一.部署Web UI(Dashboard)
1.解壓包,進入目錄
包就在之前的master部署組件裏
這裏裏面kubernetes-server-linux-amd64.tar.gz
2.執行yaml文件
查看啓動的pod,沒在默認命名空間,在kube-system下
注:
其中dashboard-controller.yaml這個裏面的dashboard鏡像是國外的,如果慢,可以換成國內的鏡像地址 image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
3.創建Dashboard服務
4.查看啓動的Dashboard服務
外網訪問的是端口是44721
5.設置登陸令牌,訪問web界面
創建用戶訪問,綁定集羣管理員,使用它產生的密鑰
創建賬戶產生的token
查看token
複製token到頁面上即可
二.coredns的安裝
安裝coredns的yaml文檔可以在kubernetes的github上找到https://github.com/kubernetes/kubernetes/edit/master/cluster/addons/dns/coredns/coredns.yaml.sed
[root@master ~]# vim coredns.yaml
# Warning: This is a file generated from the base underscore template file: coredns.yaml.baseapiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: Reconcile
name: system:coredns
rules:
- apiGroups:
- ""
resources: - endpoints
- services
- pods
- namespaces
verbs: - list
- watch
- ""
- apiGroups:
- ""
resources: - nodes
verbs: -
get
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
addonmanager.kubernetes.io/mode: EnsureExists
name: system:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- ""
-
kind: ServiceAccount
name: coredns
namespace: kube-systemapiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
Corefile: |
.:53 {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
proxy . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:replicas: not specified here:
# 1. In order to make Addon Manager do not reconcile this replicas parameter. # 2. Default is 1. # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
serviceAccountName: coredns
tolerations:- key: "CriticalAddonsOnly"
operator: "Exists"
containers:- name: coredns
image: coredns/coredns:1.2.6
imagePullPolicy: IfNotPresent
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
args: [ "-conf", "/etc/coredns/Corefile" ]
volumeMounts:
- name: coredns
- name: config-volume
mountPath: /etc/coredns
readOnly: true
ports: - containerPort: 53
name: dns
protocol: UDP - containerPort: 53
name: dns-tcp
protocol: TCP - containerPort: 9153
name: metrics
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:- NET_BIND_SERVICE
drop: - all
readOnlyRootFilesystem: true
dnsPolicy: Default
volumes:
- NET_BIND_SERVICE
- name: config-volume
configMap:
name: coredns
items:-
key: Corefile
path: CorefileapiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "CoreDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.0.0.2
ports:- name: dns
port: 53
protocol: UDP - name: dns-tcp
port: 53
protocol: TCP
- name: dns
-
- key: "CriticalAddonsOnly"
1.部署coredns 
2.查看部署結果
[root@master ~]# kubectl get pods -n kube-system