接下来配置秘钥
root@master:~# cp /root/.kube/config /opt/kube.kubeconfig
编辑文件增加tonken
root@master:~# vim /opt/kube.kubeconfig
前边空格4个冒号后边也要空格一个
最后一行
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLThuOHdkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2NjJmN2Q3OC0wZTdlLTExZWEtYmM0Zi0wMDBjMjljZmU3MTAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.Oy8EOkqJTZrKFtIAOb8xXSVMsZ1P5h3aPv7alRTyawh-MRF12Wk6Lr5lGOqPBj23_L3CnSC4JHCWGiHYtotetWvbDulK2ljni0vbvlz9JViP02Z0ww2AAA16oNjHYHMnKOHCJdZHncuPWXGjAjjUXqKIvN9V3wBb2qUSba5SUpLtSNozFPf1pKm6xhogdaBaWxu2MvVJw75lTc3qchfqGct0bjTqMHeDRfL9uqVx1-K-u087JOhyrEi5tzcHXmrHqZL5IqgLhXHcPM82Vb00IClGs6g4jnyetJyEmn7QQ4jTTMfuJo1v2UDaCR45uZ_pMCZT-mGvt_61z44P_iyp2g
导入登录进去
这个tonken最多可以15分支,后边就会掉了的
添加超过1个小时就断开
root@master:/etc/ansible/manifests/dashboard/1.10.1# vim kubernetes-dashboard.yaml
117 args:
118 - --auto-generate-certificates
119 - --token-ttl=3600
让他重新生效
root@master:/etc/ansible/manifests/dashboard/1.10.1# kubectl apply -f .
查看已经修改成3600秒了
查看有哪些可以用的后端服务
root@master:/etc/ansible/manifests/dashboard/1.10.1# kubectl get ep --all-namespaces
NAMESPACE NAME ENDPOINTS AGE
default kubernetes 192.168.200.197:6443,192.168.200.198:6443 3d4h
kube-system heapster 172.31.167.89:8082 2d2h
kube-system kube-controller-manager <none> 3d4h
kube-system kube-dns 172.31.167.90:53,172.31.167.90:53 2d14h
kube-system kube-scheduler <none> 3d4h
kube-system kubernetes-dashboard 172.31.104.141:8443 2d3h
kube-system monitoring-grafana 172.31.167.85:3000 2d2h
kube-system monitoring-influxdb 172.31.167.84:8086 2d2h
查看域名解析时间
root@master:/etc/ansible/manifests/dns/kube-dns# time kubectl exec busybox nslookup kubernetes
Server: 10.20.254.254
Address 1: 10.20.254.254 kube-dns.kube-system.svc.linux37.local
Name: kubernetes
Address 1: 10.20.0.1 kubernetes.default.svc.linux37.local
real 0m0.280s
user 0m0.101s
sys 0m0.034s
200毫秒的时间是正常的
root@master:/etc/ansible/manifests/dns/kube-dns# kubectl delete -f kube-dns.yaml
删除kube-dns
查看coredns网站
[https://github.com/coredns/](https://github.com/coredns/)
image.png
image.png
把这些文件拖过去
创建 coredns目录
root@master:/etc/ansible/manifests/dns# mkdir coredns
克隆coredns
root@master:/etc/ansible/manifests/dns/coredns# git clone https://github.com/coredns/deployment.git
解压文件
root@master:/usr/local/src# tar xf kubernetes-1.14.7-client-linux-amd64.tar.gz
root@master:/usr/local/src# tar xf kubernetes-1.14.7-node-linux-amd64.tar.gz
root@master:/usr/local/src# tar xf kubernetes-1.14.7-server-linux-amd64.tar.gz
root@master:/usr/local/src# tar xf kubernetes1.14.7.tar.gz
root@master:/usr/local/src/kubernetes/cluster/addons/dns/coredns# vim /etc/ansible/hosts
# 服务网段 (Service CIDR),注意不要与内网已有网段冲突
SRVICE_CIDR="10.20.0.0/16"
注意执行的是这个service的dns的
创建dns服务
root@master:/etc/ansible/manifests/dns/coredns/deployment/kubernetes# kubectl apply -f ../../../kube-dns.yaml
service/kube-dns created
serviceaccount/kube-dns created
configmap/kube-dns created
deployment.extensions/kube-dns created
执行脚本添加dns
root@master:/etc/ansible/manifests/dns/coredns/deployment/kubernetes# bash deploy.sh 10.20.0.0/16
k8s-app: kube-dns
clusterIP: 10.20.254.254
拿到这个地址就可以
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
- name: metrics
port: 9153
protocol: TCP
- name: coredns
image: coredns/coredns:1.6.5
生产了一个文件定义了镜像地址
把信息重定向到一个文件里
root@master:/etc/ansible/manifests/dns/coredns/deployment/kubernetes# bash deploy.sh 10.20.0.0/16 > coreden-linux37.yaml
root@master:/etc/ansible/manifests/dns/coredns/deployment/kubernetes# vim coreden-linux37.yaml
60 ready
61 kubernetes linux37.local in-addr.arpa ip6.arpa {
修改为公司部署的dns服务的域名名称
65 prometheus :9153
66 forward . 223.6.6.6
转发给阿里云的223.6.6.6来进行解析转发(一般这个dns地址是公司内部的dns,这里做实验用的是阿里云的dns)
114 - name: coredns
115 image: harbor.wyh.net/baseimages/coredns:1.6.5
修改地址为本地的镜像地址
116 imagePullPolicy: IfNotPresent
118 limits:
119 memory: 512Mi
资源设置成512mb的
提前下载镜像
root@master:/usr/local/src/kubernetes/cluster/addons/dns/coredns# docker pull coredns/coredns:1.6.5
打标签
root@master:/etc/ansible/manifests/dns/coredns/deployment/kubernetes# docker tag coredns/coredns:1.6.5 harbor.wyh.net/baseimages/coredns:1.6.5
上传镜像
root@master:/etc/ansible/manifests/dns/coredns/deployment/kubernetes# docker push harbor.wyh.net/baseimages/coredns:1.6.5
root@master:/etc/ansible/manifests/dns/coredns/deployment/kubernetes# kubectl delete -f ../../../kube-dns.yaml
删除kube-dns,然后部署coredns
接下来部署coredns
创建服务
root@master:/etc/ansible/manifests/dns/coredns/deployment/kubernetes# kubectl apply -f coreden-linux37.yaml
查看刚创建的pod
root@master:/etc/ansible/manifests/dns/coredns/deployment/kubernetes# kubectl get pod -n kube-system | grep coredns
coredns-7979bd56b8-6ldtl 1/1 Running 0 2m37s
查看域名解析的时间
root@master:/etc/ansible/manifests/dns/coredns/deployment/kubernetes# time kubectl exec busybox nslookup kubernetes
Server: 10.20.254.254
Address 1: 10.20.254.254 kube-dns.kube-system.svc.linux37.local
Name: kubernetes
Address 1: 10.20.0.1 kubernetes.default.svc.linux37.local
real 0m0.247s
user 0m0.064s
sys 0m0.035s
先关闭转发功能注释掉
root@master:/etc/ansible/manifests/dns/coredns/deployment/kubernetes# vim coreden-linux37.yaml
66 # forward . 223.6.6.6
在执行下,他会把变化的部分执行了
root@master:/etc/ansible/manifests/dns/coredns/deployment/kubernetes# kubectl apply -f coreden-linux37.yaml
root@master:/etc/ansible/manifests/dns/coredns/deployment/kubernetes# kubectl exec -it busybox sh
/ # ping www.baidu.com
ping: bad address 'www.baidu.com'
发现容器ping不痛百度了
作者:哆啦A梦_ca52
链接:https://www.jianshu.com/p/058262a73f8f
来源:简书
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。