Kubernetes学习之路(七)之Coredns和Dashboard二进制部署

By | 2021年7月6日
目录
[隐藏]
  • 一、CoreDNS部署

在 Cluster 中,除了可以通过 Cluster IP 访问 Service,Kubernetes 还提供了更为方便的 DNS 访问。

(1)编辑coredns.yaml文件

View Code

(2)创建coredns

[root@linux-node1 ~]# kubectl create -f coredns.yaml 
serviceaccount "coredns" created
clusterrole.rbac.authorization.k8s.io "system:coredns" created
clusterrolebinding.rbac.authorization.k8s.io "system:coredns" created
configmap "coredns" created
deployment.extensions "coredns" created
service "coredns" created

(3)查看coredns服务

[root@linux-node1 ~]# kubectl get deployment -n kube-system
NAME      DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
coredns   2         2         2            0           1m
[root@linux-node1 ~]# kubectl get svc -n kube-system
NAME      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
coredns   ClusterIP   10.1.0.2     <none>        53/UDP,53/TCP   1m

[root@linux-node1 ~]# kubectl get pod -n kube-system
NAME                       READY     STATUS    RESTARTS   AGE
coredns-77c989547b-d84n8   1/1       Running   0          2m
coredns-77c989547b-j4ms2   1/1       Running   0          2m

(4)Pod容器中进行域名解析测试

[root@linux-node1 ~]# kubectl run alpine --rm -ti --image=alpine -- /bin/sh
If you don't see a command prompt, try pressing enter.

/ # nslookup httpd-svc
nslookup: can't resolve '(null)': Name does not resolve

Name:      httpd-svc
Address 1: 10.1.230.129

/ # wget httpd-svc:8080
Connecting to httpd-svc:8080 (10.1.230.129:8080)
index.html           100% |********************************************************************************************************************************************|    45   0:00:00 ETA
  • 二、Dashboard部署

从github上下载dashboard的yaml文件:https://github.com/unixhot/salt-kubernetes

[root@linux-node1 dashboard]# ll
total 20
-rw-r--r-- 1 root root  357 Aug 22 09:26 admin-user-sa-rbac.yaml
-rw-r--r-- 1 root root 4901 Aug 22 09:26 kubernetes-dashboard.yaml
-rw-r--r-- 1 root root  458 Aug 22 09:26 ui-admin-rbac.yaml
-rw-r--r-- 1 root root  477 Aug 22 09:26 ui-read-rbac.yaml

[root@linux-node1 dashboard]# kubectl create -f .
serviceaccount "admin-user" created
clusterrolebinding.rbac.authorization.k8s.io "admin-user" created
secret "kubernetes-dashboard-certs" created
serviceaccount "kubernetes-dashboard" created
role.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created
rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" created
deployment.apps "kubernetes-dashboard" created
service "kubernetes-dashboard" created
clusterrole.rbac.authorization.k8s.io "ui-admin" created
rolebinding.rbac.authorization.k8s.io "ui-admin-binding" created
clusterrole.rbac.authorization.k8s.io "ui-read" created
rolebinding.rbac.authorization.k8s.io "ui-read-binding" created

[root@linux-node1 dashboard]# kubectl get pods  -o wide -n kube-system
NAME                                    READY     STATUS    RESTARTS   AGE       IP           NODE
coredns-77c989547b-d84n8                1/1       Running   0          55m       10.2.99.7    192.168.56.13
coredns-77c989547b-j4ms2                1/1       Running   0          55m       10.2.76.6    192.168.56.12
kubernetes-dashboard-66c9d98865-mps22   1/1       Running   0          4m        10.2.76.12   192.168.56.12

[root@linux-node1 dashboard]# kubectl get svc -n kube-system
NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE
coredns                ClusterIP   10.1.0.2       <none>        53/UDP,53/TCP   56m
kubernetes-dashboard   NodePort    10.1.234.201   <none>        443:38974/TCP   5m

从上可以看到kubernetes的dashboard服务的ip为:10.1.234.201,其映射到宿主机的端口为38974,由于master上没有部署kube-porxy,所以需要直接访问https://192.168.56.12:38974,如图:

选择令牌登陆,获取令牌的方法如下:

[root@linux-node1 dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-mz7p9
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=admin-user
              kubernetes.io/service-account.uid=c2a85113-acc9-11e8-a800-000c29ce4fa7

Type:  kubernetes.io/service-account-token

Data
====
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLW16N3A5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjMmE4NTExMy1hY2M5LTExZTgtYTgwMC0wMDBjMjljZTRmYTciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.V4aEkKDBcK4RkuXRzwdAyoJRBrxAnc8axLLxGCGiduwv5Qa0HFe2WQWtny6FI-MpUP-dzrxahWSwaFcKKvVdzfBuXTbnPDBkhcrpAuzDsL0vo-GwHAAl88n8yZ67QmBwPVWH2CBrrTwWqALAfR2wNKtrUEigg-qbTQ05slP8WmbeckfzHTeZpQqegO3fz0BNBrJqi2TFDaftPm_vWSEsPWzWE9AyvfiVwGrfc_mmzHpOyxXAQXQLxJunfklwt0kuENO6sRRJ2HGvZ6HnCGZYZj0p-kjh5uAv-q_X2cMPIAhXgH7gHdYeiSXvEGA2Qz6tBE2pgN6S4F_xj6b4JT7kAQ
ca.crt:     1359 bytes

点击登录后的界面如下:

 

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注