diff --git a/README.md b/README.md index cc92760..27917cb 100644 --- a/README.md +++ b/README.md @@ -1,69 +1,65 @@ -# 为中国用户在 Docker for Mac/Windows 中开启 Kubernetes +# Docker Desktop for Mac/Windows 开启 Kubernetes 中文 | [English](README_en.md) 说明: -* 需安装 Docker for Mac或者Docker for Windows,如果没有请下载[下载 Docker CE最新版本](https://store.docker.com/search?type=edition&offering=community) -* 当前 master 分支已经在 Docker for Mac/Windows 2.0.1.x (包含 Docker CE 18.09.1 和 Kubernetes 1.13.0) 版本测试通过 - * 如果你希望使用 Docker for Mac/Windows 2.0.0.2/2.0.0.3 (包含 Docker CE 18.09.1 和 Kubernetes 1.10.11) , 请使用下面命令切换 [v2.0.0.2 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v2.0.0.2) ```git checkout v2.0.0.2``` - * 如果你希望使用 18.09/18.06 版本(包含 Kubernetes 1.10.3) , 请使用下面命令切换 [18.09 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/18.09) ```git checkout 18.09``` - * 如果你希望使用 18.03 版本, 请使用下面命令切换 [18.03 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/18.03) ```git checkout 18.03``` +* 需安装 Docker Desktop 的 Mac 或者 Windows 版本,如果没有请下载[下载 Docker CE最新版本](https://store.docker.com/search?type=edition&offering=community) +* 当前 master 分支已经在 Docker for Mac/Windows 2.2.2.0 Edge (包含 Docker CE 19.03.5 和 Kubernetes 1.16.5) 版本测试通过 +* 如果需要测试其他版本,请查看 Docker Desktop版本,Docker -> About Docker Desktop + ![about](images/about.png) + * 如Kubernetes版本为 v1.15.5, 请使用下面命令切换 [v1.15.5 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.15.5) ```git checkout v1.15.5``` + * 如Kubernetes版本为 v1.15.4, 请使用下面命令切换 [v1.15.4 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.15.4) ```git checkout v1.15.4``` + * 如Kubernetes版本为 v1.14.8, 请使用下面命令切换 [v1.14.8 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.14.8) ```git checkout v1.14.8``` + * 如Kubernetes版本为 v1.14.7, 请使用下面命令切换 [v1.14.7 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.14.7) ```git checkout v1.14.7``` + * 如Kubernetes版本为 v1.14.6, 请使用下面命令切换 [v1.14.6 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.14.6) ```git checkout v1.14.6``` + * 如Kubernetes版本为 v1.14.3, 请使用下面命令切换 [v1.14.3 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.14.3) ```git checkout v1.14.3``` + * 如Kubernetes版本为 v1.14.1, 请使用下面命令切换 [v1.14.1 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.14.1) ```git checkout v1.14.1``` + * 如Kubernetes版本为 v1.13.0, 请使用下面命令切换 [v1.13.0 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.13.0) ```git checkout v1.13.0``` + * 如Kubernetes版本为 v1.10.11, 请使用下面命令切换 [v1.10.11 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.10.11) ```git checkout v1.10.11``` -### Docker for Mac 开启 Kubernetes -为 Docker daemon 配置 Docker Hub 的中国官方镜像加速 ```https://registry.docker-cn.com``` -![mirror](images/mirror.png) - -可选操作: 为 Kubernetes 配置 CPU 和 内存资源,建议分配 4GB 或更多内存。 - -![resource](images/resource.png) - -预先从阿里云Docker镜像服务下载 Kubernetes 所需要的镜像, 可以通过修改 ```images.properties``` 文件加载你自己需要的镜像 - - -```bash -./load_images.sh -``` - -开启 Kubernetes,并等待 Kubernetes 开始运行 - - -![k8s](images/k8s.png) -### Docker for Windows 开启 Kubernetes +### 开启 Kubernetes -为 Docker daemon 配置 Docker Hub 的中国官方镜像加速 ```https://registry.docker-cn.com``` +为 Docker daemon 配置镜像加速,参考[阿里云镜像服务](https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors) 或中科大镜像加速地址```https://docker.mirrors.ustc.edu.cn``` -![mirror](images/mirror_win.png) +![mirror](images/mirror.png) 可选操作: 为 Kubernetes 配置 CPU 和 内存资源,建议分配 4GB 或更多内存。 -![resource](images/resource_win.png) +![resource](images/resource.png) 预先从阿里云Docker镜像服务下载 Kubernetes 所需要的镜像, 可以通过修改 ```images.properties``` 文件加载你自己需要的镜像 -使用 Bash shell + +在 Mac 上执行如下脚本 ```bash ./load_images.sh ``` -使用 PowerShell + +在Windows上,使用 PowerShell ```powershell .\load_images.ps1 ``` 说明: 如果因为安全策略无法执行 PowerShell 脚本,请在 “以管理员身份运行” 的 PowerShell 中执行 ```Set-ExecutionPolicy RemoteSigned``` 命令。 +开启 Kubernetes,并等待 Kubernetes 开始运行 + 开启 Kubernetes,并等待 Kubernetes 开始运行 +![k8s](images/k8s.png) + +**TIPS**: -![k8s](images/k8s_win.png) +在Mac上: -**TIPS**:如果想知道Kubernetes部署的过程,可以通过docker desktop应用日志获得实时安装进程信息: +如果在Kubernetes部署的过程中出现问题,可以通过docker desktop应用日志获得实时日志信息: ```bash pred='process matches ".*(ocker|vpnkit).*" @@ -71,16 +67,19 @@ pred='process matches ".*(ocker|vpnkit).*" /usr/bin/log stream --style syslog --level=debug --color=always --predicate "$pred" ``` +在Windows上: +如果在Kubernetes部署的过程中出现问题,可以在 C:\ProgramData\DockerDesktop下的service.txt 查看Docker日志; +如果看到 Kubernetes一直在启动状态,请参考 [Issue 3769(comment)](https://github.com/docker/for-win/issues/3769#issuecomment-486046718) 和 [Issue 1962(comment)](https://github.com/docker/for-win/issues/1962#issuecomment-431091114) ### 配置 Kubernetes -可选操作: 切换Kubernetes运行上下文至 docker-for-desktop (docker-ce 18.09 下 context 为 docker-desktop) +可选操作: 切换Kubernetes运行上下文至 docker-desktop (之前版本的 context 为 docker-for-desktop) ```shell -kubectl config use-context docker-for-desktop +kubectl config use-context docker-desktop ``` 验证 Kubernetes 集群状态 @@ -90,10 +89,12 @@ kubectl cluster-info kubectl get nodes ``` -部署 Kubernetes dashboard +### 配置 Kubernetes 控制台 + +#### 部署 Kubernetes dashboard ```shell -kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc5/aio/deploy/recommended.yaml ``` 或 @@ -102,6 +103,12 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/ kubectl create -f kubernetes-dashboard.yaml ``` +检查 kubernetes-dashboard 应用状态 + +```shell +kubectl get pod -n kubernetes-dashboard +``` + 开启 API Server 访问代理 ```shell @@ -110,16 +117,16 @@ kubectl proxy 通过如下 URL 访问 Kubernetes dashboard -http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/overview?namespace=default - -### 配置 kubeconfig (可跳过) +http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ +#### 配置控制台访问令牌 对于Mac环境 ```shell TOKEN=$(kubectl -n kube-system describe secret default| awk '$1=="token:"{print $2}') kubectl config set-credentials docker-for-desktop --token="${TOKEN}" +echo $TOKEN ``` 对于Windows环境 @@ -127,13 +134,18 @@ kubectl config set-credentials docker-for-desktop --token="${TOKEN}" ```shell $TOKEN=((kubectl -n kube-system describe secret default | Select-String "token:") -split " +")[1] kubectl config set-credentials docker-for-desktop --token="${TOKEN}" +echo $TOKEN ``` -#### 登录dashboard的时候选择 kubeconfig 文件 +#### 登录dashboard的时候 ![resource](images/k8s_credentials.png) -选择 kubeconfig 文件,路径如下: +选择 **令牌** + +输入上文控制台输出的内容 + +或者选择 **Kubeconfig** 文件,路径如下: ``` Mac: $HOME/.kube/config @@ -149,8 +161,8 @@ Win: %UserProfile%\.kube\config #### 安装 Ingress ```shell -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml ``` 验证 @@ -191,55 +203,29 @@ kubectl delete -f sample/ingress.yaml #### 删除 Ingress ```shell -kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml -kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml +kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml +kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml ``` ### 安装 Helm -可以根据文档安装 helm https://github.com/helm/helm/blob/master/docs/install.md +可以根据文档安装 helm v3 https://helm.sh/docs/intro/install/ #### 在 Mac OS 上安装 ##### 通过 brew 安装 -brew 安装的版本可能会和 helm server 不兼容, 如果在后续使用 helm 安装组件的过程中出现以下错误,可以 `通过二进制包安装` 对应的版本 - -``` -$ helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system -Error: incompatible versions client[v2.13.1] server[v2.12.2] -``` - ```shell # Use homebrew on Mac -brew install kubernetes-helm - -# Change helm repo -helm repo add stable http://mirror.azure.cn/kubernetes/charts-incubator/ +brew install helm -# Install Tiller into your Kubernetes cluster -helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.12.2 --skip-refresh +# Add helm repo +helm repo add stable http://mirror.azure.cn/kubernetes/charts/ -# Update charts repo (Optional) +# Update charts repo helm repo update ``` -##### 通过二进制包安装 - -``` -# Download binary release -在 https://github.com/helm/helm/releases 中找到匹配的版本并下载(需要梯子), 如: https://storage.googleapis.com/kubernetes-helm/helm-v2.12.2-darwin-amd64.tar.gz - -# Unpack - -tar -zxvf helm-v2.0.0-linux-amd64.tgz - -# Move it to its desired destination - -mv darwin-amd64/helm /usr/local/bin/helm - -``` - #### 在Windows上安装 如果在后续使用 helm 安装组件的过程中出现版本兼容问题,可以参考 `通过二进制包安装` 思路安装匹配的版本 @@ -250,27 +236,43 @@ mv darwin-amd64/helm /usr/local/bin/helm choco install kubernetes-helm # Change helm repo -helm repo add stable http://mirror.azure.cn/kubernetes/charts-incubator/ - -# Install Tiller into your Kubernetes cluster -helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.12.2 --skip-refresh +helm repo add stable http://mirror.azure.cn/kubernetes/charts/ -# Update charts repo (Optional) +# Update charts repo helm repo update ``` +#### 测试 Helm (可选) + +安装 Wordpress + +```shell +helm install wordpress stable/wordpress +``` + +查看 wordpress 发布状态 + +```shell +helm install wordpress stable/wordpress +``` + +卸载 wordpress 发布 + +```shell +helm uninstall wordpress +``` ### 配置 Istio 说明:Istio Ingress Gateway和Ingress缺省的端口冲突,请移除Ingress并进行下面测试 -可以根据文档安装 Istio https://istio.io/docs/setup/kubernetes/ +可以根据文档安装 Istio https://istio.io/docs/setup/getting-started/ -#### 下载 Istio 1.1.1 并安装 CLI +#### 下载 Istio 1.5.0 ```bash -curl -L https://git.io/getLatestIstio | sh - -cd istio-1.1.1/ +curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.5.0 sh - +cd istio-1.5.0 export PATH=$PWD/bin:$PATH ``` @@ -280,25 +282,16 @@ export PATH=$PWD/bin:$PATH .\getLatestIstio.ps1 ``` - - -#### 通过 Helm chart 安装 Istio +#### 安装 Istio ```shell -# 安装 istio-init chart 安装所有的 Istio CRD -helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system - -# 验证下安装的 Istio CRD 个数 -kubectl get crds | grep 'istio.io\|certmanager.k8s.io' | wc -l - -# 开始 istio chart 安装 -helm install install/kubernetes/helm/istio --name istio --namespace istio-system +istioctl manifest apply --set profile=demo ``` -#### 查看 istio 发布状态 +#### 检查 Istio 状态 ```shell -helm status istio +kubectl get pods -n istio-system ``` #### 为 ```default``` 名空间开启自动 sidecar 注入 @@ -310,53 +303,57 @@ kubectl get namespace -L istio-injection #### 安装 Book Info 示例 +请参考 https://istio.io/docs/examples/bookinfo/ + ```shell kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml ``` +查看示例应用资源 + +```shell +kubectl get svc,pod +``` 确认示例应用在运行中 -```bash -export GATEWAY_URL=localhost:80 -curl -o /dev/null -s -w "%{http_code}\n" http://${GATEWAY_URL}/productpage +```shell +kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o ".*" ``` -可以通过浏览器访问 - -http://localhost/productpage +创建 Ingress Gateway +```shell +kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml +``` -说明:如果当前80端口已经被占用或保留,我们可以编辑 ```install/kubernetes/helm/istio/values.yaml``` 文件中 -Gateway 端口进行调整,比如将 80 端口替换为 8888 端口 +查看 Gateway 配置 -``` - ## You can add custom gateway ports - - port: 8888 # Changed from 80 - targetPort: 80 - name: http2 - nodePort: 31380 +```shell +kubectl get gateway ``` -然后执行如下命令并生效 +确认示例应用可以访问 ```shell -kubectl delete service istio-ingressgateway -n istio-system -helm upgrade istio install/kubernetes/helm/istio +export GATEWAY_URL=localhost:80 +curl -s http://${GATEWAY_URL}/productpage | grep -o ".*" ``` +可以通过浏览器访问 + +http://localhost/productpage + #### 删除实例应用 -```bash +```shell samples/bookinfo/platform/kube/cleanup.sh ``` ### 卸载 Istio ```shell -helm del --purge istio -kubectl delete -f install/kubernetes/helm/istio/templates/crds.yaml -n istio-system +istioctl manifest generate --set profile=demo | kubectl delete -f - ``` diff --git a/README_en.md b/README_en.md index 73cb88b..ad2986b 100644 --- a/README_en.md +++ b/README_en.md @@ -1,17 +1,26 @@ -# Enable Kubernetes on Docker for Mac/Windows in China +# Enable Kubernetes on Docker Desktop for Mac/Windows in China [中文](README.md) | English NOTE: -* The master branch is tested with Docker for Mac/Windows version 2.0.1.x (with Docker 18.09.1 and Kubernetes 1.13.0). - * If you want to use v2.0.0.2/v2.0.0.3 (with Docker CE 18.09.1 and Kubernetes 1.10.11), please use the 18.09 branch ```git checkout v2.0.0.2``` - * If you want to use Docker CE 18.09/18.06 (with Kubernetes 1.10.3), please use the 18.09 branch ```git checkout 18.09``` - * If you want to use Docker CE 18.03, please use the 18.03 branch ```git checkout 18.03``` +* The master branch is tested with Docker Desktop for Mac/Windows version 2.2.2.0 Edge (with Docker CE 19.03.5 and Kubernetes 1.16.5). +* If you want to use with other version, pls check version of Kubernetes,Docker -> About Docker Desktop + ![about](images/about.png) + * For Kubernetes v1.15.5, please use the v1.15.5 branch ```git checkout v1.15.5``` + * For Kubernetes v1.15.4, please use the v1.15.4 branch ```git checkout v1.15.4``` + * For Kubernetes v1.14.8, please use the v1.14.8 branch ```git checkout v1.14.8``` + * For Kubernetes v1.14.7, please use the v1.14.7 branch ```git checkout v1.14.7``` + * For Kubernetes v1.14.6, please use the v1.14.6 branch ```git checkout v1.14.6``` + * For Kubernetes v1.14.3, please use the v1.14.3 branch ```git checkout v1.14.3``` + * For Kubernetes v1.14.1, please use the v1.14.1 branch ```git checkout v1.14.1``` + * For Kubernetes v1.13.0, please use the v1.13.0 branch ```git checkout v1.13.0``` + * For Kubernetes v1.10.11, please use the v1.10.11 branch ```git checkout v1.10.11``` -### Enable Kubernetes on Docker for Mac -Config registry mirror for Docker daemon with ```https://registry.docker-cn.com``` only if in China +### Enable Kubernetes on Docker Desktop + +Config registry mirror for Docker daemon with ```https://docker.mirrors.ustc.edu.cn``` only if in China ![mirror](images/mirror.png) @@ -21,36 +30,13 @@ Optional: config the CPU and memory for Kubernetes, 4GB RAM or more is suggested Preload Kubernetes images form Alibaba Cloud Registry Service, NOTE: you can modify the ```images.properties``` for your own images +On Mac, execute the following scripts ```bash ./load_images.sh ``` -Enable Kubernetes in Docker for Mac, and wait a while for Kubernetes is running - - -![k8s](images/k8s.png) - - -### Enable Kubernetes on Docker for Windows - -Config registry mirror for Docker daemon with ```https://registry.docker-cn.com``` - -![mirror](images/mirror_win.png) - -Optional: config the CPU and memory for Kubernetes, 4GB RAM or more is suggested. - -![resource](images/resource_win.png) - -Preload Kubernetes images form Alibaba Cloud Registry Service, NOTE: you can modify the ```images.properties``` for your own images - -In Bash shell - -```bash -./load_images.sh -``` - -or in PowerShell of Windows +Or on Windows, execute the following scripts in PowerShell ```powershell .\load_images.ps1 @@ -58,19 +44,20 @@ or in PowerShell of Windows NOTE: if you failed to start PowerShell scripts for security policy, please execute ```Set-ExecutionPolicy RemoteSigned``` command in PowerShell with "Run as administrator" option. -Enable Kubernetes in Docker for Windows, and wait a while for Kubernetes is running -![k8s](images/k8s_win.png) +Enable Kubernetes, and wait a while for Kubernetes is running + +![k8s](images/k8s.png) ### Config Kubernetes -Optional: switch the context to `docker-for-desktop` (under docker ce 18.09, the conext is `docker-desktop`) +Optional: switch the context to `docker-desktop` (In the former version, the context is `docker-for-desktop`) ```shell -kubectl config use-context docker-for-desktop +kubectl config use-context docker-desktop ``` Verify Kubernetes installation @@ -80,10 +67,13 @@ kubectl cluster-info kubectl get nodes ``` -Deploy Kubernetes dashboard + +### Deploy Kubernetes dashboard + +#### Install Kubernetes dashboard ```shell -kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc5/aio/deploy/recommended.yaml ``` or @@ -92,23 +82,30 @@ or kubectl create -f kubernetes-dashboard.yaml ``` +Check Kubernetes Dashboard status + +```shell +kubectl get pod -n kubernetes-dashboard +``` + Start proxy for API server ```shell kubectl proxy ``` -Access Kubernetes dashboard +#### Access Kubernetes dashboard -http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/overview?namespace=default +http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ -#### Config kubeconfig (Or skip) +#### Config Token for dashboard For Mac ```bash TOKEN=$(kubectl -n kube-system describe secret default| awk '$1=="token:"{print $2}') kubectl config set-credentials docker-for-desktop --token="${TOKEN}" +echo $TOKEN ``` For Windows @@ -116,13 +113,16 @@ For Windows ```cmd $TOKEN=((kubectl -n kube-system describe secret default | Select-String "token:") -split " +")[1] kubectl config set-credentials docker-for-desktop --token="${TOKEN}" +echo $TOKEN ``` -#### Choose kubeconfig file (Optional) +#### Login dashboard ![resource](images/k8s_credentials.png) -Choose kubeconfig file, Path: +Choose **Token**, and input the output from above result + +Or, choose **Kubeconfig**, select file from below path: ``` Win: %UserProfile%\.kube\config @@ -133,18 +133,18 @@ Click login, go to Kubernetes Dashboard ### Install Helm -Install helm following the instruction on https://github.com/helm/helm/blob/master/docs/install.md +Install helm following the instruction on https://helm.sh/docs/intro/install/ #### For Mac OS ```shell # Use homebrew on Mac -brew install kubernetes-helm +brew install helm -# Install Tiller into your Kubernetes cluster -helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.12.2 --skip-refresh +# add helm repo +helm repo add stable http://mirror.azure.cn/kubernetes/charts/ -# update charts repo (Optional) +# update charts repo helm repo update ``` @@ -155,70 +155,112 @@ helm repo update # NOTE: please ensure you can access googleapis choco install kubernetes-helm -# Install Tiller into your Kubernetes cluster -helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.12.2 --skip-refresh +# add helm repo +helm repo add stable http://mirror.azure.cn/kubernetes/charts/ -# update charts repo (Optional) +# update charts repo helm repo update ``` -### Install Istio +### Setup Istio -More details can be found in https://istio.io/docs/setup/kubernetes/ +More details can be found in https://istio.io/docs/setup/getting-started/ -Download Istio 1.1.1 and install CLI +#### Download Istio 1.5.0 and install CLI -```bash -curl -L https://git.io/getLatestIstio | sh - -cd istio-1.1.1/ +```shell +curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.5.0 sh - +cd istio-1.5.0/ export PATH=$PWD/bin:$PATH ``` -Install Istio with Helm chart +In Windows, you can download the Istio manually, or copy ```getLatestIstio.ps1``` to your Istio directory, and execute the script. -```shell -# Install the istio-init chart to bootstrap all the Istio’s CRDs -helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system +NOTE: It refer the [scripts](https://gist.github.com/kameshsampath/796060a806da15b39aa9569c8f8e6bcf) from community. -# Verify that all Istio CRDs were committed to the Kubernetes api-server -kubectl get crds | grep 'istio.io\|certmanager.k8s.io' | wc -l +```powershell +.\getLatestIstio.ps1 +``` -# Install the istio chart -helm install install/kubernetes/helm/istio --name istio --namespace istio-system +#### Install Istio + +```shell +istioctl manifest apply --set profile=demo ``` Check status of istio release ```shell -helm status istio +kubectl get pods -n istio-system ``` -Enable automatic sidecar injection for ```default``` namespace +#### Enable automatic sidecar injection for ```default``` namespace ```shell kubectl label namespace default istio-injection=enabled kubectl get namespace -L istio-injection ``` -Install Book Info sample +#### Install Book Info sample + +Please refer https://istio.io/docs/examples/bookinfo/ ```shell kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml +``` + +Check the resources of sample application + +```shell +kubectl get svc,pod +``` + +Confirm the application is running + +```shell +kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o ".*" +``` + +Create Ingress Gateway + +```shell kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml +``` +Check Gateway status -Confirm application is running +```shell +kubectl get gateway +``` + +Confirm the application is accessible + +```shell +export GATEWAY_URL=localhost:80 +curl -s http://${GATEWAY_URL}/productpage | grep -o ".*" +``` + +Open with browser http://localhost/productpage -​```bash + +#### Confirm application is running + +```shell export GATEWAY_URL=localhost:80 curl -o /dev/null -s -w "%{http_code}\n" http://${GATEWAY_URL}/productpage ``` -Delete Istio +#### Cleanup sample application + +```shell +samples/bookinfo/platform/kube/cleanup.sh +``` + +#### Delete Istio ```shell -helm del --purge istio -kubectl delete -f install/kubernetes/helm/istio/templates/crds.yaml -n istio-system +istioctl manifest generate --set profile=demo | kubectl delete -f - ``` + diff --git a/getLatestIstio.ps1 b/getLatestIstio.ps1 index ed54c7e..420ac43 100644 --- a/getLatestIstio.ps1 +++ b/getLatestIstio.ps1 @@ -1,10 +1,10 @@ param( - [string] $IstioVersion = "1.0.3" + [string] $IstioVersion = $(Invoke-RestMethod "https://api.github.com/repos/istio/istio/releases")[0].tag_name ) $url = "https://github.com/istio/istio/releases/download/$($IstioVersion)/istio-$($IstioVersion)-win.zip" $Path = Get-Location -$output = [IO.Path]::Combine($Path, "istio-$($IstioVersion)-win.zip) +$output = [IO.Path]::Combine($Path, "istio-$($IstioVersion)-win.zip") Write-Host "Downloading Istio from $url to path " $Path -ForegroundColor Green diff --git a/images.properties b/images.properties index 07b7af6..4397a0f 100644 --- a/images.properties +++ b/images.properties @@ -1,10 +1,8 @@ k8s.gcr.io/pause:3.1=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 -k8s.gcr.io/kube-controller-manager:v1.13.0=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.13.0 -k8s.gcr.io/kube-scheduler:v1.13.0=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.13.0 -k8s.gcr.io/kube-proxy:v1.13.0=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.13.0 -k8s.gcr.io/kube-apiserver:v1.13.0=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.13.0 -k8s.gcr.io/etcd:3.2.24=registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 -k8s.gcr.io/coredns:1.2.6=registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.2.6 -k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1=registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 -quay.io/coreos/hyperkube:v1.7.6_coreos.0=registry.cn-hangzhou.aliyuncs.com/coreos_containers/hyperkube:v1.7.6_coreos.0 -quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0=registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.21.0 \ No newline at end of file +k8s.gcr.io/kube-controller-manager:v1.16.5=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.16.5 +k8s.gcr.io/kube-scheduler:v1.16.5=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.16.5 +k8s.gcr.io/kube-proxy:v1.16.5=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.16.5 +k8s.gcr.io/kube-apiserver:v1.16.5=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.16.5 +k8s.gcr.io/etcd:3.3.15-0=registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.15-0 +k8s.gcr.io/coredns:1.6.2=registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2 +quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1=registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.26.1 diff --git a/images/about.png b/images/about.png new file mode 100644 index 0000000..a8be860 Binary files /dev/null and b/images/about.png differ diff --git a/images/k8s.png b/images/k8s.png index 5785089..3c22ae3 100644 Binary files a/images/k8s.png and b/images/k8s.png differ diff --git a/images/k8s_credentials.png b/images/k8s_credentials.png index d038227..ea0ae1a 100644 Binary files a/images/k8s_credentials.png and b/images/k8s_credentials.png differ diff --git a/images/mirror.png b/images/mirror.png index d8e7873..a6674c4 100644 Binary files a/images/mirror.png and b/images/mirror.png differ diff --git a/images/resource.png b/images/resource.png index d2dc112..ad23442 100644 Binary files a/images/resource.png and b/images/resource.png differ diff --git a/kubernetes-dashboard.yaml b/kubernetes-dashboard.yaml index 7cc6f64..742f616 100644 --- a/kubernetes-dashboard.yaml +++ b/kubernetes-dashboard.yaml @@ -12,7 +12,38 @@ # See the License for the specific language governing permissions and # limitations under the License. -# ------------------- Dashboard Secret ------------------- # +apiVersion: v1 +kind: Namespace +metadata: + name: kubernetes-dashboard + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + k8s-app: kubernetes-dashboard + +--- apiVersion: v1 kind: Secret @@ -20,74 +51,121 @@ metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs - namespace: kube-system + namespace: kubernetes-dashboard type: Opaque --- -# ------------------- Dashboard Service Account ------------------- # apiVersion: v1 -kind: ServiceAccount +kind: Secret metadata: labels: k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kube-system + name: kubernetes-dashboard-csrf + namespace: kubernetes-dashboard +type: Opaque +data: + csrf: "" + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-key-holder + namespace: kubernetes-dashboard +type: Opaque + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-settings + namespace: kubernetes-dashboard --- -# ------------------- Dashboard Role & Role Binding ------------------- # kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: kubernetes-dashboard-minimal - namespace: kube-system + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard rules: - # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] - # Allow Dashboard to create 'kubernetes-dashboard-settings' config map. -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create"] # Allow Dashboard to get, update and delete Dashboard exclusive secrets. -- apiGroups: [""] - resources: ["secrets"] - resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] - verbs: ["get", "update", "delete"] - # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. -- apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["kubernetes-dashboard-settings"] - verbs: ["get", "update"] - # Allow Dashboard to get metrics from heapster. -- apiGroups: [""] - resources: ["services"] - resourceNames: ["heapster"] - verbs: ["proxy"] -- apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["heapster", "http:heapster:", "https:heapster:"] - verbs: ["get"] + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] + verbs: ["get", "update", "delete"] + # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["kubernetes-dashboard-settings"] + verbs: ["get", "update"] + # Allow Dashboard to get metrics. + - apiGroups: [""] + resources: ["services"] + resourceNames: ["heapster", "dashboard-metrics-scraper"] + verbs: ["proxy"] + - apiGroups: [""] + resources: ["services/proxy"] + resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] + verbs: ["get"] --- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard +rules: + # Allow Metrics Scraper to get metrics from the Metrics server + - apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list", "watch"] + +--- + apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: kubernetes-dashboard-minimal - namespace: kube-system + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: kubernetes-dashboard-minimal + name: kubernetes-dashboard subjects: -- kind: ServiceAccount + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: name: kubernetes-dashboard - namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubernetes-dashboard +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard --- -# ------------------- Dashboard Deployment ------------------- # kind: Deployment apiVersion: apps/v1 @@ -95,7 +173,7 @@ metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard - namespace: kube-system + namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 @@ -108,55 +186,117 @@ spec: k8s-app: kubernetes-dashboard spec: containers: - - name: kubernetes-dashboard - image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 - ports: - - containerPort: 8443 - protocol: TCP - args: - - --auto-generate-certificates - # Uncomment the following line to manually specify Kubernetes API server Host - # If not specified, Dashboard will attempt to auto discover the API server and connect - # to it. Uncomment only if the default does not work. - # - --apiserver-host=http://my-address:port - volumeMounts: - - name: kubernetes-dashboard-certs - mountPath: /certs - # Create on-disk volume to store exec logs - - mountPath: /tmp - name: tmp-volume - livenessProbe: - httpGet: - scheme: HTTPS - path: / - port: 8443 - initialDelaySeconds: 30 - timeoutSeconds: 30 + - name: kubernetes-dashboard + image: kubernetesui/dashboard:v2.0.0-rc5 + imagePullPolicy: Always + ports: + - containerPort: 8443 + protocol: TCP + args: + - --auto-generate-certificates + - --namespace=kubernetes-dashboard + # Uncomment the following line to manually specify Kubernetes API server Host + # If not specified, Dashboard will attempt to auto discover the API server and connect + # to it. Uncomment only if the default does not work. + # - --apiserver-host=http://my-address:port + volumeMounts: + - name: kubernetes-dashboard-certs + mountPath: /certs + # Create on-disk volume to store exec logs + - mountPath: /tmp + name: tmp-volume + livenessProbe: + httpGet: + scheme: HTTPS + path: / + port: 8443 + initialDelaySeconds: 30 + timeoutSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 volumes: - - name: kubernetes-dashboard-certs - secret: - secretName: kubernetes-dashboard-certs - - name: tmp-volume - emptyDir: {} + - name: kubernetes-dashboard-certs + secret: + secretName: kubernetes-dashboard-certs + - name: tmp-volume + emptyDir: {} serviceAccountName: kubernetes-dashboard + nodeSelector: + "beta.kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule --- -# ------------------- Dashboard Service ------------------- # kind: Service apiVersion: v1 metadata: labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kube-system + k8s-app: dashboard-metrics-scraper + name: dashboard-metrics-scraper + namespace: kubernetes-dashboard spec: ports: - - port: 443 - targetPort: 8443 + - port: 8000 + targetPort: 8000 selector: - k8s-app: kubernetes-dashboard + k8s-app: dashboard-metrics-scraper + +--- + +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + k8s-app: dashboard-metrics-scraper + name: dashboard-metrics-scraper + namespace: kubernetes-dashboard +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + k8s-app: dashboard-metrics-scraper + template: + metadata: + labels: + k8s-app: dashboard-metrics-scraper + annotations: + seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' + spec: + containers: + - name: dashboard-metrics-scraper + image: kubernetesui/metrics-scraper:v1.0.3 + ports: + - containerPort: 8000 + protocol: TCP + livenessProbe: + httpGet: + scheme: HTTP + path: / + port: 8000 + initialDelaySeconds: 30 + timeoutSeconds: 30 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 + serviceAccountName: kubernetes-dashboard + nodeSelector: + "beta.kubernetes.io/os": linux + # Comment the following tolerations if Dashboard must not be deployed on master + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + volumes: + - name: tmp-volume + emptyDir: {} diff --git a/load_images.sh b/load_images.sh index 6269190..b428481 100755 --- a/load_images.sh +++ b/load_images.sh @@ -1,4 +1,4 @@ -#/bin/bash +#!/bin/bash file="images.properties" @@ -16,4 +16,5 @@ then else echo "$file not found." -fi \ No newline at end of file +fi +