k8s1.13.0二進制部署-Dashboard和coredns(五)

時間  2021-01-12
標籤 node git github docker json bootstrap vim api 瀏覽器 app 欄目 Git 简体版
原文   原文鏈接

部署UInode

下載yaml文件
https://github.com/kubernetes/kubernetesgit

[root@k8s-master1 ~]# git clone https://github.com/kubernetes/kubernetes.git
[root@k8s-master1 ~]# cd kubernetes/cluster/addons/dashboard/ [root@k8s-master1 dashboard]# ll total 32
-rw-r--r-- 1 root root  264 Dec 18 10:14 dashboard-configmap.yaml -rw-r--r-- 1 root root 1822 Dec 18 10:14 dashboard-controller.yaml -rw-r--r-- 1 root root 1353 Dec 18 10:14 dashboard-rbac.yaml -rw-r--r-- 1 root root  551 Dec 18 10:14 dashboard-secret.yaml -rw-r--r-- 1 root root  322 Dec 18 10:14 dashboard-service.yaml

修改文件內容github

默認kubernetes-dashboard是官網默認鏡像地址,須要FQ,我們這裏用阿里雲的鏡像就能夠。 ..... spec: priorityClassName: system-cluster-critical containers: - name: kubernetes-dashboard image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 .... 修改svc的類型 .... spec:
  type: NodePort
  selector:
    k8s-app: kubernetes-dashboard
  ports:
  - port: 443
    targetPort: 8443
    nodePort: 30001

基於yaml建立docker

kubectl create -f dashboard-rbac.yaml kubectl create -f dashboard-secret.yaml kubectl create -f dashboard-configmap.yaml kubectl create -f dashboard-controller.yaml kubectl create -f dashboard-service.yaml

查看json

[root@localhost dashboard]# kubectl get pod,svc,deploy -n kube-system -o wide
NAME                                        READY   STATUS    RESTARTS   AGE    IP            NODE            NOMINATED NODE   READINESS GATES
pod/kubernetes-dashboard-7d5f7c58f5-6ggrv   1/1     Running   0          3m2s   172.17.50.2   192.168.0.221   <none>           <none>

NAME                           TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE   SELECTOR
service/kubernetes-dashboard   NodePort   10.0.0.84    <none>        443:30001/TCP   88s   k8s-app=kubernetes-dashboard

NAME                                         READY   UP-TO-DATE   AVAILABLE   AGE    CONTAINERS             IMAGES                                                                                   SELECTOR
deployment.extensions/kubernetes-dashboard   1/1     1            1           3m2s   kubernetes-dashboard   registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1   k8s-app=kubernetes-dashboard

建立角色綁定bootstrap

[root@localhost dashboard]# vim k8s-admin.yaml apiVersion: v1 kind: ServiceAccount metadata: name: dashboard-admin namespace: kube-system --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: dashboard-admin subjects: - kind: ServiceAccount name: dashboard-admin namespace: kube-system roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io

[root@localhost dashboard]# kubectl apply -f k8s-admin.yaml 
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin create

獲取令牌vim

[root@localhost dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-token | awk '{print $1}') Name: dashboard-admin-token-txkkz Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: dashboard-admin kubernetes.io/service-account.uid: 7dbf9a60-805a-11e9-b018-525400828c1f Type: kubernetes.io/service-account-token Data ==== ca.crt: 1359 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmbmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdHhra3oiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiN2RiZjlhNjAtODA1YS0xMWU5LWIwMTgtNTI1NDAwODI4YzFmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1Utc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.ccan7T6t7bGbvOaOOQKj_NYalEezlPz38CCYo6vuNi-FTYQ11HsRBZPcwJMdcRg0maKc-RR3S5JY9KLzhoZlHWSDjrD2CFoXa-1c8iWKYTxMuGiAwWFw_NhUZchoXIBRlCQTkOTNhVjmtKn82oV6OhyyCsgxNKN_5uWtpEREsNXS5AKMesQei9N7Vr5QdPRh3mDrNKPQstbzTN-EWgjjOXYdkeIsUghvh15uJ9bOXs1p0ket9_wgrPz6rdHhhSyv-JJLhk6h3EpnZnzLk659ejmOMv838MWC1KeTlUM7xnAcQPYYHsa59RBAdUcCczZhGACwn4AXWWxaDWBkyg

瀏覽器訪問api

解決谷歌瀏覽器不能顯示瀏覽器

[root@localhost dashboard]# vim dashboard-csr.json { "CN": "Dashboard", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "BeiJing", "ST": "BeiJing" } ] } #生成證書 [root@localhost dashboard]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem -ca-key=/opt/kubernetes/ssl/ca-key.pem -config=/opt/kubernetes/ssl/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard #刪除secret [root@localhost dashboard]# kubectl delete secret kubernetes-dashboard-certs -n kube-system secret "kubernetes-dashboard-certs" deleted [root@localhost dashboard]# kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system secret/kubernetes-dashboard-certs created #修改yaml文件,指定剛纔生成的證書 [root@localhost dashboard]# vim dashboard-controller.yaml .... args: # PLATFORM-SPECIFIC ARGS HERE - --auto-generate-certificates - --tls-key-file=dashboard-key.pem - --tls-cert-file=dashboard.pem .... #從新部署 [root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml

 

 部署coredns

下載yaml文件:https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns/corednsapp

[root@k8s-master1 demo]# cat coredns.yaml # Warning: This is a file generated from the base underscore template file: coredns.yaml.base apiVersion: v1 kind: ServiceAccount metadata: name: coredns namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: kubernetes.io/bootstrapping: rbac-defaults addonmanager.kubernetes.io/mode: Reconcile name: system:coredns rules: - apiGroups: - "" resources: - endpoints - services - pods - namespaces verbs: - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" labels: kubernetes.io/bootstrapping: rbac-defaults addonmanager.kubernetes.io/mode: EnsureExists name: system:coredns roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:coredns subjects: - kind: ServiceAccount name: coredns namespace: kube-system --- apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system labels: addonmanager.kubernetes.io/mode: EnsureExists data: Corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure upstream fallthrough in-addr.arpa ip6.arpa } prometheus :9153 proxy . /etc/resolv.conf cache 30 loop reload loadbalance } --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: coredns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "CoreDNS" spec: # replicas: not specified here: # 1. In order to make Addon Manager do not reconcile this replicas parameter. # 2. Default is 1. # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 selector: matchLabels: k8s-app: kube-dns template: metadata: labels: k8s-app: kube-dns annotations: seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: coredns tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - key: "CriticalAddonsOnly" operator: "Exists" containers: - name: coredns image: coredns/coredns:1.2.6 imagePullPolicy: IfNotPresent resources: limits: memory: 170Mi requests: cpu: 100m memory: 70Mi args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: - name: config-volume mountPath: /etc/coredns readOnly: true ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP - containerPort: 9153 name: metrics protocol: TCP livenessProbe: httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_BIND_SERVICE drop: - all readOnlyRootFilesystem: true dnsPolicy: Default volumes: - name: config-volume configMap: name: coredns items: - key: Corefile path: Corefile --- apiVersion: v1 kind: Service metadata: name: kube-dns namespace: kube-system annotations: prometheus.io/port: "9153" prometheus.io/scrape: "true" labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "CoreDNS" spec: selector: k8s-app: kube-dns clusterIP: 10.0.0.2 ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53 protocol: TCP
View Code

建立pod

[root@k8s-master1 demo]# kubectl apply -f coredns.yaml

測試域名解析

[root@k8s-master1 demo]# kubectl run -it --image=busybox:1.28.4 --rm --restart=Never sh If you don't see a command prompt, try pressing enter.
/ # nslookup kubernetes Server: 10.0.0.2 Address 1: 10.0.0.2 kube-dns.kube-system.svc.cluster.local Name: kubernetes Address 1: 10.0.0.1 kubernetes.default.svc.cluster.local
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程