-dashboard NodePort 10.0.0.84 <none> 443:30001/TCP 88s k8s-app=kubernetes-dashboard NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.extensions/kubernetes-dashboard 1/1 1 1 3m2s kubernetes-dashboard registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 k8s-app=kubernetes-dashboard
创建角色绑定
[root@localhost dashboard]# vim k8s-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io [root@localhost dashboard]# kubectl apply -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin create
获取令牌
[root@localhost dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-token | awk '{print $1}')
Name: dashboard-admin-token-txkkz
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 7dbf9a60-805a-11e9-b018-525400828c1f
Type: kubernetes.io/service-account-token
Data
====
ca.crt: bytes
namespace: bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmbmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdHhra3oiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiN2RiZjlhNjAtODA1YS0xMWU5LWIwMTgtNTI1NDAwODI4YzFmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1Utc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.ccan7T6t7bGbvOaOOQKj_NYalEezlPz38CCYo6vuNi-FTYQ11HsRBZPcwJMdcRg0maKc-RR3S5JY9KLzhoZlHWSDjrD2CFoXa-1c8iWKYTxMuGiAwWFw_NhUZchoXIBRlCQTkOTNhVjmtKn82oV6OhyyCsgxNKN_5uWtpEREsNXS5AKMesQei9N7Vr5QdPRh3mDrNKPQstbzTN-EWgjjOXYdkeIsUghvh15uJ9bOXs1p0ket9_wgrPz6rdHhhSyv-JJLhk6h3EpnZnzLk659ejmOMv838MWC1KeTlUM7xnAcQPYYHsa59RBAdUcCczZhGACwn4AXWWxaDWBkyg
浏览器访问
解决谷歌浏览器不能显示
[root@localhost dashboard]# vim dashboard-csr.json
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size":
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
} #生成证书
[root@localhost dashboard]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem -ca-key=/opt/kubernetes/ssl/ca-key.pem -config=/opt/kubernetes/ssl/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard #删除secret
[root@localhost dashboard]# kubectl delete secret kubernetes-dashboard-certs -n kube-system
secret "kubernetes-dashboard-certs" deleted
[root@localhost dashboard]# kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
secret/kubernetes-dashboard-certs created #修改yaml文件,指定刚才生成的证书
[root@localhost dashboard]# vim dashboard-controller.yaml
....
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem
.... #重新部署
[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml
部署coredns
下载yaml文件:https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns/coredns
[root@k8s-master1 demo]# cat coredns.yaml
# Warning: This is a file generated from the base underscore template file: coredns.yaml.base apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.: {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :
proxy . /etc/resolv.conf
cache
loop
reload
loadbalance
}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
# replicas: not specified here:
# . In order to make Addon Manager do not reconcile this replicas parameter.
# . Default is .
# . Will be tuned in real time if DNS horizontal auto-scaling is turned on.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable:
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: "CriticalAddonsOnly"
operator: "Exists"
containers:
- name: coredns
image: coredns/coredns:1.2.
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports:
- containerPort:
name: dns
protocol: UDP
- containerPort:
name: dns-tcp
protocol: TCP
- containerPort:
name: metrics
protocol: TCP
livenessProbe:
httpGet:
path: /health
port:
scheme: HTTP
initialDelaySeconds:
timeoutSeconds:
successThreshold:
failureThreshold:
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: ""
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.0.0.2
ports:
- name: dns
port:
protocol: UDP
- name: dns-tcp
port:
protocol: TCP
创建pod
[root@k8s-master1 demo]# kubectl apply -f coredns.yaml
测试域名解析
[root@k8s-master1 demo]# kubectl run -it --image=busybox:1.28. --rm --restart=Never sh
If you don't see a command prompt, try pressing enter.
/ # nslookup kubernetes
Server: 10.0.0.2
Address : 10.0.0.2 kube-dns.kube-system.svc.cluster.local Name: kubernetes
Address : 10.0.0.1 kubernetes.default.svc.cluster.local
k8s1.13.0二进制部署-Dashboard和coredns(五)的更多相关文章
- k8s1.13.0二进制部署-node节点(四)
Master apiserver启用TLS认证后,Node节点kubelet组件想要加入集群,必须使用CA签发的有效证书才能与apiserver通信,当Node节点很多时,签署证书是一件很繁琐的事情, ...
- k8s1.13.0二进制部署-master节点(三)
部署apiserver 创建生成CSR的JSON配置文件 [root@k8s-master1 ssl]# vim kubernetes-csr.json { "CN": " ...
- k8s1.13.0二进制部署-ETCD集群(一)
Kubernetes集群中主要存在两种类型的节点:master.minion节点. Minion节点为运行 Docker容器的节点,负责和节点上运行的 Docker 进行交互,并且提供了代理功能.Ma ...
- k8s1.13.0二进制部署-flannel网络(二)
Flannel容器集群网络部署 Overlay Network:覆盖网络,在基础网络上叠加的一种虚拟网络技术模式,该网络中的主机通过虚拟链路连接起来.VXLAN:将源数据包封装到UDP中,并使用基础网 ...
- 高可用安装k8s1.13.0 --不能带cavisor、不能加cni ,带上这两个总是报错,kubelet无法启动
高可用安装k8s1.13.0 --不能带cavisor,总是报错,kubelet无法启动
- k8s二进制部署 - dashboard安装
配置资源清单rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard ...
- k8s1.20环境搭建部署(二进制版本)
1.前提知识 1.1 生产环境部署K8s集群的两种方式 kubeadm Kubeadm是一个K8s部署工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes集群 ...
- 【原】二进制部署 k8s 1.18.3
二进制部署 k8s 1.18.3 1.相关前置信息 1.1 版本信息 kube_version: v1.18.3 etcd_version: v3.4.9 flannel: v0.12.0 cored ...
- k8s-1.15.0集群部署+dashboard
环境:外网环境硬件master-centos7.4 2核4G node1-centos7.4 2核4Gnode2-centos7.4 2核4G软件:三台服务器 :docker-19. ...
随机推荐
- mui 关闭当前窗口
在提交表单的时候,我们都需要关闭表单.需要关闭当前打开的窗口. bit.alert('提交成功' + (result.category.needAudit ? ",请耐心等待管理员审核信息后 ...
- 文本主题抽取:用gensim训练LDA模型
得知李航老师的<统计学习方法>出了第二版,我第一时间就买了.看了这本书的目录,非常高兴,好家伙,居然把主题模型都写了,还有pagerank.一路看到了马尔科夫蒙特卡罗方法和LDA主题模型这 ...
- OVS调试介绍
基本概念 基本命令 ovs-vsctl # ovs-vsctl show 96a55a7e-f49c-4dbe-b359-bafdff2ccad7 Manager "ptcp:6640:92 ...
- SCUT - 205 - 饲养牛 - 最大流
https://scut.online/p/205 连着做所以一开始就觉得是网络流. 这种至多分配几次的很有网络流的特征. 一开始想从食物和饮料流向牛,但是怎么搞都不对. 其实可以从s流向食物,食物流 ...
- matplotlib画线(2)
这篇随笔是matplotlib画线的补充>>> #nocl参数控制图例中有几列,>>> import numpy as np>>> import ...
- sessionStorage二种存值取值的方法
//方法一 sessionStorage.setItem('id1','这是一个测试id1'); //存入一个值key:value console.log(sessionStorage.getItem ...
- OpenGL学习笔记——求值器和NURBS
http://codercdy.com/openglxue-xi-bi-ji-qiu-zhi-qi-he-nurbs/ 在最底层,图形硬件所绘制的是点.直线和多边形(通常是三角形和四边形).平滑的曲线 ...
- 洛谷P3768 简单的数学题(莫比乌斯反演+狄利克雷卷积+杜教筛)
传送门 不会…… 两篇加在一起都看不懂…… https://www.cnblogs.com/cellular-automaton/p/8241128.html https://www.luogu.or ...
- 多媒体文件嵌入HTML中自动转码工具
神器网址:https://iframely.com/embed 首先上传视频文件到服务器,视频管理网址平台 比如: https://wistia.com/ 然后进入到 iframely 网址.复制 ...
- wcf双工通信
一直以为感觉双工没弄懂,着实觉得很惆怅,在网上了解下双工的一些特点,直接上代码,以便以后项目中用的着: service层: 定义一个IDuplexHello服务接口 [ServiceContract( ...