Docker for Mac 搭建 Kubernetes

其他 2020-09-14 13:11:05 阅读次数: 0

Docker for Mac 搭建 Kubernetes

Docker for Mac 搭建 Kubernetes

安装Docker for Mac

直接在 官网 下载安装。
在这里插入图片描述

安装Kubernetes

先下载k8s所需的镜像
git clone [email protected]:maguowei/k8s-docker-desktop-for-mac.git
克隆后 cd k8s-docker-desktop-for-mac

root@MacBook-Pro k8s-docker-desktop-for-mac % cat images
k8s.gcr.io/kube-proxy:v1.18.8=gotok8s/kube-proxy:v1.18.8
k8s.gcr.io/kube-controller-manager:v1.18.8=gotok8s/kube-controller-manager:v1.18.8
k8s.gcr.io/kube-scheduler:v1.18.8=gotok8s/kube-scheduler:v1.18.8
k8s.gcr.io/kube-apiserver:v1.18.8=gotok8s/kube-apiserver:v1.18.8
k8s.gcr.io/coredns:1.6.7=gotok8s/coredns:1.6.7
k8s.gcr.io/pause:3.2=gotok8s/pause:3.2
k8s.gcr.io/etcd:3.4.3-0=gotok8s/etcd:3.4.3-0

执行下载镜像脚本 ./load_images.sh
撤销:Ctrl/Command + Z重做:Ctrl/Command + Y加粗:Ctrl/Command + B斜体:Ctrl/Command + I标题:Ctrl/Command + Shift + H无序列表:Ctrl/Command + Shift + U有序列表:Ctrl/Command + Shift + O检查列表:Ctrl/Command + Shift + C插入代码:Ctrl/Command + Shift + K插入链接:Ctrl/Command + Shift + L插入图片:Ctrl/Command + Shift + G查找:Ctrl/Command + F替换:Ctrl/Command + G
如图:点击 Apply&Restart 等待一会安装

部署 Kubernetes dashboard

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

这边会遇到拒绝访问问题

The connection to the server raw.githubusercontent.com was refused - did you

原因:外网不可访问
解决方法:

# 在https://www.ipaddress.com/查询raw.githubusercontent.com的真实IP。
sudo vim /etc/hosts
199.232.28.133 raw.githubusercontent.com

重新执行命令,dashboard即可安装成功

开启本机访问代理

$ kubectl proxy

通过下面的连接访问 Dashboard: http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login
在这里插入图片描述

配置控制台访问令牌

如果没有登陆,则会默认定向到登陆页面,可以使用config或者token方式登陆.我们这里使用token方式登陆.

一般情况下,登陆的token默认都以secret对象的形式存在kube-system名称空间下,我们执行

kubectl get secret -n=kube-system

root@MacBook-Pro / % kubectl get secret -n=kube-system
NAME                                             TYPE                                  DATA   AGE
attachdetach-controller-token-zh7nl              kubernetes.io/service-account-token   3      2d17h
bootstrap-signer-token-56h5s                     kubernetes.io/service-account-token   3      2d17h
certificate-controller-token-h8ksb               kubernetes.io/service-account-token   3      2d17h
clusterrole-aggregation-controller-token-lh9hr   kubernetes.io/service-account-token   3      2d17h
coredns-token-gmswh                              kubernetes.io/service-account-token   3      2d17h
cronjob-controller-token-2dg84                   kubernetes.io/service-account-token   3      2d17h
daemon-set-controller-token-m5kt5                kubernetes.io/service-account-token   3      2d17h
default-token-fxmsx                              kubernetes.io/service-account-token   3      2d17h
deployment-controller-token-sb8td                kubernetes.io/service-account-token   3      2d17h
disruption-controller-token-5gr2t                kubernetes.io/service-account-token   3      2d17h
endpoint-controller-token-z5fdv                  kubernetes.io/service-account-token   3      2d17h
endpointslice-controller-token-5kb5p             kubernetes.io/service-account-token   3      2d17h
expand-controller-token-vj8pq                    kubernetes.io/service-account-token   3      2d17h
flannel-token-b6n5r                              kubernetes.io/service-account-token   3      36m
generic-garbage-collector-token-mtsmx            kubernetes.io/service-account-token   3      2d17h
horizontal-pod-autoscaler-token-lwqt4            kubernetes.io/service-account-token   3      2d17h
job-controller-token-wlwdk                       kubernetes.io/service-account-token   3      2d17h
kube-proxy-token-c6bkz                           kubernetes.io/service-account-token   3      2d17h
namespace-controller-token-vqv4l                 kubernetes.io/service-account-token   3      2d17h
node-controller-token-stx6s                      kubernetes.io/service-account-token   3      2d17h
persistent-volume-binder-token-nnjdv             kubernetes.io/service-account-token   3      2d17h
pod-garbage-collector-token-jxj5b                kubernetes.io/service-account-token   3      2d17h
pv-protection-controller-token-xfslw             kubernetes.io/service-account-token   3      2d17h
pvc-protection-controller-token-pchcz            kubernetes.io/service-account-token   3      2d17h
replicaset-controller-token-bdz8v                kubernetes.io/service-account-token   3      2d17h
replication-controller-token-z2hc6               kubernetes.io/service-account-token   3      2d17h
resourcequota-controller-token-cxt4d             kubernetes.io/service-account-token   3      2d17h
service-account-controller-token-t2zjp           kubernetes.io/service-account-token   3      2d17h
service-controller-token-8xmxq                   kubernetes.io/service-account-token   3      2d17h
statefulset-controller-token-fskls               kubernetes.io/service-account-token   3      2d17h
storage-provisioner-token-jtdbx                  kubernetes.io/service-account-token   3      2d17h
token-cleaner-token-hmdpr                        kubernetes.io/service-account-token   3      2d17h
ttl-controller-token-fbrn4                       kubernetes.io/service-account-token   3      2d17h
vpnkit-controller-token-pr2mp                    kubernetes.io/service-account-token   3      2d17h

这些secrets中的大部分都可以用来访问dashboard的,只有不同的账户权限不同,很多账户被限制不能进行操作.比如我们使用名称为default-token-fxmsx的secret包含的token进行登陆
我们使用以下命令来查看这个secret包含的token的值

kubectl describe secret -n=kube-system default-token-fxmsx

root@MacBook-Pro / % kubectl describe secret -n=kube-system default-token-fxmsx
Name:         default-token-fxmsx
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: default
              kubernetes.io/service-account.uid: d32da154-5849-4f48-a55d-45788ed74722

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InlHR3BKSzI3WUxBRjhhRDJBdTBOZHh5M3Z6a3daV2tOTFRubGNpVVIwMG8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZWZhdWx0LXRva2VuLWZ4bXN4Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkMzJkYTE1NC01ODQ5LTRmNDgtYTU1ZC00NTc4OGVkNzQ3MjIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06ZGVmYXVsdCJ9.LCZqTTh8UY977km9_ApB9-lLDkBeZklmw74os-AU0Iyc5X0QGWw-TRzhsmLPRMf9qtRqQBowqPBH4qDIXE8hunAZ9_FZ8-zLYszNU3KjEor_UXlXqEg3iiKijYCc7IEj1aqSrcbzJq9Okd76YObhTrOoK2iujA-Zm-XRG4makVq6wCtPBnkHL063fIVxURcqxwvacCzew5iI-F-SCE-1xu0AqvFfxEJN9SVcqXFw7-YVHaf9xQ5f83eoafkMTDl11pS6rawx-CzBbNPg7dj8EIyNv8np7zgbiPET0QJZkno1IZWZqfMfiuW7sD_sGpZDfAthC8u-x2uyzzAW3lF6hQ

我们复制以上token值,然后粘贴到登陆页面的token里,就可以登陆了.
在这里插入图片描述

如何配置一个拥有完整权限的token

创建一个dashboard管理用户

kubectl create serviceaccount dashboard-admin -n kube-system

root@MacBook-Pro / % kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created

绑定用户为集群管理用户

kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

root@MacBook-Pro / % kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created

执行完以上操作后,由于管理用户的名称为dashboard-admin,生成的对应的secret的值则为dashboard-admin-token-随机字符串我的机器上完整名称为dashboard-admin-token-h4p7c

luwb@MacBook-Pro / % kubectl get secret -n=kube-system |grep dashboard-admin-token
dashboard-admin-token-h4p7c                      kubernetes.io/service-account-token   3      89s

可以看到这个secret的完整名称,或者不使用grep管道,列出所有的secrets,然后从中寻找需要的.
接着通过 kubectl describe secret 命令查看token

root@MacBook-Pro / % kubectl describe -n=kube-system  secret dashboard-admin-token-h4p7c
Name:         dashboard-admin-token-h4p7c
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 81849b91-d566-4f7e-96c7-99eced49e2c2

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InlHR3BKSzI3WUxBRjhhRDJBdTBOZHh5M3Z6a3daV2tOTFRubGNpVVIwMG8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4taDRwN2MiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiODE4NDliOTEtZDU2Ni00ZjdlLTk2YzctOTllY2VkNDllMmMyIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.ZVv8EZiO_099cVMdDmBIWT9_F-VLywt22Oihmnx7hRyFYWrcS7PK5olYfvuS-z4ya37IE4RTwzd5fe55FcG52Nv-IYJJCPQu-pgqyiWk_pTCr80rj-1-_RYasDarwfT_3URFZuI0_jmLH9bQo412M6q-3PE1j7rhp0TylQLa-l2BN42ulYz-qyQ24TyAafwd_L7PfWzki7S6bfRBYSLIUUn8V1vfyKRrsJ8LOZSBp5ZoK9tdGuRFS5aVY1iK58is3InZRvvI-22PKH2LQ2JVNbGipoI9JaTqtotiI1J0LZp__E-N1wEdNishempn9_JOUjWcRijsT82vvnDdLOQZEw

猜你喜欢

转载自blog.csdn.net/u010063830/article/details/108572391
今日推荐
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
国产云输入法——仅华为无云端数据上传安全问题
开源日报 | 工业开源项目OGG 1.0;姐姐,你要和我一起配置火狐吗;苹果AI遥遥落后?Fedora 40
开放签电子签章:停止新增,优化体验,前进更进(五一假期前工作)
开源日报 | 中学生开源前端动画引擎;全球首个Llama3 8B中文版开源模型;联想电脑恐出局;Linus讽刺AI炒作
周排行
浏览器对同一域名进行请求的最大并发连接数
React Hook之自定义Hook
【转】MyBatis缓存机制
-Java-泛型
自动化测试常用脚本-发送邮件
LeetCode#859: Buddy Strings
java、Python处理字符串
第二篇の博客
Hadoop伪分布式环境安装
SQL Server进阶(十一)临时表、表变量
每日归档
更多
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022