k8s - Docker Desktop for Windows
本文基于Docker Desktop for Window
1. 拉取Kubernetes镜像
在命令行中运行以下命令
git clone https://github.com/AliyunContainerService/k8s-for-docker-desktop.git
cd k8s-for-docker-desktop
git checkout v1.16.5
在当前目录中运行ps文件
.\load_images.ps1
等待镜像安装完毕
❯ .\load_images.ps1
k8s.gcr.io/pause:3.1=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
3.1: Pulling from google_containers/pause
Digest: sha256:759c3f0f6493093a9043cc813092290af69029699ade0e3dbe024e968fcb7cca
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/pause@sha256:759c3f0f6493093a9043cc813092290af69029699ade0e3dbe024e968fcb7cca
k8s.gcr.io/kube-controller-manager:v1.16.5=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.16.5
v1.16.5: Pulling from google_containers/kube-controller-manager
39fafc05754f: Pull complete
4c0e8d65e19c: Pull complete
Digest: sha256:79ab7920ae0aea0e76ffef654ab1b01f9f69f5ef4369bab365b8e346bcfe2ba2
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.16.5
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.16.5
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.16.5
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager@sha256:79ab7920ae0aea0e76ffef654ab1b01f9f69f5ef4369bab365b8e346bcfe2ba2
k8s.gcr.io/kube-scheduler:v1.16.5=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.16.5
v1.16.5: Pulling from google_containers/kube-scheduler
39fafc05754f: Already exists
1db652029d95: Pull complete
Digest: sha256:c7c3c620503e383c36bd6808c1251fbbf95ea99551fde9cc8ab2f22f2c8761ed
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.16.5
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.16.5
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.16.5
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler@sha256:c7c3c620503e383c36bd6808c1251fbbf95ea99551fde9cc8ab2f22f2c8761ed
k8s.gcr.io/kube-proxy:v1.16.5=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.16.5
v1.16.5: Pulling from google_containers/kube-proxy
39fafc05754f: Already exists
db3f71d0eb90: Pull complete
afc046b6694a: Pull complete
Digest: sha256:92689ecd3716d024b5be394f3617859fd21edf87658a5b1e152a838868fa6c8a
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.16.5
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.16.5
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.16.5
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy@sha256:92689ecd3716d024b5be394f3617859fd21edf87658a5b1e152a838868fa6c8a
k8s.gcr.io/kube-apiserver:v1.16.5=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.16.5
v1.16.5: Pulling from google_containers/kube-apiserver
39fafc05754f: Already exists
fdffd0d7a0bb: Pull complete
Digest: sha256:6317dc1adc837425ed01ff813ce01540e0b162977e6373b205f41d880bb3819a
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.16.5
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.16.5
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.16.5
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver@sha256:6317dc1adc837425ed01ff813ce01540e0b162977e6373b205f41d880bb3819a
k8s.gcr.io/etcd:3.3.15-0=registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.15-0
3.3.15-0: Pulling from google_containers/etcd
39fafc05754f: Already exists
aee6f172d490: Pull complete
e6aae814a194: Pull complete
Digest: sha256:37a8acab63de5556d47bfbe76d649ae63f83ea7481584a2be0dbffb77825f692
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.15-0
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.15-0
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.15-0
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/etcd@sha256:37a8acab63de5556d47bfbe76d649ae63f83ea7481584a2be0dbffb77825f692
k8s.gcr.io/coredns:1.6.2=registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2
1.6.2: Pulling from google_containers/coredns
c6568d217a00: Pull complete
3970bc7cbb16: Pull complete
Digest: sha256:4dd4d0e5bcc9bd0e8189f6fa4d4965ffa81207d8d99d29391f28cbd1a70a0163
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2
registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/coredns@sha256:4dd4d0e5bcc9bd0e8189f6fa4d4965ffa81207d8d99d29391f28cbd1a70a0163
quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1=registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.26.1
0.26.1: Pulling from google_containers/nginx-ingress-controller
c8775c51b291: Pull complete
4fc647720de5: Pull complete
4bee7d3b55eb: Pull complete
85ee1a272ac8: Pull complete
6a37290ece43: Pull complete
cd42756652d1: Pull complete
ba0a46163f53: Pull complete
b15c3bdebd38: Pull complete
69a3d60cbd64: Pull complete
7b1f35e5645a: Pull complete
8c7b9cd15ac7: Pull complete
9021fc6169bc: Pull complete
Digest: sha256:5da1b2e84ecbdb27facbea84bc6ddc9d50145d824963230735b47828891cba7b
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.26.1
registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.26.1
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.26.1
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller@sha256:5da1b2e84ecbdb27facbea84bc6ddc9d50145d824963230735b47828891cba7b
使用docker images命令查看
k8s.gcr.io/kube-controller-manager v1.16.5 441835dd2301 4 months ago 151MB
k8s.gcr.io/kube-apiserver v1.16.5 fc838b21afbb 4 months ago 159MB
k8s.gcr.io/kube-scheduler v1.16.5 b4d073a9efda 4 months ago 83.5MB
k8s.gcr.io/kube-proxy v1.16.5 0ee1b8a3ebe0 4 months ago 82.7MB
quay.io/kubernetes-ingress-controller/nginx-ingress-controller 0.26.1 29024c9c6e70 8 months ago 483MB
k8s.gcr.io/etcd 3.3.15-0 b2756210eeab 9 months ago 247MB
k8s.gcr.io/coredns 1.6.2 bf261d157914 10 months ago 44.1MB
k8s.gcr.io/kubernetes-dashboard-amd64 v1.10.1 f9aed6605b81 18 months ago 122MB
k8s.gcr.io/pause 3.1 da86e6ba6ca1 2 years ago 742kB
2. 开启kubernetes
在桌面右下角找到docker图标,右键单击并选择settings,在左侧导航栏选择Kubernetes,勾选Enable Kubernetes进行安装
3. 设置k8s上下文
首先获取所有上下文
❯ kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* docker-desktop docker-desktop docker-desktop
docker-for-desktop docker-desktop docker-desktop
设置上下文
❯ kubectl config use-context docker-for-desktop
Switched to context "docker-for-desktop".
4. 验证集群状态
❯ kubectl cluster-info
Kubernetes master is running at https://kubernetes.docker.internal:6443
KubeDNS is running at https://kubernetes.docker.internal:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
❯ kubectl get nodes
NAME STATUS ROLES AGE VERSION
docker-desktop Ready master 3m34s v1.16.6-beta.0
5. 安装k8s管理页面Dashboard
#方式1
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
#方式2(推荐)
kubectl create -f kubernetes-dashboard.yaml
输出如下
❯ kubectl create -f kubernetes-dashboard.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
使用命令重新安装
kubectl delete -f kubernetes-dashboard.yaml
kubectl create -f kubernetes-dashboard.yaml
查看Dashboard镜像是否正常运行
❯ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
docker compose-78f95d4f8c-pgzw7 1/1 Running 0 16m
docker compose-api-6ffb89dc58-2g9mc 1/1 Running 0 16m
kube-system coredns-5644d7b6d9-7hbnd 1/1 Running 0 18m
kube-system coredns-5644d7b6d9-x6g9s 1/1 Running 0 18m
kube-system etcd-docker-desktop 1/1 Running 0 17m
kube-system kube-apiserver-docker-desktop 1/1 Running 0 17m
kube-system kube-controller-manager-docker-desktop 1/1 Running 0 16m
kube-system kube-proxy-5k99f 1/1 Running 0 18m
kube-system kube-scheduler-docker-desktop 1/1 Running 0 17m
kube-system storage-provisioner 1/1 Running 0 16m
kube-system vpnkit-controller 1/1 Running 0 16m
kubernetes-dashboard dashboard-metrics-scraper-7b8b58dc8b-tprhd 1/1 Running 0 4m12s
kubernetes-dashboard kubernetes-dashboard-866f987876-vzgwc 1/1 Running 0 4m12s
6. 访问Kubernetes Dashboard
使用kubectl proxy命令访问
❯ kubectl proxy
Starting to serve on 127.0.0.1:8001
打开浏览器输入以下地址访问
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy
生成Token
> $TOKEN=((kubectl -n kubernetes-dashboard describe secret default | Select-String "token:") -split " +")[1]
> kubectl config set-credentials docker-for-desktop --token="${TOKEN}"
7. 配置访问权限
1、创建服务账号
首先创建一个叫admin-user的服务账号,并放在kubernetes-dashboard命名空间下。
# 创建文件
New-Item admin-user.yaml
文件内容如下
# admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
执行kubectl create命令
kubectl create -f admin-user.yaml
2、绑定角色
默认情况下,kubeadm创建集群时已经创建了admin角色,我们直接绑定即可:
使用命令
New-Item admin-user-role-binding.yaml
文件内容如下
# admin-user-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
执行kubectl create命令
kubectl create -f admin-user-role-binding.yaml
3、获取Token
执行命令
$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
输出如下
$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-sdpp5
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: c76d7b9e-f2b1-4649-afe3-4bcee72c812e
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjIxZmRHZC1GeVplX1ktWWVfdTZNR3NGZ29qRnEyV0ZveUV0c1RxLW02ZXMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXNkcHA1Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjNzZkN2I5ZS1mMmIxLTQ2NDktYWZlMy00YmNlZTcyYzgxMmUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Cmoh9ZQLlI9aG7_ZP13Gts2Uh4qVL28dbLKR9Rw1Q7u18zDxS4uFAT4i2LoXTnTYgS1rxK-O5D1ks68Qg1fXbYlhFTjur0FJUF--P5h4YjZzVZ2VaNWxgFcOGt4KR1x29i9NiQshUmgY-ULBe0KtRfSgs8zcfK07fnb5l86udxbisEpmVXD7msIBptmvubldYttgbgjF4s0dzL9paajDU8t5DuUmB7oabDUKYRAAHehKU8oIOXknpvAaB-fpvk6c6RLhMoPIpnLzS2UKpLRCEMUysIniq34DPH68mdH8NxBWfVWkG8JSGLJ5GinQQfJGAsyQIf7E0BEB6RoEibW3Ww
把Token复制到登录界面的Token输入框中登录后如下:
大功告成!
参考:
https://www.cnblogs.com/craigtaylor/p/10971231.html
https://github.com/kubernetes/dashboard/issues/3322
