Kubernetes集群部署之七-CoreDNS和Dashboard部署详解架构师

创建CoreDNS:

之前已经下载了kubernetes的软件包，coreDNS的文件也包括在里面，可以直接用，也可以网上下载.

[[email protected] ~]# cd /usr/local/src/kubernetes/cluster/addons/dns 

[[email protected]-master dns]# cp coredns.yaml.base coredns.yaml 

将配置文件coredns.yaml中，修改如下两个地方为自己的domain和cluster ip地址. 

1.kubernetes __PILLAR__DNS__DOMAIN__ 

改为 kubernetes cluster.local. 

2.clusterIP: __PILLAR__DNS__SERVER__ 

clusterIP: 10.1.0.2

开始创建coredns服务：

[[email protected] dns]# kubectl create -f coredns.yaml 

serviceaccount "coredns" created 

clusterrole.rbac.authorization.k8s.io "system:coredns" created 

clusterrolebinding.rbac.authorization.k8s.io "system:coredns" created 

configmap "coredns" created 

deployment.extensions "coredns" created 

service "coredns" created

查看服务状态：

[[email protected] dns]# kubectl get pod -n kube-system -o wide 

NAME READY STATUS RESTARTS AGE IP NODE 

coredns-77c989547b-dv6fl 1/1 Running 0 2m 10.2.58.182 10.20.9.222 

coredns-77c989547b-nltj9 1/1 Running 0 2m 10.2.49.8 10.20.9.221 

[[email protected]-master dns]# 

[[email protected]-master dns]# kubectl get svc --all-namespaces 

NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE 

default kubernetes ClusterIP 10.1.0.1 none 443/TCP 1d 

kube-system coredns ClusterIP 10.1.0.2 none 53/UDP,53/TCP 4m

coreDNS解析测试：

[[email protected] dns]# kubectl run -i --tty busybox --image=docker.io/busybox /bin/sh 

If you dont see a command prompt, try pressing enter. 

/ # nslookup www.baidu.com 

Server: 10.1.0.2 

Address 1: 10.1.0.2 coredns.kube-system.svc.cluster.local 

Name: www.baidu.com 

Address 1: 180.149.132.151 

Address 2: 180.149.131.98

说明coredns解析正常.

创建Dashboard

1.下载dashborad文件地址，大神已经修改好了我们直接执行就可以：

[root@k8s-node-1 tmp]# git clone https://github.com/unixhot/salt-kubernetes.git

2.创建dashborad服务：

[[email protected] addons]# kubectl create -f dashboard/ 

[[email protected]-master addons]# kubectl cluster-info 

Kubernetes master is running at https://10.20.9.220:6443 

CoreDNS is running at https://10.20.9.220:6443/api/v1/namespaces/kube-system/services/coredns:dns/proxy 

kubernetes-dashboard is running at https://10.20.9.220:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy 

To further debug and diagnose cluster problems, use kubectl cluster-info dump.

3.dashborad对外映射端口：

[[email protected] tmp]# kubectl get svc -o wide --all-namespaces 

NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR 

default kubernetes ClusterIP 10.1.0.1 none 443/TCP 1d none 

kube-system coredns ClusterIP 10.1.0.2 none 53/UDP,53/TCP 21m k8s-app=coredns 

kube-system kubernetes-dashboard NodePort 10.1.116.172 none 443:22584/TCP 5m k8s-app=kubernetes-dashboard

4.访问是https://nodeip:22584 进行访问 如：https://10.20.9.221:22584/

5.我们选择令牌登录，然后在master端执行如下命令，生成认证token登录：

[[email protected] ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk {print $1}) 

Name: admin-user-token-tk4f5 

Namespace: kube-system 

Labels: none 

Annotations: kubernetes.io/service-account.name=admin-user 

 kubernetes.io/service-account.uid=00d6697a-67a2-11e8-8d7e-00505685a7ab 

Type: kubernetes.io/service-account-token 

Data 

==== 

namespace: 11 bytes 

token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXRrNGY1Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwMGQ2Njk3YS02N2EyLTExZTgtOGQ3ZS0wMDUwNTY4NWE3YWIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.sluGejekiRB8KUS2pDhWx_NQS3axDyoRJP4NFi1fMvjx_-aXoznjCjk9iZRszu2vuMXvasNavigY4LL5SfSfNUir4kMYOI9tZkVTGkdC-fsa7E_GfXoP-HI1VhXz2BQ9Gu0eFkWO67pQYU37Ze0ZuUwNsnCB2S0sEF6yoV6MPSWVjLhqy65YEqJrtWp_fo87pebQAlH63cRY4MvyN_mB6u9Ddcs_1CH2HZS4hbdjjtO_ppB2zGSsyRcjWdD1TPPeAZErz4-MIHfwMBEcXq9BBuNaX0HEu-5qy6-cTmwlex0RpXVeOxDWfBnGGvb092cFWlI8faleFtyjI1HTraJ9sQ 

ca.crt: 1359 bytes

6.登录后信息如下：

访问url我用的是火狐浏览器，别的浏览器因为证书问题一直访问不了，还有就是我当时这样访问https://10.20.9.220:6443/ 但是用用户名密码访问死活过不去，有时间了在研究下.

6892.html