之前在mac上体验kubernetes要使用minikube,最近发现Docker-Desktop自带的k8s更方便,简单记录一下安装过程。
docker-desktop安装及kubernetes启用
如果没有安装docker-desktop,可以先去 https://www.docker.com/products/docker-desktop 下载和安装。如果已经安装过,请升级到新的版本。我的docker版本是:
然后在Docker-Engine里配置一下国内镜像,这样kubernetes启用会迅速一些:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
{
"debug": true,
"registry-mirrors": [
"https://hub-mirror.c.163.com",
"https://mirror.baidubce.com"
],
"builder": {
"gc": {
"defaultKeepStorage": "20GB",
"enabled": true
}
},
"experimental": false
}
|
配置镜像后,可以使用下面命令检查一下:
1
2
3
4
5
|
# docker info
...
Registry Mirrors:
https://hub-mirror.c.163.com/
https://mirror.baidubce.com/
|
然后在图形界面上启用kubernets:
完成后使用kubectl命令检查一下版本:
1
2
3
|
# kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:23:52Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:15:20Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}
|
查看唯一的master节点:
1
2
3
|
# kubectl get node
NAME STATUS ROLES AGE VERSION
docker-desktop Ready master 18h v1.19.7
|
查看默认的名称空间:
1
2
3
4
5
6
|
# kubectl get ns(namespace)
NAME STATUS AGE
default Active 18h
kube-node-lease Active 18h
kube-public Active 18h
kube-system Active 18h
|
查看默认的pods:
1
2
3
4
5
6
7
8
9
10
11
|
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-f9fd979d6-76f9t 1/1 Running 1 18h
kube-system coredns-f9fd979d6-dm469 1/1 Running 1 18h
kube-system etcd-docker-desktop 1/1 Running 1 18h
kube-system kube-apiserver-docker-desktop 1/1 Running 1 18h
kube-system kube-controller-manager-docker-desktop 1/1 Running 1 18h
kube-system kube-proxy-xvv2f 1/1 Running 1 18h
kube-system kube-scheduler-docker-desktop 1/1 Running 1 18h
kube-system storage-provisioner 1/1 Running 2 18h
kube-system vpnkit-controller 1/1 Running 1 18h
|
接下来,我们安装kubernetes-dashboard。安装后可以图形化的管理/查看kubernetes的内部状态,非常方便,同时也可以验证搭建的kubernetes可以正常工作。
kubernetes-dashboard 的安装
首先下载kubernetes-dashboard的yaml文件:
1
|
curl -LO https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
|
使用apply子指令安装 kubectl apply -f recommended.yaml
所有yaml文件的启用都使用 kubectl apply
创建rbac权限的配置文件 kubernetes-dashboard-admin.yaml ,然后启用。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubernetes-dashboard-admin
namespace: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-admin
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard-admin
namespace: kubernetes-dashboard
|
命令正常执行就可以完成kubernetes-dashboard的安装。
使用proxy访问kubernetes-dashboard
我们先使用下面的命令,在本地8001端口代理kubernetes的内部服务:
然后使用浏览器访问下面的网页链接:
1
|
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/.
|
这时候页面会提示需要输入token。可以使用下面命令查看admin的token:
1
|
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep kubernetes-dashboard-admin | awk '{print $1}')
|
登录后就可以看到kubernetes的所有信息, 如图:
使用NodePort访问kubernetes-dashboard
使用proxy方式访问,需要先启动proxy服务,不太方便。我们可以更改kubernetes-dashboard服务为NodePort方式,这样可以直接使用ip+port方式访问。修改recommended.yaml的下面部分内容:
1
2
3
4
5
6
7
8
9
10
11
12
|
kind: Service # 服务
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard # 名称
namespace: kubernetes-dashboard
spec:
type: NodePort # 增加这一行
ports:
- port: 443
targetPort: 8443
|
然后使用kubectl apply更新dashboard,完成后检查本地端口:
1
2
3
4
|
kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.108.2.0 <none> 8000/TCP 106d
kubernetes-dashboard NodePort 10.110.204.165 <none> 443:32072/TCP 106d
|
使用firefox访问 https://127.0.0.1:32072/,这里的 32072 是使用NodePort方式部署的随机端口映射。
因为https的证书安全问题,chrome和safari都无法访问。
使用ingress访问kubernetes-dashboard
NodePort方式访问dashboard会有安全证书问题,单机最合适的方式还是部署ingress。先从下面路径下载nginx实现的ingress并安装:
1
|
curl -L https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.46.0/deploy/static/provider/cloud/deploy.yaml -o ingress-nginx.yaml
|
检查安装后的pod,ingress-nginx-controller需要是running状态表示安装完成:
1
2
3
4
5
|
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
ingress-nginx ingress-nginx-admission-create-p5znr 0/1 Completed 0 17h
ingress-nginx ingress-nginx-admission-patch-t9447 0/1 Completed 0 17h
ingress-nginx ingress-nginx-controller-57cb5bf694-wc6tv 1/1 Running 0 17h
|
查看ingress-nginx服务的端口,这里https是31212:
1
2
3
4
5
6
7
|
kubectl get svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 106d
ingress-nginx ingress-nginx-controller NodePort 10.105.160.62 <none> 80:30303/TCP,443:31212/TCP,9000:30835/TCP 80m
ingress-nginx ingress-nginx-controller-admission ClusterIP 10.102.194.29 <none> 443/TCP 80m
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 106d
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.108.107.121 <none> 8000/TCP 44m
|
编写我们自定义的ingress dashboard-ingress.yaml:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard-ingress
namespace: kubernetes-dashboard
annotations:
kubernetes.io/ingress.class: 'nginx'
nginx.ingress.kubernetes.io/ssl-passthrough: 'true'
nginx.ingress.kubernetes.io/backend-protocol: 'HTTPS'
spec:
rules:
- host: 'my-dashboard.com'
http:
paths:
- pathType: Prefix
path: '/'
backend:
service:
name: kubernetes-dashboard
port:
number: 443
|
检查ing配置生效:
1
2
3
4
|
kubectl get ing --all-namespaces
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
kubernetes-dashboard dashboard-ingress <none> my-dashboard.com localhost 80 17h
|
在访问前,需要修改一下本地 /etc/hosts 文件把my-dashboard.com指向本地ip。然后使用浏览器访问下面地址:
1
|
https://my-dashboard.com:31212/
|
注意必须使用https访问。如果有其它问题可以看这里:https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md#login-not-available
小结
我们启用mac上docker-desktop自带的kubernetes,安装kubernetes-dashboard用来进行图形化管理。同时介绍了使用proxy,NodePort和Ingress三种方式访问dashboard。
原创不易,欢迎加下面的微信和我互动交流,一起进阶:
参考链接