k8s部署篇之安装kube-DNS和webUI(k8s篇五)
部署kube-DNS下载kube-DNS.yaml文件链接: https://pan.baidu.com/s/1PU-iBCFP6o1mH7N9DFgI5g 提取码: y3dg创建DNSkubectl create -f kube-dns.yaml查看kubectl get pod,svc -n kube-systemNAME...
·
部署kube-DNS
下载kube-DNS.yaml文件
链接: https://pan.baidu.com/s/1PU-iBCFP6o1mH7N9DFgI5g 提取码: y3dg
创建DNS
kubectl create -f kube-dns.yaml
查看
kubectl get pod,svc -n kube-system
NAME READY STATUS RESTARTS AGE
po/kube-dns-7797cb8758-dlhqs 3/3 Running 0 3h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/kube-dns ClusterIP 10.0.0.2 <none> 53/UDP,53/TCP 3h
测试
#进入任意容器中查看
[root@node9 yaml]# kubectl exec -it tools-dns-98c7c4bc4-cf7qp /bin/bash
root@tools-dns-98c7c4bc4-cf7qp:/# ping nginx
PING nginx.default.svc.cluster.local (10.0.0.121) 56(84) bytes of data.
--- nginx.default.svc.cluster.local ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
root@tools-dns-98c7c4bc4-cf7qp:/# cat /etc/resolv.conf
nameserver 10.0.0.2
search default.svc.cluster.local. svc.cluster.local. cluster.local.
options ndots:5
另外附上一个其他的测试方式
- 创建一个测试 pod 和svr : curl-system.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: curl
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: curl
spec:
containers:
- name: curl
image: appropriate/curl
command: ["sleep"]
args: ["5000"]
---
apiVersion: v1
kind: Service
metadata:
name: curl
namespace: kube-system
labels:
app: curl
spec:
type: ClusterIP
selector:
app: curl
ports:
- port: 80
targetPort: 80
name: http
protocol: TCP
- 启动一个dns测试工具POD
[root@master busybox]# cat test.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: tools-dns
namespace: default
spec:
replicas: 1
template:
metadata:
labels:
app: tools-dns
spec:
containers:
- name: tools-dns
image: tutum/dnsutils:latest
command: ["sleep"]
args: ["5000"]
- 进入dns工具POD,检查DNS:
- 检查A记录
kubectl exec -it tools-dns-4108965606-5rrtb bash
root@tools-dns-4108965606-5rrtb:/# nslookup -query=a _http._tcp.curl.kube-system
Server: 10.254.0.2
Address: 10.254.0.2#53
_http._tcp.curl.kube-system.svc.cluster.local canonical name = curl.kube-system.svc.cluster.local.
Name: curl.kube-system.svc.cluster.local
Address: 10.254.186.53
- 检查srv记录
SRV记录是一个域名系统(DNS)资源记录,用于标识承载特定服务的计算机。
SRV记录是一个域名系统(DNS)资源记录,用于标识承载特定服务的计算机。
root@tools-dns-4108965606-5rrtb:/# nslookup -query=srv _http._tcp.curl.kube-system
Server: 10.254.0.2
Address: 10.254.0.2#53
_http._tcp.curl.kube-system.svc.cluster.local service = 10 100 80 curl.kube-system.svc.cluster.local.
(说明:service = 10(优先级) 100(比重) 80(端口) curl.kube-system.svc.cluster.local(主机名).)
注意
如果exec不能进入,出现权限问题运行以下命令
kubectl create clusterrolebinding the-boss --user system:anonymous --clusterrole cluster-admin
部署WEB UI
安装
因为k8s上的仓库是墙外库,所以我们需要先在各个node节点进行镜像拉取
[root@C7-2 ~]# docker pull mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
[root@C7-2 ~]# docker tag mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
- 创建一个k8s服务
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
- 随机配置一个对外端口
kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system
kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
curl ClusterIP 10.0.0.204 <none> 80/TCP 55m
kube-dns ClusterIP 10.0.0.2 <none> 53/UDP,53/TCP 119m
kubernetes-dashboard NodePort 10.0.0.183 <none> 443:42518/TCP 3m8s
- 测试访问
在火狐浏览器(不可以使用谷歌)输入https://集群任意IP:端口号
证书不可用的话点击高级
认证
- 创建ServiceAccount
kubectl create serviceaccount dashboard-admin -n kube-system
- 绑定相关role
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
–clusterrole:指定使用的集群角色,
–serviceaccount:指定认证使用的ServiceAccount,由第一步创建
- 获取ServiceAccount使用的Secret
kubectl describe sa dashboard-admin -n kube-system
Name: dashboard-admin
Namespace: kube-system
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: dashboard-admin-token-vg9lj
Tokens: dashboard-admin-token-vg9lj
Events: <none>
- 获取token
kubectl describe secret dashboard-admin-token-vg9lj -n kube-system
Name: dashboard-admin-token-vg9lj
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 3f316e45-4fb5-11e9-907f-000c2955d38e
Type: kubernetes.io/service-account-token
Data
====
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdmc5bGoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiM2YzMTZlNDUtNGZiNS0xMWU5LTkwN2YtMDAwYzI5NTVkMzhlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.hIqpuWGrVc7Ip8IT1wDBmJt-oISRGLCPC-RP3qmLCZJehfsTqipMjjOZ1sVDILYg_LeutrzQv1YtJW1wy6G1wC83eJSWQOwP0DvY8MkRDrXNWnXMqwXx-nqJu3uTk92maITOpprSQ_UgzenmEkg5Bj36xM5y9c6UFcELu9pQMfRyaY5vzraSdDZMRYSVB4Y6zuD5XFRp1SwQ2KN8DS9FW_5J7D3dqV216RZ70xSzl_kZQjdR-qsyhQM39du8ISQr35521E1WVVDOHaOc7CBzw1m8MbXlqa-fxrfw92fHtuxPvG-UpOhoh9jSfIMm_n4nv3pg_zUEbFY99GiJcKRrog
ca.crt: 1359 bytes
ok, 复制token进行token登陆
至此web UI部署完毕
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献6条内容
所有评论(0)