作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
1 下载资源清单
参考链接:
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns/coredns
[root@k8s-cluster251 ~]# wget http://192.168.21.253/Resources/Kubernetes/Add-ons/CoreDNS/coredns.yaml.base
2 修改资源清单模板的关键字段
[root@k8s-cluster251 ~]# sed -i '/__DNS__DOMAIN__/s#__DNS__DOMAIN__#yinzhengjie.com#' coredns.yaml.base
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# sed -i '/__DNS__MEMORY__LIMIT__/s#__DNS__MEMORY__LIMIT__#200Mi#' coredns.yaml.base
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# sed -i '/__DNS__SERVER__/s#__DNS__SERVER__#10.200.0.254#' coredns.yaml.base
[root@k8s-cluster251 ~]#
相关字段说明:
__DNS__DOMAIN__
DNS自定义域名,要和你实际的K8S域名对应上。
__DNS__MEMORY__LIMIT__
CoreDNS组件的内存限制。
__DNS__SERVER__
DNS服务器的svc的CLusterIP地址。
3.所有节点准备宿主机DNS解析文件
[root@k8s-cluster251 ~]# cat > /etc/kubernetes/resolv.conf <<EOF
nameserver 223.5.5.5
options edns0 trust-ad
search .
EOF
[root@k8s-cluster251 ~]# data_rsync.sh /etc/kubernetes/resolv.conf
4.部署CoreDNS组件
[root@k8s-cluster251 ~]# kubectl apply -f coredns.yaml.base
serviceaccount/coredns created
clusterrole.rbac.authorization.k8s.io/system:coredns created
clusterrolebinding.rbac.authorization.k8s.io/system:coredns created
configmap/coredns created
deployment.apps/coredns created
service/kube-dns created
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# kubectl -n kube-system get svc,po -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kube-dns ClusterIP 10.200.0.254 <none> 53/UDP,53/TCP,9153/TCP 83s k8s-app=kube-dns
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/coredns-5578c9dc84-qvpqt 1/1 Running 0 82s 10.100.86.7 k8s-cluster251 <none> <none>
[root@k8s-cluster251 ~]#
温馨提示:
如果镜像下载失败,可以手动导入。操作如下:
wget http://192.168.21.253/Resources/Kubernetes/Add-ons/CoreDNS/yinzhengjie-coredns-v1.12.0.tar.gz
ctr -n k8s.io i import yinzhengjie-coredns-v1.12.0.tar.gz
5.验证DNS服务
[root@k8s-cluster251 ~]# kubectl get svc -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
calico-system calico-api ClusterIP 10.200.159.106 <none> 443/TCP 14h
calico-system calico-kube-controllers-metrics ClusterIP None <none> 9094/TCP 14h
calico-system calico-typha ClusterIP 10.200.120.52 <none> 5473/TCP 14h
calico-system goldmane ClusterIP 10.200.83.241 <none> 7443/TCP 14h
calico-system whisker ClusterIP 10.200.247.218 <none> 8081/TCP 14h
default kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 15h
kube-system kube-dns ClusterIP 10.200.0.254 <none> 53/UDP,53/TCP,9153/TCP 111s
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# dig @10.200.0.254 kube-dns.kube-system.svc.yinzhengjie.com +short
10.200.0.254
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# dig @10.200.0.254 kubernetes.default.svc.yinzhengjie.com +short
10.200.0.1
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# dig @10.200.0.254 calico-api.calico-system.svc.yinzhengjie.com +short
10.200.159.106
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]#
6.部署Pod验证默认的DNS服务器
[root@k8s-cluster251 ~]# kubectl apply -f deploy-apps.yaml
deployment.apps/yinzhengjie-app01 created
deployment.apps/yinzhengjie-app02 created
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
yinzhengjie-app01-859798856d-x99mf 1/1 Running 0 3s 10.100.1.4 k8s-cluster252 <none> <none>
yinzhengjie-app02-6c68b6f784-dq5x2 1/1 Running 0 3s 10.100.3.3 k8s-cluster253 <none> <none>
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# kubectl exec -it yinzhengjie-app01-859798856d-x99mf -- sh
/ #
/ # cat /etc/resolv.conf
search default.svc.yinzhengjie.com svc.yinzhengjie.com yinzhengjie.com
nameserver 10.200.0.254
options ndots:5
/ #
/ #
7.清除Pod环境
[root@k8s-cluster251 ~]# kubectl delete -f deploy-apps.yaml
deployment.apps "yinzhengjie-app01" deleted from default namespace
deployment.apps "yinzhengjie-app02" deleted from default namespace
[root@k8s-cluster251 ~]#
8.暴露Calico组件的whisker的webUI测试【需要coreDNS组件正常工作,如上图所示】
[root@k8s-cluster251 ~]# kubectl port-forward -n calico-system service/whisker 8081:8081 --address 0.0.0.0
1 配置kube-proxy代理模式为ipvs
[root@k8s-cluster251 ~]# grep mode /etc/kubernetes/kube-proxy.yml
mode: "ipvs"
[root@k8s-cluster251 ~]#
[root@k8s-cluster252 ~]# grep mode /etc/kubernetes/kube-proxy.yml
mode: "ipvs"
[root@k8s-cluster252 ~]#
[root@k8s-cluster253 ~]# grep mode /etc/kubernetes/kube-proxy.yml
mode: "ipvs"
[root@k8s-cluster253 ~]#
2 K8S集群所有节点导入镜像
wget http://192.168.21.253/Resources/Kubernetes/Add-ons/metallb/v0.15.2/yinzhengjie-metallb-controller-v0.15.2.tar.gz
wget http://192.168.21.253/Resources/Kubernetes/Add-ons/metallb/v0.15.2/yinzhengjie-metallb-speaker-v0.15.2.tar.gz
ctr -n k8s.io i import yinzhengjie-metallb-controller-v0.15.2.tar.gz
ctr -n k8s.io i import yinzhengjie-metallb-speaker-v0.15.2.tar.gz
3.下载metallb组件的资源清单
[root@master231 metallb]# wget https://raw.githubusercontent.com/metallb/metallb/v0.15.2/config/manifests/metallb-native.yaml
SVIP:
[root@k8s-cluster251 ~]# wget http://192.168.21.253/Resources/Kubernetes/Add-ons/metallb/v0.15.2/metallb-native.yaml
4 部署Metallb
[root@k8s-cluster251 ~]# kubectl apply -f metallb-native.yaml
5 创建IP地址池
[root@k8s-cluster251 ~]# cat > metallb-ip-pool.yaml <<EOF
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: jasonyin2020
namespace: metallb-system
spec:
addresses:
# 注意改为你自己为MetalLB分配的IP地址,改地址,建议设置为你windows能够访问的网段。【建议设置你的虚拟机Vmnet8网段】
- 10.0.0.150-10.0.0.180
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: yinzhengjie
namespace: metallb-system
spec:
ipAddressPools:
- jasonyin2020
EOF
[root@k8s-cluster251 ~]# kubectl apply -f metallb-ip-pool.yaml
ipaddresspool.metallb.io/jasonyin2020 created
l2advertisement.metallb.io/yinzhengjie created
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# kubectl get ipaddresspools.metallb.io -A
NAMESPACE NAME AUTO ASSIGN AVOID BUGGY IPS ADDRESSES
metallb-system jasonyin2020 true false ["10.0.0.150-10.0.0.180"]
[root@k8s-cluster251 ~]#
6 创建LoadBalancer的Service测试验证
[root@k8s-cluster251 ~]# cat > deploy-svc-LoadBalancer.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-xiuxian
spec:
replicas: 3
selector:
matchLabels:
apps: v1
template:
metadata:
labels:
apps: v1
spec:
containers:
- name: c1
image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v3
---
apiVersion: v1
kind: Service
metadata:
name: svc-xiuxian
spec:
type: LoadBalancer
selector:
apps: v1
ports:
- port: 80
EOF
[root@k8s-cluster251 ~]# kubectl apply -f deploy-svc-LoadBalancer.yaml
deployment.apps/deploy-xiuxian created
service/svc-xiuxian created
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# kubectl get deploy,svc,po -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/deploy-xiuxian 3/3 3 3 9s c1 registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v3 apps=v1
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 22h <none>
service/svc-xiuxian LoadBalancer 10.200.134.72 10.0.0.150 80:17862/TCP 9s apps=v1
service/xiuxian-v1 ClusterIP 10.200.240.114 <none> 80/TCP 3h12m apps=v1
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/deploy-xiuxian-5bc4d8c6d5-hnln8 1/1 Running 0 9s 10.100.88.14 k8s-cluster253 <none> <none>
pod/deploy-xiuxian-5bc4d8c6d5-hw7w6 1/1 Running 0 9s 10.100.86.9 k8s-cluster251 <none> <none>
pod/deploy-xiuxian-5bc4d8c6d5-jr5vf 1/1 Running 0 9s 10.100.99.12 k8s-cluster252 <none> <none>
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# curl 10.0.0.150
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>yinzhengjie apps v3</title>
<style>
div img {
width: 900px;
height: 600px;
margin: 0;
}
</style>
</head>
<body>
<h1 style="color: pink">凡人修仙传 v3 </h1>
<div>
<img src="3.jpg">
<div>
</body>
</html>
[root@k8s-cluster251 ~]#
1.下载helm软件包
wget https://get.helm.sh/helm-v3.19.4-linux-amd64.tar.gz
SVIP:
[root@k8s-cluster251 ~]# wget http://192.168.21.253/Resources/Kubernetes/Add-ons/helm/softwares/helm-v3.19.4-linux-amd64.tar.gz
2.解压软件包
[root@k8s-cluster251 ~]# tar xf helm-v3.19.4-linux-amd64.tar.gz -C /usr/local/bin/ linux-amd64/helm --strip-components=1
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# ll /usr/local/bin/helm
-rwxr-xr-x 1 1001 fwupd-refresh 59715768 Jul 9 04:36 /usr/local/bin/helm*
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# helm version
version.BuildInfo{Version:"v3.19.4", GitCommit:"7cfb6e486dac026202556836bb910c37d847793e", GitTreeState:"clean", GoVersion:"go1.24.11"}
[root@k8s-cluster251 ~]#
3.配置helm的自动补全功能
[root@k8s-cluster251 ~]# helm completion bash > /etc/bash_completion.d/helm
[root@k8s-cluster251 ~]# source /etc/bash_completion.d/helm
[root@k8s-cluster251 ~]# echo 'source /etc/bash_completion.d/helm' >> ~/.bashrc
[root@k8s-cluster251 ~]#
1 下载资源清单
[root@k8s-cluster251 ~]# wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/high-availability-1.21+.yaml
SVIP:
[root@k8s-cluster251 ~]# wget http://192.168.21.253/Resources/Kubernetes/Add-ons/metrics-server/0.8.x/high-availability-1.21%2B.yaml
2 编辑配置文件
[root@k8s-cluster251 ~]# vim high-availability-1.21+.yaml
...
114 apiVersion: apps/v1
115 kind: Deployment
116 metadata:
...
144 - args:
145 - --kubelet-insecure-tls # 不要验证Kubelets提供的服务证书的CA。不配置则会报错x509。
...
... image: registry.aliyuncs.com/google_containers/metrics-server:v0.8.0
3 部署metrics-server组件
[root@k8s-cluster251 ~]# kubectl apply -f high-availability-1.21+.yaml
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
poddisruptionbudget.policy/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
[root@k8s-cluster251 ~]#
4 查看镜像是否部署成功
[root@k8s-cluster251 ~]# kubectl get pods,svc -n kube-system -l k8s-app=metrics-server -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/metrics-server-79bdcb6569-lsbs6 1/1 Running 0 34s 10.100.99.14 k8s-cluster252 <none> <none>
pod/metrics-server-79bdcb6569-mtgm8 1/1 Running 0 34s 10.100.86.12 k8s-cluster251 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/metrics-server ClusterIP 10.200.157.24 <none> 443/TCP 34s k8s-app=metrics-server
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# kubectl -n kube-system describe svc metrics-server
Name: metrics-server
Namespace: kube-system
Labels: k8s-app=metrics-server
Annotations: <none>
Selector: k8s-app=metrics-server
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.200.157.24
IPs: 10.200.157.24
Port: https 443/TCP
TargetPort: https/TCP
Endpoints: 10.100.99.14:10250,10.100.86.12:10250
Session Affinity: None
Internal Traffic Policy: Cluster
Events: <none>
[root@k8s-cluster251 ~]#
5.检查apiService各API组件是否正常工作【关注AVAILABLE字段是否为true】
[root@k8s-cluster251 ~]# kubectl get apiservices
NAME SERVICE AVAILABLE AGE
v1. Local True 15h
v1.admissionregistration.k8s.io Local True 15h
v1.apiextensions.k8s.io Local True 15h
v1.apps Local True 15h
v1.authentication.k8s.io Local True 15h
v1.authorization.k8s.io Local True 15h
v1.autoscaling Local True 15h
v1.batch Local True 15h
v1.certificates.k8s.io Local True 15h
v1.coordination.k8s.io Local True 15h
v1.crd.projectcalico.org Local True 14h
v1.discovery.k8s.io Local True 15h
v1.events.k8s.io Local True 15h
v1.flowcontrol.apiserver.k8s.io Local True 15h
v1.networking.k8s.io Local True 15h
v1.node.k8s.io Local True 15h
v1.operator.tigera.io Local True 14h
v1.policy Local True 15h
v1.rbac.authorization.k8s.io Local True 15h
v1.resource.k8s.io Local True 15h
v1.scheduling.k8s.io Local True 15h
v1.storage.k8s.io Local True 15h
v1alpha1.policy.networking.k8s.io Local True 14h
v1beta1.metallb.io Local True 6m6s
v1beta1.metrics.k8s.io kube-system/metrics-server True 4m6s
v1beta2.metallb.io Local True 6m6s
v2.autoscaling Local True 15h
v3.projectcalico.org calico-system/calico-api True 14h
[root@k8s-cluster251 ~]#
6.验证metrics组件是否正常工作
[root@k8s-cluster251 ~]# kubectl top node
NAME CPU(cores) CPU(%) MEMORY(bytes) MEMORY(%)
k8s-cluster251 101m 5% 1951Mi 51%
k8s-cluster252 110m 5% 2022Mi 53%
k8s-cluster253 113m 5% 1777Mi 47%
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# kubectl top pod -A
NAMESPACE NAME CPU(cores) MEMORY(bytes)
calico-system calico-apiserver-84cf6f57f5-hmk9s 2m 42Mi
calico-system calico-apiserver-84cf6f57f5-wr4j8 3m 59Mi
calico-system calico-kube-controllers-56647c4dd5-vg8l7 1m 26Mi
calico-system calico-node-4tvrw 24m 170Mi
calico-system calico-node-7zwv8 29m 173Mi
calico-system calico-node-g6wjx 23m 172Mi
calico-system calico-typha-65cfc6d749-6qxqp 2m 23Mi
calico-system calico-typha-65cfc6d749-8fbpl 2m 22Mi
calico-system csi-node-driver-9kqn7 1m 11Mi
calico-system csi-node-driver-nkbmn 1m 9Mi
calico-system csi-node-driver-r7sm6 1m 16Mi
calico-system goldmane-5b885c5555-rn9h7 3m 44Mi
calico-system whisker-696875685d-m62dt 0m 12Mi
default deploy-xiuxian-5b84656669-ft9v6 0m 5Mi
default deploy-xiuxian-5b84656669-g2tst 0m 2Mi
default deploy-xiuxian-5b84656669-pdrgr 0m 3Mi
kube-system coredns-567fbccfb4-8btdf 1m 13Mi
kube-system metrics-server-8f77b4d8d-c486v 3m 20Mi
kube-system metrics-server-8f77b4d8d-mpphg 3m 17Mi
metallb-system controller-59f49888d7-kj9l9 2m 22Mi
metallb-system speaker-gkcrz 4m 16Mi
metallb-system speaker-p7pr4 3m 16Mi
metallb-system speaker-rhjwp 4m 16Mi
tigera-operator tigera-operator-6447996989-nskk8 4m 66Mi
[root@k8s-cluster251 ~]#
参考链接:
https://github.com/kubernetes/dashboard
1.添加Dashboard的仓库地址
[root@k8s-cluster251 ~]# helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
"kubernetes-dashboard" has been added to your repositories
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# helm repo list
NAME URL
kubernetes-dashboard https://kubernetes.github.io/dashboard/
[root@k8s-cluster251 ~]#
2.安装Dashboard
[root@k8s-cluster251 ~]# helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
Release "kubernetes-dashboard" does not exist. Installing it now.
Error: Get "https://github.com/kubernetes/dashboard/releases/download/kubernetes-dashboard-7.13.0/kubernetes-dashboard-7.13.0.tgz": dial tcp 20.205.243.166:443: connect: connection refused
[root@k8s-cluster251 ~]#
svip:
[root@k8s-cluster251 ~]# wget http://192.168.21.253/Resources/Kubernetes/Add-ons/dashboard/helm/v7.13.0/kubernetes-dashboard-7.13.0.tgz
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# tar xf kubernetes-dashboard-7.13.0.tgz
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# ll kubernetes-dashboard
total 56
drwxr-xr-x 4 root root 4096 Aug 1 14:55 ./
drwx------ 10 root root 4096 Aug 1 14:55 ../
-rw-r--r-- 1 root root 497 May 28 23:14 Chart.lock
drwxr-xr-x 6 root root 4096 Aug 1 14:55 charts/
-rw-r--r-- 1 root root 982 May 28 23:14 Chart.yaml
-rw-r--r-- 1 root root 948 May 28 23:14 .helmignore
-rw-r--r-- 1 root root 8209 May 28 23:14 README.md
drwxr-xr-x 10 root root 4096 Aug 1 14:55 templates/
-rw-r--r-- 1 root root 13729 May 28 23:14 values.yaml
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# helm upgrade --install mywebui kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
Release "mywebui" does not exist. Installing it now.
NAME: mywebui
LAST DEPLOYED: Tue Jan 27 11:14:01 2026
NAMESPACE: kubernetes-dashboard
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
*************************************************************************************************
*** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready ***
*************************************************************************************************
Congratulations! You have just installed Kubernetes Dashboard in your cluster.
To access Dashboard run:
kubectl -n kubernetes-dashboard port-forward svc/mywebui-kong-proxy 8443:443
NOTE: In case port-forward command does not work, make sure that kong service name is correct.
Check the services in Kubernetes Dashboard namespace using:
kubectl -n kubernetes-dashboard get svc
Dashboard will be available at:
https://localhost:8443
[root@k8s-cluster251 ~]#
3.查看部署信息
[root@k8s-cluster251 ~]# helm -n kubernetes-dashboard list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
mywebui kubernetes-dashboard 1 2025-08-01 14:55:46.018206818 +0800 CST deployed kubernetes-dashboard-7.13.0
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# kubectl -n kubernetes-dashboard get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mywebui-kong-5bdcb94b79-86ftr 1/1 Running 0 9m37s 10.100.86.11 k8s-cluster251 <none> <none>
mywebui-kubernetes-dashboard-api-74fbd85467-vspv9 1/1 Running 0 9m37s 10.100.88.16 k8s-cluster253 <none> <none>
mywebui-kubernetes-dashboard-auth-69d4c5864b-zpzcj 1/1 Running 0 9m37s 10.100.99.13 k8s-cluster252 <none> <none>
mywebui-kubernetes-dashboard-metrics-scraper-5c99c5ccc8-4f96n 1/1 Running 0 9m37s 10.100.86.10 k8s-cluster251 <none> <none>
mywebui-kubernetes-dashboard-web-cd678f7dd-bmjgj 1/1 Running 0 9m37s 10.100.88.15 k8s-cluster253 <none> <none>
[root@k8s-cluster251 ~]#
SVIP镜像下载地址:
http://192.168.21.253/Resources/Kubernetes/Add-ons/dashboard/helm/v7.13.0/images/
4.修改svc的类型
[root@k8s-cluster251 ~]# kubectl get svc -n kubernetes-dashboard mywebui-kong-proxy
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mywebui-kong-proxy ClusterIP 10.200.64.101 <none> 443/TCP 10m
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# kubectl edit svc -n kubernetes-dashboard mywebui-kong-proxy
service/mywebui-kong-proxy edited
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# kubectl get svc -n kubernetes-dashboard mywebui-kong-proxy
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mywebui-kong-proxy LoadBalancer 10.200.64.101 10.0.0.151 443:14400/TCP 10m
[root@k8s-cluster251 ~]#
5.访问WebUI
https://10.0.0.151/#/login
6.创建登录账号
6.1 创建sa
[root@k8s-cluster251 ~]# kubectl create serviceaccount admin
serviceaccount/admin created
[root@k8s-cluster251 ~]#
6.2 将sa和CLuster-admin进行绑定
[root@k8s-cluster251 ~]# kubectl create clusterrolebinding dashboard-admin --serviceaccount=default:admin --clusterrole=cluster-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@k8s-cluster251 ~]#
6.3 获取账号的token并进行webUI的登录
[root@k8s-cluster251 ~]# kubectl create token admin
eyJhbGciOiJSUzI1NiIsImtpZCI6IjFSTlY2dk5FS3BrdHkySFNnTW1nZFJSMXhibU83X0twWFhMUHBhZGRhV2sifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLm9sZGJveWVkdS5jb20iXSwiZXhwIjoxNzU0MDM1Njc1LCJpYXQiOjE3NTQwMzIwNzUsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5vbGRib3llZHUuY29tIiwianRpIjoiNjc1NTgyZDAtZTMyYS00NjkwLTllODQtZWMyMTJiY2JhYTM4Iiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0Iiwic2VydmljZWFjY291bnQiOnsibmFtZSI6ImFkbWluIiwidWlkIjoiZDgwY2E0OTgtOTE0ZC00MjI4LWI3YmMtMTNlNjYyNjkzYmE1In19LCJuYmYiOjE3NTQwMzIwNzUsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmFkbWluIn0.Pth4k-a23691RSdkrklTqwcfyoUyKM675q5Tkjpiw1IsWWoo1_tqm0oh7DTHqcMNtyTnQGvauLLLuKi8ANn2344z3wO_qGIl6wOL7X9qXS5stxhJUWYVA_tokcAoLgomERDy7xNFV03plJIW60g53yfP1oA7ng4z7g5AZArRy2Mf1tvkFTaiMtRK3Ovsnj9K-CGox3R3vpl1Qrkvmnrd-Z465-V61DLmrlyf6YRrSt7sLDIcjeoiEq0DKs4Jau-srAJTIdvJi0OSkVucYlxAyJx5fTPmW4LyFcsWe7tAQBZg-9p0Bu9Rr4scOAhxVDjuu7Rs4gbXLdX0iL-GkMVyfA
[root@k8s-cluster251 ~]#
1.添加仓库
[root@k8s-cluster251 ~]# helm repo add traefik https://traefik.github.io/charts
"traefik" has been added to your repositories
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# helm repo list
NAME URL
traefik https://traefik.github.io/charts
[root@k8s-cluster251 ~]#
2.更新仓库信息
[root@k8s-cluster251 ~]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "traefik" chart repository
Update Complete. ⎈Happy Helming!⎈
[root@k8s-cluster251 ~]#
3.下载指的版本的Chart
[root@k8s-cluster251 ~]# helm search repo traefik
NAME CHART VERSION APP VERSION DESCRIPTION
traefik/traefik 39.0.0 v3.6.7 A Traefik based Kubernetes ingress controller
traefik/traefik-crds 1.14.0 A Traefik based Kubernetes ingress controller
traefik/traefik-hub 4.2.0 v2.11.0 Traefik Hub Ingress Controller
traefik/traefik-mesh 4.1.1 v1.4.8 Traefik Mesh - Simpler Service Mesh
traefik/traefikee 4.2.6 v2.12.6 Traefik Enterprise is a unified cloud-native ne...
traefik/maesh 2.1.2 v1.3.2 Maesh - Simpler Service Mesh
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# helm pull traefik/traefik --version 37.4.0
[root@k8s-cluster251 ~]#
4.解压Chart包
[root@k8s-cluster251 ~]# tar xf traefik-37.4.0.tgz
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# ll traefik
total 788
drwxr-xr-x 4 root root 4096 Jan 29 12:24 ./
drwx------ 8 root root 4096 Jan 29 12:24 ../
-rw-r--r-- 1 root root 475461 Nov 21 15:28 Changelog.md
-rw-r--r-- 1 root root 1010 Nov 21 15:28 Chart.yaml
drwxr-xr-x 2 root root 4096 Jan 29 12:24 crds/
-rw-r--r-- 1 root root 46391 Nov 21 15:28 EXAMPLES.md
-rw-r--r-- 1 root root 1316 Nov 21 15:28 Guidelines.md
-rw-r--r-- 1 root root 31 Nov 21 15:28 .helmignore
-rw-r--r-- 1 root root 11371 Nov 21 15:28 LICENSE
-rw-r--r-- 1 root root 7837 Nov 21 15:28 README.md
-rw-r--r-- 1 root root 267 Nov 21 15:28 .schema.yaml
drwxr-xr-x 3 root root 4096 Jan 29 12:24 templates/
-rw-r--r-- 1 root root 59861 Nov 21 15:28 VALUES.md
-rw-r--r-- 1 root root 97643 Nov 21 15:28 values.schema.json
-rw-r--r-- 1 root root 63966 Nov 21 15:28 values.yaml
[root@k8s-cluster251 ~]#
5.开启Dashboard参数
[root@master231 traefik]# vim traefik/values.yaml +205
...
202 ingressRoute:
203 dashboard:
204 # -- Create an IngressRoute for the dashboard
205 # enabled: false
206 enabled: true
6.基于Chart进行安装
[root@k8s-cluster251 ~]# helm install traefik-server traefik -n traefik --create-namespace
NAME: traefik-server
LAST DEPLOYED: Thu Jan 29 12:24:55 2026
NAMESPACE: traefik
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
traefik-server with docker.io/traefik:v3.6.2 has been deployed successfully on traefik namespace !
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# helm list -n traefik
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
traefik-server traefik 1 2026-01-29 12:24:55.881503724 +0800 CST deployed traefik-37.4.0 v3.6.2
[root@k8s-cluster251 ~]#
7.查看服务
[root@k8s-cluster251 ~]# kubectl get ingressclasses,deploy,svc,po -o wide -n traefik
NAME CONTROLLER PARAMETERS AGE
ingressclass.networking.k8s.io/traefik-server traefik.io/ingress-controller <none> 5s
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/traefik-server 1/1 1 1 5s traefik-server docker.io/traefik:v3.6.2 app.kubernetes.io/instance=traefik-server-traefik,app.kubernetes.io/name=traefik
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/traefik-server LoadBalancer 10.200.38.167 10.0.0.152 80:25287/TCP,443:11863/TCP 5s app.kubernetes.io/instance=traefik-server-traefik,app.kubernetes.io/name=traefik
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/traefik-server-6fc9d47d59-rk7jw 1/1 Running 0 5s 10.100.105.9 k8s-cluster253 <none> <none>
[root@k8s-cluster251 ~]#
温馨提示:
如果无法下载镜像,则需要你手动下载。
SVIP直接来我的仓库获取:
http://192.168.21.253/Resources/Kubernetes/Add-ons/traefik/
8.基于Ingress暴露Traefik的dashboard
[root@k8s-cluster251 ~]# cat > ingress-traefik-dashboard.yaml <<EOF
apiVersion: v1
kind: Service
metadata:
name: svc-traefik-server
namespace: traefik
spec:
selector:
app.kubernetes.io/instance: traefik-server-traefik
ports:
- port: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-traefik-server
namespace: traefik
spec:
ingressClassName: traefik-server
rules:
- host: traefik.yinzhengjie.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: svc-traefik-server
port:
number: 8080
EOF
[root@k8s-cluster251 ~]# kubectl apply -f ingress-traefik-dashboard.yaml
service/svc-traefik-server created
ingress.networking.k8s.io/ingress-traefik-server created
[root@k8s-cluster251 ~]#
9.访问Traefik的WebUI【效果如上图所示】
http://traefik.yinzhengjie.com/dashboard/
温馨提示:
windows的hosts添加解析记录'10.0.0.152 traefik.oldboyedu.com'。
1.卸载Calico
[root@k8s-cluster251 ~]# kubectl delete -f custom-resources.yaml
installation.operator.tigera.io "default" deleted
apiserver.operator.tigera.io "default" deleted
goldmane.operator.tigera.io "default" deleted
whisker.operator.tigera.io "default" deleted
[root@k8s-cluster251 ~]#
2.卸载Tigera Operator和自定义资源定义
[root@k8s-cluster251 ~]# kubectl delete -f tigera-operator.yaml
namespace "tigera-operator" deleted
serviceaccount "tigera-operator" deleted from tigera-operator namespace
clusterrole.rbac.authorization.k8s.io "tigera-operator-secrets" deleted
clusterrole.rbac.authorization.k8s.io "tigera-operator" deleted
clusterrolebinding.rbac.authorization.k8s.io "tigera-operator" deleted
rolebinding.rbac.authorization.k8s.io "tigera-operator-secrets" deleted from tigera-operator namespace
deployment.apps "tigera-operator" deleted from tigera-operator namespace
[root@k8s-cluster251 ~]#
3.删除calico程序
[root@k8s-cluster251 ~]# ll /opt/cni/bin/calico*
-rwxr-xr-x 1 root root 82580224 Jan 26 16:22 /opt/cni/bin/calico*
-rwxr-xr-x 1 root root 82580224 Jan 26 16:22 /opt/cni/bin/calico-ipam*
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# rm -f /opt/cni/bin/calico*
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# rm -f /etc/cni/net.d/{10-calico.conflist,calico-kubeconfig}
[root@k8s-cluster251 ~]#
[root@k8s-cluster252 ~]# ll /opt/cni/bin/calico*
-rwxr-xr-x 1 root root 82580224 Jan 26 16:22 /opt/cni/bin/calico*
-rwxr-xr-x 1 root root 82580224 Jan 26 16:22 /opt/cni/bin/calico-ipam*
[root@k8s-cluster252 ~]#
[root@k8s-cluster252 ~]# rm -f /opt/cni/bin/calico*
[root@k8s-cluster252 ~]#
[root@k8s-cluster252 ~]# rm -f /etc/cni/net.d/{10-calico.conflist,calico-kubeconfig}
[root@k8s-cluster252 ~]#
[root@k8s-cluster253 ~]# ll /opt/cni/bin/calico*
-rwxr-xr-x 1 root root 82580224 Jan 26 16:22 /opt/cni/bin/calico*
-rwxr-xr-x 1 root root 82580224 Jan 26 16:22 /opt/cni/bin/calico-ipam*
[root@k8s-cluster253 ~]#
[root@k8s-cluster253 ~]# rm -f /opt/cni/bin/calico*
[root@k8s-cluster253 ~]#
[root@k8s-cluster253 ~]# rm -f /etc/cni/net.d/{10-calico.conflist,calico-kubeconfig}
[root@k8s-cluster253 ~]#
1.下载资源清单
wget https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
SVIP:
[root@k8s-cluster251 ~]# wget http://192.168.21.253/Resources/Kubernetes/K8S%20Cluster/CNI/flannel/kube-flannel-v0.28.0.yml
2.修改Pod网段
[root@k8s-cluster251 ~]# grep 16 kube-flannel-v0.28.0.yml
"Network": "10.244.0.0/16",
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# sed -i '/16/s#244#100#' kube-flannel-v0.28.0.yml
[root@k8s-cluster251 ~]#
[root@k8s-cluster251 ~]# grep 16 kube-flannel-v0.28.0.yml
"Network": "10.100.0.0/16",
[root@k8s-cluster251 ~]#
3.安装Flannel
[root@k8s-cluster251 ~]# kubectl apply -f kube-flannel-v0.28.0.yml
namespace/kube-flannel created
serviceaccount/flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
[root@k8s-cluster251 ~]#
4.检查falnnel的pod是否部署成功
[root@k8s-cluster251 ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-flannel kube-flannel-ds-gsvcs 1/1 Running 0 6m51s
kube-flannel kube-flannel-ds-lg9hf 1/1 Running 0 6m51s
kube-flannel kube-flannel-ds-pcnz5 1/1 Running 0 6m51s
[root@k8s-cluster251 ~]#
参考链接:
https://kubernetes.io/zh-cn/blog/2025/11/26/kubernetes-v1-35-sneak-peek/
如上图所示,需要注意如下两点:
- 1.k8s 1.35版本中弃用了ipvs模式,推荐使用nftables工作模式。
- 2.k8s 1.35版本最低的支持containerd版本为1.7,推荐大家使用containerd 2.x版本;
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。