一.部署Web UI(Dashboard)
1.解压包,进入目录
包就在之前的master部署组件里
这里里面kubernetes-server-linux-amd64.tar.gz
2.执行yaml文件
查看启动的pod,没在默认命名空间,在kube-system下
注:
其中dashboard-controller.yaml这个里面的dashboard镜像是国外的,如果慢,可以换成国内的镜像地址 image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
3.创建Dashboard服务
4.查看启动的Dashboard服务
外网访问的是端口是44721
5.设置登陆令牌,访问web界面
创建用户访问,绑定集群管理员,使用它产生的密钥
创建账户产生的token
查看token
复制token到页面上即可
二.coredns的安装
安装coredns的yaml文档可以在kubernetes的github上找到https://github.com/kubernetes/kubernetes/edit/master/cluster/addons/dns/coredns/coredns.yaml.sed
[[email protected] ~]# vim coredns.yaml
# Warning: This is a file generated from the base underscore template file: coredns.yaml.base
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources: - endpoints
- services
- pods
- namespaces
verbs: - list
- watch
- ""
- apiGroups:
- ""
resources: - nodes
verbs: -
get
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- ""
-
kind: ServiceAccount
name: coredns
namespace: kube-systemapiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.:53 {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
proxy . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:replicas: not specified here:
# 1. In order to make Addon Manager do not reconcile this replicas parameter. # 2. Default is 1. # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: ‘docker/default‘
spec:
serviceAccountName: coredns
tolerations:- key: "CriticalAddonsOnly"
operator: "Exists"
containers:- name: coredns
image: coredns/coredns:1.2.6
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: coredns
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports: - containerPort: 53
name: dns
protocol: UDP - containerPort: 53
name: dns-tcp
protocol: TCP - containerPort: 9153
name: metrics
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:- NET_BIND_SERVICE
drop: - all
readOnlyRootFilesystem: true
dnsPolicy: Default
volumes:
- NET_BIND_SERVICE
- name: config-volume
configMap:
name: coredns
items:-
key: Corefile
path: CorefileapiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.0.0.2
ports:- name: dns
port: 53
protocol: UDP - name: dns-tcp
port: 53
protocol: TCP
- name: dns
-
- key: "CriticalAddonsOnly"
1.部署coredns
2.查看部署dns结果
[[email protected] ~]# kubectl get pods -n kube-system
3.测试可以解析到集群里的服务
原文地址:http://blog.51cto.com/anfishr/2333300