【10】搭建k8s集群系列（二进制部署）之安装Dashboard和CoreDNS ...

一、部署Dashboard

1.1、创建kubernetes-dashboard.yaml文件

完整的yaml设置文件信息如下：

1. # Copyright 2017 The Kubernetes Authors.
2. #
3. # Licensed under the Apache License, Version 2.0 (the "License");
4. # you may not use this file except in compliance with the License.
5. # You may obtain a copy of the License at
6. #
7. #     http://www.apache.org/licenses/LICENSE-2.0
8. #
9. # Unless required by applicable law or agreed to in writing, software
10. # distributed under the License is distributed on an "AS IS" BASIS,
11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12. # See the License for the specific language governing permissions and
13. # limitations under the License.
15. apiVersion: v1
16. kind: Namespace
17. metadata:
18.   name: kubernetes-dashboard
20. ---
22. apiVersion: v1
23. kind: ServiceAccount
24. metadata:
25.   labels:
26.     k8s-app: kubernetes-dashboard
27.   name: kubernetes-dashboard
28.   namespace: kubernetes-dashboard
30. ---
32. kind: Service
33. apiVersion: v1
34. metadata:
35.   labels:
36.     k8s-app: kubernetes-dashboard
37.   name: kubernetes-dashboard
38.   namespace: kubernetes-dashboard
39. spec:
40.   type: NodePort
41.   ports:
42.     - port: 443
43.       targetPort: 8443
44.       nodePort: 30001
45.   selector:
46.     k8s-app: kubernetes-dashboard
48. ---
50. apiVersion: v1
51. kind: Secret
52. metadata:
53.   labels:
54.     k8s-app: kubernetes-dashboard
55.   name: kubernetes-dashboard-certs
56.   namespace: kubernetes-dashboard
57. type: Opaque
59. ---
61. apiVersion: v1
62. kind: Secret
63. metadata:
64.   labels:
65.     k8s-app: kubernetes-dashboard
66.   name: kubernetes-dashboard-csrf
67.   namespace: kubernetes-dashboard
68. type: Opaque
69. data:
70.   csrf: ""
72. ---
74. apiVersion: v1
75. kind: Secret
76. metadata:
77.   labels:
78.     k8s-app: kubernetes-dashboard
79.   name: kubernetes-dashboard-key-holder
80.   namespace: kubernetes-dashboard
81. type: Opaque
83. ---
85. kind: ConfigMap
86. apiVersion: v1
87. metadata:
88.   labels:
89.     k8s-app: kubernetes-dashboard
90.   name: kubernetes-dashboard-settings
91.   namespace: kubernetes-dashboard
93. ---
95. kind: Role
96. apiVersion: rbac.authorization.k8s.io/v1
97. metadata:
98.   labels:
99.     k8s-app: kubernetes-dashboard
100.   name: kubernetes-dashboard
101.   namespace: kubernetes-dashboard
102. rules:
103.   # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
104.   - apiGroups: [""]
105.     resources: ["secrets"]
106.     resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
107.     verbs: ["get", "update", "delete"]
108.     # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
109.   - apiGroups: [""]
110.     resources: ["configmaps"]
111.     resourceNames: ["kubernetes-dashboard-settings"]
112.     verbs: ["get", "update"]
113.     # Allow Dashboard to get metrics.
114.   - apiGroups: [""]
115.     resources: ["services"]
116.     resourceNames: ["heapster", "dashboard-metrics-scraper"]
117.     verbs: ["proxy"]
118.   - apiGroups: [""]
119.     resources: ["services/proxy"]
120.     resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
121.     verbs: ["get"]
123. ---
125. kind: ClusterRole
126. apiVersion: rbac.authorization.k8s.io/v1
127. metadata:
128.   labels:
129.     k8s-app: kubernetes-dashboard
130.   name: kubernetes-dashboard
131. rules:
132.   # Allow Metrics Scraper to get metrics from the Metrics server
133.   - apiGroups: ["metrics.k8s.io"]
134.     resources: ["pods", "nodes"]
135.     verbs: ["get", "list", "watch"]
137. ---
139. apiVersion: rbac.authorization.k8s.io/v1
140. kind: RoleBinding
141. metadata:
142.   labels:
143.     k8s-app: kubernetes-dashboard
144.   name: kubernetes-dashboard
145.   namespace: kubernetes-dashboard
146. roleRef:
147.   apiGroup: rbac.authorization.k8s.io
148.   kind: Role
149.   name: kubernetes-dashboard
150. subjects:
151.   - kind: ServiceAccount
152.     name: kubernetes-dashboard
153.     namespace: kubernetes-dashboard
155. ---
157. apiVersion: rbac.authorization.k8s.io/v1
158. kind: ClusterRoleBinding
159. metadata:
160.   name: kubernetes-dashboard
161. roleRef:
162.   apiGroup: rbac.authorization.k8s.io
163.   kind: ClusterRole
164.   name: kubernetes-dashboard
165. subjects:
166.   - kind: ServiceAccount
167.     name: kubernetes-dashboard
168.     namespace: kubernetes-dashboard
170. ---
172. kind: Deployment
173. apiVersion: apps/v1
174. metadata:
175.   labels:
176.     k8s-app: kubernetes-dashboard
177.   name: kubernetes-dashboard
178.   namespace: kubernetes-dashboard
179. spec:
180.   replicas: 1
181.   revisionHistoryLimit: 10
182.   selector:
183.     matchLabels:
184.       k8s-app: kubernetes-dashboard
185.   template:
186.     metadata:
187.       labels:
188.         k8s-app: kubernetes-dashboard
189.     spec:
190.       containers:
191.         - name: kubernetes-dashboard
192.           image: kubernetesui/dashboard:v2.0.0
193.           imagePullPolicy: Always
194.           ports:
195.             - containerPort: 8443
196.               protocol: TCP
197.           args:
198.             - --auto-generate-certificates
199.             - --namespace=kubernetes-dashboard
200.             # Uncomment the following line to manually specify Kubernetes API server Host
201.             # If not specified, Dashboard will attempt to auto discover the API server and connect
202.             # to it. Uncomment only if the default does not work.
203.             # - --apiserver-host=http://my-address:port
204.           volumeMounts:
205.             - name: kubernetes-dashboard-certs
206.               mountPath: /certs
207.               # Create on-disk volume to store exec logs
208.             - mountPath: /tmp
209.               name: tmp-volume
210.           livenessProbe:
211.             httpGet:
212.               scheme: HTTPS
213.               path: /
214.               port: 8443
215.             initialDelaySeconds: 30
216.             timeoutSeconds: 30
217.           securityContext:
218.             allowPrivilegeEscalation: false
219.             readOnlyRootFilesystem: true
220.             runAsUser: 1001
221.             runAsGroup: 2001
222.       volumes:
223.         - name: kubernetes-dashboard-certs
224.           secret:
225.             secretName: kubernetes-dashboard-certs
226.         - name: tmp-volume
227.           emptyDir: {}
228.       serviceAccountName: kubernetes-dashboard
229.       nodeSelector:
230.         "kubernetes.io/os": linux
231.       # Comment the following tolerations if Dashboard must not be deployed on master
232.       tolerations:
233.         - key: node-role.kubernetes.io/master
234.           effect: NoSchedule
236. ---
238. kind: Service
239. apiVersion: v1
240. metadata:
241.   labels:
242.     k8s-app: dashboard-metrics-scraper
243.   name: dashboard-metrics-scraper
244.   namespace: kubernetes-dashboard
245. spec:
246.   ports:
247.     - port: 8000
248.       targetPort: 8000
249.   selector:
250.     k8s-app: dashboard-metrics-scraper
252. ---
254. kind: Deployment
255. apiVersion: apps/v1
256. metadata:
257.   labels:
258.     k8s-app: dashboard-metrics-scraper
259.   name: dashboard-metrics-scraper
260.   namespace: kubernetes-dashboard
261. spec:
262.   replicas: 1
263.   revisionHistoryLimit: 10
264.   selector:
265.     matchLabels:
266.       k8s-app: dashboard-metrics-scraper
267.   template:
268.     metadata:
269.       labels:
270.         k8s-app: dashboard-metrics-scraper
271.       annotations:
272.         seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
273.     spec:
274.       containers:
275.         - name: dashboard-metrics-scraper
276.           image: kubernetesui/metrics-scraper:v1.0.4
277.           ports:
278.             - containerPort: 8000
279.               protocol: TCP
280.           livenessProbe:
281.             httpGet:
282.               scheme: HTTP
283.               path: /
284.               port: 8000
285.             initialDelaySeconds: 30
286.             timeoutSeconds: 30
287.           volumeMounts:
288.           - mountPath: /tmp
289.             name: tmp-volume
290.           securityContext:
291.             allowPrivilegeEscalation: false
292.             readOnlyRootFilesystem: true
293.             runAsUser: 1001
294.             runAsGroup: 2001
295.       serviceAccountName: kubernetes-dashboard
296.       nodeSelector:
297.         "kubernetes.io/os": linux
298.       # Comment the following tolerations if Dashboard must not be deployed on master
299.       tolerations:
300.         - key: node-role.kubernetes.io/master
301.           effect: NoSchedule
302.       volumes:
303.         - name: tmp-volume
304.           emptyDir: {}

复制代码

1.2、部署和查看

1. kubectl apply -f kubernetes-dashboard.yaml
2. # 查看部署
3. kubectl get pods,svc -n kubernetes-dashboard

复制代码

访问地址：https://NodeIP:30001
创建service account并绑定默认cluster-admin管理员集群脚色

1. kubectl create serviceaccount dashboard-admin -n kube-system
2. kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
3. kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

复制代码

利用输出的token登录Dashboard

二、部署CoreDNS

2.1 创建coredns.yaml，并写入以下内容

1. # __MACHINE_GENERATED_WARNING__
3. apiVersion: v1
4. kind: ServiceAccount
5. metadata:
6.   name: coredns
7.   namespace: kube-system
8.   labels:
9.       kubernetes.io/cluster-service: "true"
10.       addonmanager.kubernetes.io/mode: Reconcile
11. ---
12. apiVersion: rbac.authorization.k8s.io/v1
13. kind: ClusterRole
14. metadata:
15.   labels:
16.     kubernetes.io/bootstrapping: rbac-defaults
17.     addonmanager.kubernetes.io/mode: Reconcile
18.   name: system:coredns
19. rules:
20. - apiGroups:
21.   - ""
22.   resources:
23.   - endpoints
24.   - services
25.   - pods
26.   - namespaces
27.   verbs:
28.   - list
29.   - watch
30. - apiGroups:
31.   - ""
32.   resources:
33.   - nodes
34.   verbs:
35.   - get
36. - apiGroups:
37.   - discovery.k8s.io
38.   resources:
39.   - endpointslices
40.   verbs:
41.   - list
42.   - watch
43. ---
44. apiVersion: rbac.authorization.k8s.io/v1
45. kind: ClusterRoleBinding
46. metadata:
47.   annotations:
48.     rbac.authorization.kubernetes.io/autoupdate: "true"
49.   labels:
50.     kubernetes.io/bootstrapping: rbac-defaults
51.     addonmanager.kubernetes.io/mode: EnsureExists
52.   name: system:coredns
53. roleRef:
54.   apiGroup: rbac.authorization.k8s.io
55.   kind: ClusterRole
56.   name: system:coredns
57. subjects:
58. - kind: ServiceAccount
59.   name: coredns
60.   namespace: kube-system
61. ---
62. apiVersion: v1
63. kind: ConfigMap
64. metadata:
65.   name: coredns
66.   namespace: kube-system
67.   labels:
68.       addonmanager.kubernetes.io/mode: EnsureExists
69. data:
70.   Corefile: |
71.     .:53 {
72.         errors
73.         health {
74.             lameduck 5s
75.         }
76.         ready
77.         kubernetes cluster.local in-addr.arpa ip6.arpa {
78.             pods insecure
79.             fallthrough in-addr.arpa ip6.arpa
80.             ttl 30
81.         }
82.         prometheus :9153
83.         forward . /etc/resolv.conf {
84.             max_concurrent 1000
85.         }
86.         cache 30
87.         loop
88.         reload
89.         loadbalance
90.     }
91. ---
92. apiVersion: apps/v1
93. kind: Deployment
94. metadata:
95.   name: coredns
96.   namespace: kube-system
97.   labels:
98.     k8s-app: kube-dns
99.     kubernetes.io/cluster-service: "true"
100.     addonmanager.kubernetes.io/mode: Reconcile
101.     kubernetes.io/name: "CoreDNS"
102. spec:
103.   # replicas: not specified here:
104.   # 1. In order to make Addon Manager do not reconcile this replicas parameter.
105.   # 2. Default is 1.
106.   # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
107.   replicas: 1
108.   strategy:
109.     type: RollingUpdate
110.     rollingUpdate:
111.       maxUnavailable: 1
112.   selector:
113.     matchLabels:
114.       k8s-app: kube-dns
115.   template:
116.     metadata:
117.       labels:
118.         k8s-app: kube-dns
119.     spec:
120.       securityContext:
121.         seccompProfile:
122.           type: RuntimeDefault
123.       priorityClassName: system-cluster-critical
124.       serviceAccountName: coredns
125.       affinity:
126.         podAntiAffinity:
127.           preferredDuringSchedulingIgnoredDuringExecution:
128.           - weight: 100
129.             podAffinityTerm:
130.               labelSelector:
131.                 matchExpressions:
132.                   - key: k8s-app
133.                     operator: In
134.                     values: ["kube-dns"]
135.               topologyKey: kubernetes.io/hostname
136.       tolerations:
137.         - key: "CriticalAddonsOnly"
138.           operator: "Exists"
139.       nodeSelector:
140.         kubernetes.io/os: linux
141.       containers:
142.       - name: coredns
143.         image: coredns/coredns:v1.8.6
144.         imagePullPolicy: IfNotPresent
145.         resources:
146.           limits:
147.             memory: 500Mi
148.           requests:
149.             cpu: 100m
150.             memory: 70Mi
151.         args: [ "-conf", "/etc/coredns/Corefile" ]
152.         volumeMounts:
153.         - name: config-volume
154.           mountPath: /etc/coredns
155.           readOnly: true
156.         ports:
157.         - containerPort: 53
158.           name: dns
159.           protocol: UDP
160.         - containerPort: 53
161.           name: dns-tcp
162.           protocol: TCP
163.         - containerPort: 9153
164.           name: metrics
165.           protocol: TCP
166.         livenessProbe:
167.           httpGet:
168.             path: /health
169.             port: 8080
170.             scheme: HTTP
171.           initialDelaySeconds: 60
172.           timeoutSeconds: 5
173.           successThreshold: 1
174.           failureThreshold: 5
175.         readinessProbe:
176.           httpGet:
177.             path: /ready
178.             port: 8181
179.             scheme: HTTP
180.         securityContext:
181.           allowPrivilegeEscalation: false
182.           capabilities:
183.             add:
184.             - NET_BIND_SERVICE
185.             drop:
186.             - all
187.           readOnlyRootFilesystem: true
188.       dnsPolicy: Default
189.       volumes:
190.         - name: config-volume
191.           configMap:
192.             name: coredns
193.             items:
194.             - key: Corefile
195.               path: Corefile
196. ---
197. apiVersion: v1
198. kind: Service
199. metadata:
200.   name: kube-dns
201.   namespace: kube-system
202.   annotations:
203.     prometheus.io/port: "9153"
204.     prometheus.io/scrape: "true"
205.   labels:
206.     k8s-app: kube-dns
207.     kubernetes.io/cluster-service: "true"
208.     addonmanager.kubernetes.io/mode: Reconcile
209.     kubernetes.io/name: "CoreDNS"
210. spec:
211.   selector:
212.     k8s-app: kube-dns
213.   clusterIP: 10.0.0.2
214.   ports:
215.   - name: dns
216.     port: 53
217.     protocol: UDP
218.   - name: dns-tcp
219.     port: 53
220.     protocol: TCP
221.   - name: metrics
222.     port: 9153
223.     protocol: TCP

复制代码

2.2 执行部署coredns

1. kubectl apply -f coredns.yaml
3. # 查看coredns运行是否正常
4. kubectl get pods -n kube-system  

复制代码

免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！更多信息从访问主页：qidao123.com:ToB企服之家，中国第一个企服评测及商务社交产业平台。