Kubernetes学习之路(七)之Coredns和Dashboard二进制部署
一、CoreDNS部署
在 Cluster 中,除了可以通过 Cluster IP 访问 Service,Kubernetes 还提供了更为方便的 DNS 访问。
(1)编辑coredns.yaml文件
[root@linux-node1 ~]# vim coredns.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: coredns
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.: {
errors
health
kubernetes cluster.local. in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :
proxy . /etc/resolv.conf
cache
}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
replicas:
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable:
selector:
matchLabels:
k8s-app: coredns
template:
metadata:
labels:
k8s-app: coredns
spec:
serviceAccountName: coredns
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: "CriticalAddonsOnly"
operator: "Exists"
containers:
- name: coredns
image: coredns/coredns:1.0.
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: config-volume
mountPath: /etc/coredns
ports:
- containerPort:
name: dns
protocol: UDP
- containerPort:
name: dns-tcp
protocol: TCP
livenessProbe:
httpGet:
path: /health
port:
scheme: HTTP
initialDelaySeconds:
timeoutSeconds:
successThreshold:
failureThreshold:
dnsPolicy: Default
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
---
apiVersion: v1
kind: Service
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: coredns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: coredns
clusterIP: 10.1.0.2
ports:
- name: dns
port:
protocol: UDP
- name: dns-tcp
port:
protocol: TCP
(2)创建coredns
[root@linux-node1 ~]# kubectl create -f coredns.yaml
serviceaccount "coredns" created
clusterrole.rbac.authorization.k8s.io "system:coredns" created
clusterrolebinding.rbac.authorization.k8s.io "system:coredns" created
configmap "coredns" created
deployment.extensions "coredns" created
service "coredns" created
(3)查看coredns服务
[root@linux-node1 ~]# kubectl get deployment -n kube-system
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
coredns 1m
[root@linux-node1 ~]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
coredns ClusterIP 10.1.0.2 <none> /UDP,/TCP 1m [root@linux-node1 ~]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-77c989547b-d84n8 / Running 2m
coredns-77c989547b-j4ms2 / Running 2m
(4)Pod容器中进行域名解析测试
[root@linux-node1 ~]# kubectl run alpine --rm -ti --image=alpine -- /bin/sh
If you don't see a command prompt, try pressing enter. / # nslookup httpd-svc
nslookup: can't resolve '(null)': Name does not resolve Name: httpd-svc
Address : 10.1.230.129 / # wget httpd-svc:
Connecting to httpd-svc: (10.1.230.129:)
index.html % |********************************************************************************************************************************************| :: ETA
二、Dashboard部署
从github上下载dashboard的yaml文件:https://github.com/unixhot/salt-kubernetes
[root@linux-node1 dashboard]# ll
total
-rw-r--r-- root root Aug : admin-user-sa-rbac.yaml
-rw-r--r-- root root Aug : kubernetes-dashboard.yaml
-rw-r--r-- root root Aug : ui-admin-rbac.yaml
-rw-r--r-- root root Aug : ui-read-rbac.yaml [root@linux-node1 dashboard]# kubectl create -f .
serviceaccount "admin-user" created
clusterrolebinding.rbac.authorization.k8s.io "admin-user" created
secret "kubernetes-dashboard-certs" created
serviceaccount "kubernetes-dashboard" created
role.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created
rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created
deployment.apps "kubernetes-dashboard" created
service "kubernetes-dashboard" created
clusterrole.rbac.authorization.k8s.io "ui-admin" created
rolebinding.rbac.authorization.k8s.io "ui-admin-binding" created
clusterrole.rbac.authorization.k8s.io "ui-read" created
rolebinding.rbac.authorization.k8s.io "ui-read-binding" created [root@linux-node1 dashboard]# kubectl get pods -o wide -n kube-system
NAME READY STATUS RESTARTS AGE IP NODE
coredns-77c989547b-d84n8 / Running 55m 10.2.99.7 192.168.56.13
coredns-77c989547b-j4ms2 / Running 55m 10.2.76.6 192.168.56.12
kubernetes-dashboard-66c9d98865-mps22 / Running 4m 10.2.76.12 192.168.56.12 [root@linux-node1 dashboard]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
coredns ClusterIP 10.1.0.2 <none> /UDP,/TCP 56m
kubernetes-dashboard NodePort 10.1.234.201 <none> :/TCP 5m
从上可以看到kubernetes的dashboard服务的ip为:10.1.234.201,其映射到宿主机的端口为38974,由于master上没有部署kube-porxy,所以需要直接访问https://192.168.56.12:38974,如图:
选择令牌登陆,获取令牌的方法如下:
[root@linux-node1 dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-mz7p9
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name=admin-user
kubernetes.io/service-account.uid=c2a85113-acc9-11e8-a800-000c29ce4fa7
Type: kubernetes.io/service-account-token
Data
====
namespace: bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLW16N3A5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjMmE4NTExMy1hY2M5LTExZTgtYTgwMC0wMDBjMjljZTRmYTciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.V4aEkKDBcK4RkuXRzwdAyoJRBrxAnc8axLLxGCGiduwv5Qa0HFe2WQWtny6FI-MpUP-dzrxahWSwaFcKKvVdzfBuXTbnPDBkhcrpAuzDsL0vo-GwHAAl88n8yZ67QmBwPVWH2CBrrTwWqALAfR2wNKtrUEigg-qbTQ05slP8WmbeckfzHTeZpQqegO3fz0BNBrJqi2TFDaftPm_vWSEsPWzWE9AyvfiVwGrfc_mmzHpOyxXAQXQLxJunfklwt0kuENO6sRRJ2HGvZ6HnCGZYZj0p-kjh5uAv-q_X2cMPIAhXgH7gHdYeiSXvEGA2Qz6tBE2pgN6S4F_xj6b4JT7kAQ
ca.crt: bytes
点击登录后的界面如下:
Kubernetes学习之路(七)之Coredns和Dashboard二进制部署的更多相关文章
- Kubernetes学习之路(26)之kubeasz+ansible部署集群
目录 1.环境说明 2.准备工作 3.分步骤安装 3.1.创建证书和安装准备 3.2.安装etcd集群 3.3.安装docker 3.4.安装master节点 3.5.安装node节点 3.6.部署集 ...
- Kubernetes学习之路目录
Kubernetes基础篇 环境说明 版本说明 系统环境 Centos 7.2 Kubernetes版本 v1.11.2 Docker版本 v18.09 Kubernetes学习之路(一)之概念和架构 ...
- Kubernetes学习之路(十五)之Ingress和Ingress Controller
目录 一.什么是Ingress? 1.Pod 漂移问题 2.端口管理问题 3.域名分配及动态更新问题 二.如何创建Ingress资源 三.Ingress资源类型 1.单Service资源型Ingres ...
- Kubernetes学习之路(二十五)之Helm程序包管理器
目录 1.Helm的概念和架构 2.部署Helm (1)下载helm (2)部署Tiller 3.helm的使用 4.chart 目录结构 5.chart模板 6.定制安装MySQL chart (1 ...
- Kubernetes学习之路(二十三)之资源指标和集群监控
目录 1.资源指标和资源监控 2.Weave Scope监控集群 (1)Weave Scope部署 (2)使用 Scope (3)拓扑结构 (4)实时资源监控 (5)在线操作 (6)强大的搜索功能 2 ...
- Kubernetes学习之路(二十)之K8S组件运行原理详解总结
目录 一.看图说K8S 二.K8S的概念和术语 三.K8S集群组件 1.Master组件 2.Node组件 3.核心附件 四.K8S的网络模型 五.Kubernetes的核心对象详解 1.Pod资源对 ...
- Kubernetes学习之路(四)之Node节点二进制部署
K8S Node节点部署 1.部署kubelet (1)二进制包准备 [root@linux-node1 ~]# cd /usr/local/src/kubernetes/server/bin/ [r ...
- Kubernetes学习之路(八)之Kubeadm部署集群
一.环境说明 节点名称 ip地址 部署说明 Pod 网段 Service网段 系统说明 k8s-master 192.168.56.11 docker.kubeadm.kubectl.kubelet ...
- Kubernetes学习之路(九)之kubernetes命令式快速创建应用
1.使用命令kubectl run创建应用 语法: kubectl run NAME --image=image [--env="key=value"] [--port=port] ...
随机推荐
- 解决华为交换机S5700无法解除ip/Mac绑定的问题
今天同事离职,需要解除他的个人笔记本Mac与ip的绑定 首先进入系统用户视图,然后进入vlanif4,解除151绑定 system-view interface vlanif 4 undo dhcp ...
- 铁乐学Python_day05-字典dict
1.[字典dict] Python内置了字典:dict的支持,dict全称dictionary, 在其他语言中也称为map,使用键-值(key-value)存储,具有极快的查找速度. 字典和列表直观上 ...
- 51nod 1275 连续子段的差异
题目看这里 若[i,j]符合要求,那么[i,j]内的任何连续的子段都是符合要求的.我们可以枚举i,找到能合格的最远的j,然后ans+=(j-i+1). 那么问题就转换成了:在固定i的情况下,如何判断j ...
- fountion 的调用 和 打印返回值 + 占位符
结果: (2) 结果
- win10不错的快捷键
A I S number 左右 上下 , Win键 Open Action center. Open Settings. Open Search. Open the app pinned to t ...
- sql 模糊查询优化
在sql语句中使用 like模糊查询时,应该尽量避免%%,因为模糊查询是比较慢的,当出现这样的情况时,应该考虑优化. 举个例子:我在表中查询2012 年创建的记录 SELECT * FROM `com ...
- Java虚拟机15:运行期优化
前言 HotSpot采用的是解释器+编译器并存的架构,之前的这篇文章里面已经讲过了,本文只是把即时编译器这块再讲得具体一点而已.当然,其实本文的内容也没多大意义,90%都是概念上的东西,对于实际开发. ...
- Hadoop学习之路(二)Hadoop发展背景
Hadoop产生的背景 1. HADOOP最早起源于Nutch.Nutch的设计目标是构建一个大型的全网搜索引擎,包括网页抓取.索引.查询等功能,但随着抓取网页数量的增加,遇到了严重的可扩展性问题—— ...
- ajax调用webservice 跨域问题
用js或者jquery跨域调用接口时 对方的接口需要做jsonp处理,你的ajax jsonp调用才可以 egg 接口中已经做了jsonp处理,所以可以跨域调用 //$.ajax({ // url: ...
- etherlime-2-Etherlime Library API-deployer
Etherlime Library API 库API Deployer部署者 Deployer functionality The main functionality the deployer ex ...