【Docker】Mac下Docker启动Kubernetes
1.背景在Mac中安装了Docker之后,会自动安装了Kubernetes,正常情况下,我们只需要在Docker的Preferrences->Kubernetes中勾选Enable Kubernetes,然后点击Apply按钮即可。但由于伟大的墙的存在,这么一个简单的启动也会变得一波三折。如果您是直接在Docker中启用Kubernetes,Kubernetes的状态会一直都是kuberne
1.背景
在Mac中安装了Docker之后,会自动安装了Kubernetes,正常情况下,我们只需要在Docker的Preferrences->Kubernetes中勾选Enable Kubernetes,然后点击Apply按钮即可。但由于伟大的墙的存在,这么一个简单的启动也会变得一波三折。
如果您是直接在Docker中启用Kubernetes,Kubernetes的状态会一直都是kubernetes is starting…,原因是有一些Kubernetes依赖的镜像不能正常的下载。
参考:http://www.fwhyy.com/2019/05/building-kubernetes-in-mac/
Github上有个开源项目可以帮我们手动拉取镜像,执行下面命令拉去改项目代码到本地
git clone https://github.com/maguowei/k8s-docker-for-mac
在Docker中修改镜像地址为国内,如下图:
在命令行进入到k8s-docker-for-mac目录,执行sh load_images.sh就可以拉去镜像了。
(base) lcc@lcc github$ git clone https://github.com/maguowei/k8s-docker-for-mac
Cloning into 'k8s-docker-for-mac'...
remote: Enumerating objects: 10, done.
remote: Counting objects: 100% (10/10), done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 223 (delta 2), reused 7 (delta 2), pack-reused 213
Receiving objects: 100% (223/223), 850.63 KiB | 53.00 KiB/s, done.
Resolving deltas: 100% (83/83), done.
(base) lcc@lcc github$ cd k8s-docker-for-mac/
(base) lcc@lcc k8s-docker-for-mac$ sh load_images.sh
后来没搞定,还是用外网下载的才可以
验证集群状态
lcc@lcc ~$ kubectl cluster-info
Kubernetes master is running at https://kubernetes.docker.internal:6443
KubeDNS is running at https://kubernetes.docker.internal:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
(base) lcc@lcc ~$
(base) lcc@lcc ~$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
docker-desktop Ready master 3h32m v1.16.6-beta.0
(base) lcc@lcc ~$
查看详情
(base) lcc@lcc ~$ kubectl describe node
Name: docker-desktop
Roles: master
Labels: beta.kubernetes.io/arch=amd64
beta.kubernetes.io/os=linux
kubernetes.io/arch=amd64
kubernetes.io/hostname=docker-desktop
kubernetes.io/os=linux
node-role.kubernetes.io/master=
Annotations: kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
node.alpha.kubernetes.io/ttl: 0
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Mon, 18 May 2020 08:42:43 +0800
Taints: <none>
Unschedulable: false
Conditions:
Type Status LastHeartbeatTime LastTransitionTime Reason Message
---- ------ ----------------- ------------------ ------ -------
MemoryPressure False Mon, 18 May 2020 12:15:02 +0800 Mon, 18 May 2020 08:42:38 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available
DiskPressure False Mon, 18 May 2020 12:15:02 +0800 Mon, 18 May 2020 08:42:38 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure
PIDPressure False Mon, 18 May 2020 12:15:02 +0800 Mon, 18 May 2020 08:42:38 +0800 KubeletHasSufficientPID kubelet has sufficient PID available
Ready True Mon, 18 May 2020 12:15:02 +0800 Mon, 18 May 2020 08:42:38 +0800 KubeletReady kubelet is posting ready status
Addresses:
InternalIP: 192.168.65.3
Hostname: docker-desktop
Capacity:
cpu: 2
ephemeral-storage: 61255492Ki
hugepages-1Gi: 0
hugepages-2Mi: 0
memory: 2039264Ki
pods: 110
Allocatable:
cpu: 2
ephemeral-storage: 56453061334
hugepages-1Gi: 0
hugepages-2Mi: 0
memory: 1936864Ki
pods: 110
System Info:
Machine ID: 01675cd8-892b-4dcd-8d18-f912f731d55c
System UUID: d15a4cac-0000-0000-b965-c09f8687dea1
Boot ID: 426d1ee6-228a-42ff-bf5f-a6f245745104
Kernel Version: 4.19.76-linuxkit
OS Image: Docker Desktop
Operating System: linux
Architecture: amd64
Container Runtime Version: docker://19.3.8
Kubelet Version: v1.16.6-beta.0
Kube-Proxy Version: v1.16.6-beta.0
Non-terminated Pods: (14 in total)
Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits AGE
--------- ---- ------------ ---------- --------------- ------------- ---
docker compose-78f95d4f8c-548vm 0 (0%) 0 (0%) 0 (0%) 0 (0%) 3h31m
docker compose-api-6ffb89dc58-65qkc 0 (0%) 0 (0%) 0 (0%) 0 (0%) 3h31m
kube-system coredns-5644d7b6d9-db9gw 100m (5%) 0 (0%) 70Mi (3%) 170Mi (8%) 3h32m
kube-system coredns-5644d7b6d9-j4wb9 100m (5%) 0 (0%) 70Mi (3%) 170Mi (8%) 3h32m
kube-system etcd-docker-desktop 0 (0%) 0 (0%) 0 (0%) 0 (0%) 3h31m
kube-system kube-apiserver-docker-desktop 250m (12%) 0 (0%) 0 (0%) 0 (0%) 3h31m
kube-system kube-controller-manager-docker-desktop 200m (10%) 0 (0%) 0 (0%) 0 (0%) 3h31m
kube-system kube-proxy-vnw6l 0 (0%) 0 (0%) 0 (0%) 0 (0%) 3h32m
kube-system kube-scheduler-docker-desktop 100m (5%) 0 (0%) 0 (0%) 0 (0%) 3h31m
kube-system kubernetes-dashboard-7c54d59f66-b7dvl 0 (0%) 0 (0%) 0 (0%) 0 (0%) 13m
kube-system storage-provisioner 0 (0%) 0 (0%) 0 (0%) 0 (0%) 3h31m
kube-system vpnkit-controller 0 (0%) 0 (0%) 0 (0%) 0 (0%) 3h31m
kubernetes-dashboard dashboard-metrics-scraper-c79c65bb7-n7jjw 0 (0%) 0 (0%) 0 (0%) 0 (0%) 5m16s
kubernetes-dashboard kubernetes-dashboard-56484d4c5-5z7dk 0 (0%) 0 (0%) 0 (0%) 0 (0%) 5m17s
Allocated resources:
(Total limits may be over 100 percent, i.e., overcommitted.)
Resource Requests Limits
-------- -------- ------
cpu 750m (37%) 0 (0%)
memory 140Mi (7%) 340Mi (17%)
ephemeral-storage 0 (0%) 0 (0%)
Events: <none>
(base) lcc@lcc ~$
3.部署 kubernetes dashboard
(base) lcc@lcc kubernetes$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
(base) lcc@lcc kubernetes$ ll
total 0
drwxr-xr-x 2 lcc staff 64 5 18 12:09 ./
drwxr-xr-x@ 43 lcc staff 1376 5 18 12:09 ../
(base) lcc@lcc kubernetes$ kubectl proxy --port=8080
Starting to serve on 127.0.0.1:8080
该文件默认位置在
(base) lcc@lcc kubernetes$ cat /System/Volumes/Data/Users/lcc/soft/kubernetes/kubernetes-dashboard.yaml
404: Not Found(base)
(base) lcc@lcc kubernetes$ cat kubernetes-dashboard.yaml
404: Not Found(base)
这个居然为空,先不管他。不过我感觉为空肯定会埋下炸弹💣
访问界面如下
配置界面如下 http://localhost:8080/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
3.1 需要有token才能登陆
我们采用令牌的方式进行登录,首先创建管理员角色,新建一个名为k8s-admin.yaml
的文件,内容如下:
(base) lcc@lcc kubernetes$ vi k8s-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
在命令行中进入到k8s-admin.yaml
文件所在目录,执行下面命令添加管理员角色
(base) lcc@lcc kubernetes$ kubectl create -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
获取管理员角色的secret
名称
(base) lcc@lcc kubernetes$ kubectl get secret -n kube-system
NAME TYPE DATA AGE
attachdetach-controller-token-vm872 kubernetes.io/service-account-token 3 13h
bootstrap-signer-token-qfq6q kubernetes.io/service-account-token 3 13h
bootstrap-token-abcdef bootstrap.kubernetes.io/token 6 13h
certificate-controller-token-dlhsh kubernetes.io/service-account-token 3 13h
clusterrole-aggregation-controller-token-lw5h8 kubernetes.io/service-account-token 3 13h
coredns-token-dv4pj kubernetes.io/service-account-token 3 13h
cronjob-controller-token-v2fbx kubernetes.io/service-account-token 3 13h
daemon-set-controller-token-lpcwg kubernetes.io/service-account-token 3 13h
dashboard-admin-token-g9t9x kubernetes.io/service-account-token 3 11s
default-token-gwxxz kubernetes.io/service-account-token 3 13h
deployment-controller-token-n9wd4 kubernetes.io/service-account-token 3 13h
disruption-controller-token-5d9c9 kubernetes.io/service-account-token 3 13h
endpoint-controller-token-l995h kubernetes.io/service-account-token 3 13h
expand-controller-token-lqxdh kubernetes.io/service-account-token 3 13h
generic-garbage-collector-token-hxtcl kubernetes.io/service-account-token 3 13h
horizontal-pod-autoscaler-token-pp7p4 kubernetes.io/service-account-token 3 13h
job-controller-token-2p8kj kubernetes.io/service-account-token 3 13h
kube-proxy-token-sh8fp kubernetes.io/service-account-token 3 13h
kubernetes-dashboard-certs Opaque 0 9h
kubernetes-dashboard-key-holder Opaque 2 9h
kubernetes-dashboard-token-mmd5v kubernetes.io/service-account-token 3 9h
namespace-controller-token-zf8xv kubernetes.io/service-account-token 3 13h
node-controller-token-gcw5n kubernetes.io/service-account-token 3 13h
persistent-volume-binder-token-hck6f kubernetes.io/service-account-token 3 13h
pod-garbage-collector-token-bmdh9 kubernetes.io/service-account-token 3 13h
pv-protection-controller-token-mrbb4 kubernetes.io/service-account-token 3 13h
pvc-protection-controller-token-jgddl kubernetes.io/service-account-token 3 13h
replicaset-controller-token-wt7p6 kubernetes.io/service-account-token 3 13h
replication-controller-token-tlwb7 kubernetes.io/service-account-token 3 13h
resourcequota-controller-token-zsnnw kubernetes.io/service-account-token 3 13h
service-account-controller-token-b7pz6 kubernetes.io/service-account-token 3 13h
service-controller-token-lk65l kubernetes.io/service-account-token 3 13h
statefulset-controller-token-t7ghl kubernetes.io/service-account-token 3 13h
storage-provisioner-token-6l2kd kubernetes.io/service-account-token 3 13h
token-cleaner-token-wzlgg kubernetes.io/service-account-token 3 13h
ttl-controller-token-zmdwf kubernetes.io/service-account-token 3 13h
vpnkit-controller-token-pmbjd kubernetes.io/service-account-token 3 13h
# dashboard-admin-token 后缀会变化
(base) lcc@lcc kubernetes$ kubectl get secret -n kube-system | grep admin
dashboard-admin-token-g9t9x kubernetes.io/service-account-token 3 119s
获取token值
(base) lcc@lcc kubernetes$ kubectl describe secret dashboard-admin-token-g9t9x -n kube-system
Name: dashboard-admin-token-g9t9x
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 911e9b29-3108-4d06-ad22-94b20f24c9e7
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlhjeEo4R1JnUlBnVklhcThwc1IxTnhSMWpsZzVmVm83SkZzb3I5QTBBQ0UifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZzl0OXgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOTExZTliMjktMzEwOC00ZDA2LWFkMjItOTRiMjBmMjRjOWU3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.KMjnnoJDhHQRFH8Uo-v8kby55jLi93xgN91cYux5kJDjr0QADyFeXc44Sv69Ge0jZFxHQJvPTk4vrbvuUuvAJfhZwuoGdmvkwBtj8WQ_JBecmQjnBwX0cDWst8735gDkCsqHjEyun8v3wJqng9Rbzx4gqS2pfOMv-d_c965SjHVqWCOMr1RqxRN7G0flLKrZ3d1S5C9KiI8QvUJcOnMFifykQ52zPtLyZgGQmwcCRCVi7oMzwIB_NSHP2wm_SC07uFgTRVHpzH6O8tU6BDYx18bIhHZdczmJHL58wFrzQ3yca6eS7QpMaEOqePyBpMWf5a-J6oVCbDj6CCWYLpb-uw
ca.crt: 1025 bytes
namespace: 11 bytes
(base) lcc@lcc kubernetes$
secret
后面名称就是上图中红框的名称,注意了,这里是从token:到后面的都是包括前面的空格,但是不包括后面的空格
。
将登陆界面切换到令牌的模式,上图中的token值粘贴到令牌输入框中,点击登录可以进入到管理界面,如下图:
更多推荐
所有评论(0)