Docker for Mac builds Kubernetes

Others 2020-09-14 18:45:50 views: null

Docker for Mac builds Kubernetes

Docker for Mac builds Kubernetes

Install Docker for Mac

Directly on the official website to download and install.
Insert picture description here

Install Kubernetes

First download the mirror image required by k8s
git clone [email protected]:maguowei/k8s-docker-desktop-for-mac
. After git clone, cd k8s-docker-desktop-for-mac

root@MacBook-Pro k8s-docker-desktop-for-mac % cat images
k8s.gcr.io/kube-proxy:v1.18.8=gotok8s/kube-proxy:v1.18.8
k8s.gcr.io/kube-controller-manager:v1.18.8=gotok8s/kube-controller-manager:v1.18.8
k8s.gcr.io/kube-scheduler:v1.18.8=gotok8s/kube-scheduler:v1.18.8
k8s.gcr.io/kube-apiserver:v1.18.8=gotok8s/kube-apiserver:v1.18.8
k8s.gcr.io/coredns:1.6.7=gotok8s/coredns:1.6.7
k8s.gcr.io/pause:3.2=gotok8s/pause:3.2
k8s.gcr.io/etcd:3.4.3-0=gotok8s/etcd:3.4.3-0

The download mirror script ./load_images.sh
Undo: Ctrl/Command + Z Redo: Ctrl/Command + Y Bold: Ctrl/Command + B Italic: Ctrl/Command + I Title: Ctrl/Command + Shift + H Unordered list: Ctrl/Command + Shift + U Ordered list: Ctrl/Command + Shift + O Check list: Ctrl/Command + Shift + C Insert code: Ctrl/Command + Shift + K Insert link: Ctrl/Command + Shift + L Insert picture: Ctrl/Command + Shift + G Find: Ctrl/Command + F Replace: Ctrl/Command + G
shown: Click Apply & Restart wait for a while to install

Deploy the Kubernetes dashboard

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

There will be an access denied problem here

The connection to the server raw.githubusercontent.com was refused - did you

Reason: The external network is not accessible.
Solution:

# 在https://www.ipaddress.com/查询raw.githubusercontent.com的真实IP。
sudo vim /etc/hosts
199.232.28.133 raw.githubusercontent.com

Re-execute the command, dashboard can be installed successfully

Enable local access proxy

$ kubectl proxy

Access the Dashboard through the following link: http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login
Insert picture description here

Configure console access token

If you are not logged in, you will be redirected to the login page by default, and you can log in using config or token. We log in using token here.

In general, the login tokens are stored in the kube-system namespace in the form of secret objects by default, and we execute

kubectl get secret -n=kube-system

root@MacBook-Pro / % kubectl get secret -n=kube-system
NAME                                             TYPE                                  DATA   AGE
attachdetach-controller-token-zh7nl              kubernetes.io/service-account-token   3      2d17h
bootstrap-signer-token-56h5s                     kubernetes.io/service-account-token   3      2d17h
certificate-controller-token-h8ksb               kubernetes.io/service-account-token   3      2d17h
clusterrole-aggregation-controller-token-lh9hr   kubernetes.io/service-account-token   3      2d17h
coredns-token-gmswh                              kubernetes.io/service-account-token   3      2d17h
cronjob-controller-token-2dg84                   kubernetes.io/service-account-token   3      2d17h
daemon-set-controller-token-m5kt5                kubernetes.io/service-account-token   3      2d17h
default-token-fxmsx                              kubernetes.io/service-account-token   3      2d17h
deployment-controller-token-sb8td                kubernetes.io/service-account-token   3      2d17h
disruption-controller-token-5gr2t                kubernetes.io/service-account-token   3      2d17h
endpoint-controller-token-z5fdv                  kubernetes.io/service-account-token   3      2d17h
endpointslice-controller-token-5kb5p             kubernetes.io/service-account-token   3      2d17h
expand-controller-token-vj8pq                    kubernetes.io/service-account-token   3      2d17h
flannel-token-b6n5r                              kubernetes.io/service-account-token   3      36m
generic-garbage-collector-token-mtsmx            kubernetes.io/service-account-token   3      2d17h
horizontal-pod-autoscaler-token-lwqt4            kubernetes.io/service-account-token   3      2d17h
job-controller-token-wlwdk                       kubernetes.io/service-account-token   3      2d17h
kube-proxy-token-c6bkz                           kubernetes.io/service-account-token   3      2d17h
namespace-controller-token-vqv4l                 kubernetes.io/service-account-token   3      2d17h
node-controller-token-stx6s                      kubernetes.io/service-account-token   3      2d17h
persistent-volume-binder-token-nnjdv             kubernetes.io/service-account-token   3      2d17h
pod-garbage-collector-token-jxj5b                kubernetes.io/service-account-token   3      2d17h
pv-protection-controller-token-xfslw             kubernetes.io/service-account-token   3      2d17h
pvc-protection-controller-token-pchcz            kubernetes.io/service-account-token   3      2d17h
replicaset-controller-token-bdz8v                kubernetes.io/service-account-token   3      2d17h
replication-controller-token-z2hc6               kubernetes.io/service-account-token   3      2d17h
resourcequota-controller-token-cxt4d             kubernetes.io/service-account-token   3      2d17h
service-account-controller-token-t2zjp           kubernetes.io/service-account-token   3      2d17h
service-controller-token-8xmxq                   kubernetes.io/service-account-token   3      2d17h
statefulset-controller-token-fskls               kubernetes.io/service-account-token   3      2d17h
storage-provisioner-token-jtdbx                  kubernetes.io/service-account-token   3      2d17h
token-cleaner-token-hmdpr                        kubernetes.io/service-account-token   3      2d17h
ttl-controller-token-fbrn4                       kubernetes.io/service-account-token   3      2d17h
vpnkit-controller-token-pr2mp                    kubernetes.io/service-account-token   3      2d17h

Most of these secrets can be used to access the dashboard, only different accounts have different permissions, and many accounts are restricted and cannot be operated. For example, we use default-token-fxmsxthe token contained in the secret name to log in.
We use the following command to view the secret contains The value of the token

kubectl describe secret -n=kube-system default-token-fxmsx

root@MacBook-Pro / % kubectl describe secret -n=kube-system default-token-fxmsx
Name:         default-token-fxmsx
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: default
              kubernetes.io/service-account.uid: d32da154-5849-4f48-a55d-45788ed74722

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InlHR3BKSzI3WUxBRjhhRDJBdTBOZHh5M3Z6a3daV2tOTFRubGNpVVIwMG8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZWZhdWx0LXRva2VuLWZ4bXN4Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkMzJkYTE1NC01ODQ5LTRmNDgtYTU1ZC00NTc4OGVkNzQ3MjIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06ZGVmYXVsdCJ9.LCZqTTh8UY977km9_ApB9-lLDkBeZklmw74os-AU0Iyc5X0QGWw-TRzhsmLPRMf9qtRqQBowqPBH4qDIXE8hunAZ9_FZ8-zLYszNU3KjEor_UXlXqEg3iiKijYCc7IEj1aqSrcbzJq9Okd76YObhTrOoK2iujA-Zm-XRG4makVq6wCtPBnkHL063fIVxURcqxwvacCzew5iI-F-SCE-1xu0AqvFfxEJN9SVcqXFw7-YVHaf9xQ5f83eoafkMTDl11pS6rawx-CzBbNPg7dj8EIyNv8np7zgbiPET0QJZkno1IZWZqfMfiuW7sD_sGpZDfAthC8u-x2uyzzAW3lF6hQ

We copy the above token value and paste it into the token on the login page to log in.
Insert picture description here

How to configure a token with full permissions

Create a dashboard to manage users

kubectl create serviceaccount dashboard-admin -n kube-system

root@MacBook-Pro / % kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created

Bind users as cluster management users

kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

root@MacBook-Pro / % kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created

After performing the above operations, because the name of the administrative user is dashboard-admin, the value of the corresponding secret generated dashboard-admin-token-随机字符串is the full name on my machinedashboard-admin-token-h4p7c

luwb@MacBook-Pro / % kubectl get secret -n=kube-system |grep dashboard-admin-token
dashboard-admin-token-h4p7c                      kubernetes.io/service-account-token   3      89s

You can see the full name of this secret, or do not use grep pipeline, list all the secrets, and then and find the need.
Then by kubectl describe secretviewing token command

root@MacBook-Pro / % kubectl describe -n=kube-system  secret dashboard-admin-token-h4p7c
Name:         dashboard-admin-token-h4p7c
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 81849b91-d566-4f7e-96c7-99eced49e2c2

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InlHR3BKSzI3WUxBRjhhRDJBdTBOZHh5M3Z6a3daV2tOTFRubGNpVVIwMG8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4taDRwN2MiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiODE4NDliOTEtZDU2Ni00ZjdlLTk2YzctOTllY2VkNDllMmMyIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.ZVv8EZiO_099cVMdDmBIWT9_F-VLywt22Oihmnx7hRyFYWrcS7PK5olYfvuS-z4ya37IE4RTwzd5fe55FcG52Nv-IYJJCPQu-pgqyiWk_pTCr80rj-1-_RYasDarwfT_3URFZuI0_jmLH9bQo412M6q-3PE1j7rhp0TylQLa-l2BN42ulYz-qyQ24TyAafwd_L7PfWzki7S6bfRBYSLIUUn8V1vfyKRrsJ8LOZSBp5ZoK9tdGuRFS5aVY1iK58is3InZRvvI-22PKH2LQ2JVNbGipoI9JaTqtotiI1J0LZp__E-N1wEdNishempn9_JOUjWcRijsT82vvnDdLOQZEw

Guess you like

Origin blog.csdn.net/u010063830/article/details/108572391
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com