Merge pull request #1 from AliyunContainerService/master

合并
pull/73/head
问道 5 years ago committed by GitHub
commit 69c0e9107b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -1,69 +1,65 @@
# 为中国用户在 Docker for Mac/Windows 开启 Kubernetes # Docker Desktop for Mac/Windows 开启 Kubernetes
中文 | [English](README_en.md) 中文 | [English](README_en.md)
说明: 说明:
* 需安装 Docker for Mac或者Docker for Windows如果没有请下载[下载 Docker CE最新版本](https://store.docker.com/search?type=edition&offering=community) * 需安装 Docker Desktop 的 Mac 或者 Windows 版本,如果没有请下载[下载 Docker CE最新版本](https://store.docker.com/search?type=edition&offering=community)
* 当前 master 分支已经在 Docker for Mac/Windows 2.0.1.x (包含 Docker CE 18.09.1 和 Kubernetes 1.13.0) 版本测试通过 * 当前 master 分支已经在 Docker for Mac/Windows 2.2.2.0 Edge (包含 Docker CE 19.03.5 和 Kubernetes 1.16.5) 版本测试通过
* 如果你希望使用 Docker for Mac/Windows 2.0.0.2/2.0.0.3 (包含 Docker CE 18.09.1 和 Kubernetes 1.10.11) , 请使用下面命令切换 [v2.0.0.2 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v2.0.0.2) ```git checkout v2.0.0.2``` * 如果需要测试其他版本,请查看 Docker Desktop版本Docker -> About Docker Desktop
* 如果你希望使用 18.09/18.06 版本(包含 Kubernetes 1.10.3) , 请使用下面命令切换 [18.09 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/18.09) ```git checkout 18.09``` ![about](images/about.png)
* 如果你希望使用 18.03 版本, 请使用下面命令切换 [18.03 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/18.03) ```git checkout 18.03``` * 如Kubernetes版本为 v1.15.5, 请使用下面命令切换 [v1.15.5 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.15.5) ```git checkout v1.15.5```
* 如Kubernetes版本为 v1.15.4, 请使用下面命令切换 [v1.15.4 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.15.4) ```git checkout v1.15.4```
* 如Kubernetes版本为 v1.14.8, 请使用下面命令切换 [v1.14.8 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.14.8) ```git checkout v1.14.8```
* 如Kubernetes版本为 v1.14.7, 请使用下面命令切换 [v1.14.7 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.14.7) ```git checkout v1.14.7```
* 如Kubernetes版本为 v1.14.6, 请使用下面命令切换 [v1.14.6 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.14.6) ```git checkout v1.14.6```
* 如Kubernetes版本为 v1.14.3, 请使用下面命令切换 [v1.14.3 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.14.3) ```git checkout v1.14.3```
* 如Kubernetes版本为 v1.14.1, 请使用下面命令切换 [v1.14.1 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.14.1) ```git checkout v1.14.1```
* 如Kubernetes版本为 v1.13.0, 请使用下面命令切换 [v1.13.0 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.13.0) ```git checkout v1.13.0```
* 如Kubernetes版本为 v1.10.11, 请使用下面命令切换 [v1.10.11 分支](https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.10.11) ```git checkout v1.10.11```
### Docker for Mac 开启 Kubernetes
为 Docker daemon 配置 Docker Hub 的中国官方镜像加速 ```https://registry.docker-cn.com```
![mirror](images/mirror.png)
可选操作: 为 Kubernetes 配置 CPU 和 内存资源,建议分配 4GB 或更多内存。
![resource](images/resource.png)
预先从阿里云Docker镜像服务下载 Kubernetes 所需要的镜像, 可以通过修改 ```images.properties``` 文件加载你自己需要的镜像
```bash
./load_images.sh
```
开启 Kubernetes并等待 Kubernetes 开始运行
![k8s](images/k8s.png)
### Docker for Windows 开启 Kubernetes ### 开启 Kubernetes
为 Docker daemon 配置 Docker Hub 的中国官方镜像加速 ```https://registry.docker-cn.com``` 为 Docker daemon 配置镜像加速,参考[阿里云镜像服务](https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors) 或中科大镜像加速地址```https://docker.mirrors.ustc.edu.cn```
![mirror](images/mirror_win.png) ![mirror](images/mirror.png)
可选操作: 为 Kubernetes 配置 CPU 和 内存资源,建议分配 4GB 或更多内存。 可选操作: 为 Kubernetes 配置 CPU 和 内存资源,建议分配 4GB 或更多内存。
![resource](images/resource_win.png) ![resource](images/resource.png)
预先从阿里云Docker镜像服务下载 Kubernetes 所需要的镜像, 可以通过修改 ```images.properties``` 文件加载你自己需要的镜像 预先从阿里云Docker镜像服务下载 Kubernetes 所需要的镜像, 可以通过修改 ```images.properties``` 文件加载你自己需要的镜像
使用 Bash shell
在 Mac 上执行如下脚本
```bash ```bash
./load_images.sh ./load_images.sh
``` ```
使用 PowerShell
在Windows上使用 PowerShell
```powershell ```powershell
.\load_images.ps1 .\load_images.ps1
``` ```
说明: 如果因为安全策略无法执行 PowerShell 脚本,请在 “以管理员身份运行” 的 PowerShell 中执行 ```Set-ExecutionPolicy RemoteSigned``` 命令。 说明: 如果因为安全策略无法执行 PowerShell 脚本,请在 “以管理员身份运行” 的 PowerShell 中执行 ```Set-ExecutionPolicy RemoteSigned``` 命令。
开启 Kubernetes并等待 Kubernetes 开始运行
开启 Kubernetes并等待 Kubernetes 开始运行 开启 Kubernetes并等待 Kubernetes 开始运行
![k8s](images/k8s.png)
**TIPS**
![k8s](images/k8s_win.png) 在Mac上:
**TIPS**如果想知道Kubernetes部署的过程可以通过docker desktop应用日志获得实时安装进程信息: 如果在Kubernetes部署的过程中出现问题可以通过docker desktop应用日志获得实时日志信息:
```bash ```bash
pred='process matches ".*(ocker|vpnkit).*" pred='process matches ".*(ocker|vpnkit).*"
@ -71,16 +67,19 @@ pred='process matches ".*(ocker|vpnkit).*"
/usr/bin/log stream --style syslog --level=debug --color=always --predicate "$pred" /usr/bin/log stream --style syslog --level=debug --color=always --predicate "$pred"
``` ```
在Windows上:
如果在Kubernetes部署的过程中出现问题可以在 C:\ProgramData\DockerDesktop下的service.txt 查看Docker日志;
如果看到 Kubernetes一直在启动状态请参考 [Issue 3769(comment)](https://github.com/docker/for-win/issues/3769#issuecomment-486046718) 和 [Issue 1962(comment)](https://github.com/docker/for-win/issues/1962#issuecomment-431091114)
### 配置 Kubernetes ### 配置 Kubernetes
可选操作: 切换Kubernetes运行上下文至 docker-for-desktop (docker-ce 18.09 下 context 为 docker-desktop) 可选操作: 切换Kubernetes运行上下文至 docker-desktop (之前版本的 context 为 docker-for-desktop)
```shell ```shell
kubectl config use-context docker-for-desktop kubectl config use-context docker-desktop
``` ```
验证 Kubernetes 集群状态 验证 Kubernetes 集群状态
@ -90,10 +89,12 @@ kubectl cluster-info
kubectl get nodes kubectl get nodes
``` ```
部署 Kubernetes dashboard ### 配置 Kubernetes 控制台
#### 部署 Kubernetes dashboard
```shell ```shell
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc5/aio/deploy/recommended.yaml
``` ```
@ -102,6 +103,12 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/
kubectl create -f kubernetes-dashboard.yaml kubectl create -f kubernetes-dashboard.yaml
``` ```
检查 kubernetes-dashboard 应用状态
```shell
kubectl get pod -n kubernetes-dashboard
```
开启 API Server 访问代理 开启 API Server 访问代理
```shell ```shell
@ -110,16 +117,16 @@ kubectl proxy
通过如下 URL 访问 Kubernetes dashboard 通过如下 URL 访问 Kubernetes dashboard
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/overview?namespace=default http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
### 配置 kubeconfig (可跳过)
#### 配置控制台访问令牌
对于Mac环境 对于Mac环境
```shell ```shell
TOKEN=$(kubectl -n kube-system describe secret default| awk '$1=="token:"{print $2}') TOKEN=$(kubectl -n kube-system describe secret default| awk '$1=="token:"{print $2}')
kubectl config set-credentials docker-for-desktop --token="${TOKEN}" kubectl config set-credentials docker-for-desktop --token="${TOKEN}"
echo $TOKEN
``` ```
对于Windows环境 对于Windows环境
@ -127,13 +134,18 @@ kubectl config set-credentials docker-for-desktop --token="${TOKEN}"
```shell ```shell
$TOKEN=((kubectl -n kube-system describe secret default | Select-String "token:") -split " +")[1] $TOKEN=((kubectl -n kube-system describe secret default | Select-String "token:") -split " +")[1]
kubectl config set-credentials docker-for-desktop --token="${TOKEN}" kubectl config set-credentials docker-for-desktop --token="${TOKEN}"
echo $TOKEN
``` ```
#### 登录dashboard的时候选择 kubeconfig 文件 #### 登录dashboard的时候
![resource](images/k8s_credentials.png) ![resource](images/k8s_credentials.png)
选择 kubeconfig 文件,路径如下: 选择 **令牌**
输入上文控制台输出的内容
或者选择 **Kubeconfig** 文件,路径如下:
``` ```
Mac: $HOME/.kube/config Mac: $HOME/.kube/config
@ -149,8 +161,8 @@ Win: %UserProfile%\.kube\config
#### 安装 Ingress #### 安装 Ingress
```shell ```shell
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
``` ```
验证 验证
@ -191,55 +203,29 @@ kubectl delete -f sample/ingress.yaml
#### 删除 Ingress #### 删除 Ingress
```shell ```shell
kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
``` ```
### 安装 Helm ### 安装 Helm
可以根据文档安装 helm https://github.com/helm/helm/blob/master/docs/install.md 可以根据文档安装 helm v3 https://helm.sh/docs/intro/install/
#### 在 Mac OS 上安装 #### 在 Mac OS 上安装
##### 通过 brew 安装 ##### 通过 brew 安装
brew 安装的版本可能会和 helm server 不兼容, 如果在后续使用 helm 安装组件的过程中出现以下错误,可以 `通过二进制包安装` 对应的版本
```
$ helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system
Error: incompatible versions client[v2.13.1] server[v2.12.2]
```
```shell ```shell
# Use homebrew on Mac # Use homebrew on Mac
brew install kubernetes-helm brew install helm
# Change helm repo
helm repo add stable http://mirror.azure.cn/kubernetes/charts-incubator/
# Install Tiller into your Kubernetes cluster # Add helm repo
helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.12.2 --skip-refresh helm repo add stable http://mirror.azure.cn/kubernetes/charts/
# Update charts repo (Optional) # Update charts repo
helm repo update helm repo update
``` ```
##### 通过二进制包安装
```
# Download binary release
在 https://github.com/helm/helm/releases 中找到匹配的版本并下载(需要梯子), 如: https://storage.googleapis.com/kubernetes-helm/helm-v2.12.2-darwin-amd64.tar.gz
# Unpack
tar -zxvf helm-v2.0.0-linux-amd64.tgz
# Move it to its desired destination
mv darwin-amd64/helm /usr/local/bin/helm
```
#### 在Windows上安装 #### 在Windows上安装
如果在后续使用 helm 安装组件的过程中出现版本兼容问题,可以参考 `通过二进制包安装` 思路安装匹配的版本 如果在后续使用 helm 安装组件的过程中出现版本兼容问题,可以参考 `通过二进制包安装` 思路安装匹配的版本
@ -250,27 +236,43 @@ mv darwin-amd64/helm /usr/local/bin/helm
choco install kubernetes-helm choco install kubernetes-helm
# Change helm repo # Change helm repo
helm repo add stable http://mirror.azure.cn/kubernetes/charts-incubator/ helm repo add stable http://mirror.azure.cn/kubernetes/charts/
# Install Tiller into your Kubernetes cluster
helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.12.2 --skip-refresh
# Update charts repo (Optional) # Update charts repo
helm repo update helm repo update
``` ```
#### 测试 Helm (可选)
安装 Wordpress
```shell
helm install wordpress stable/wordpress
```
查看 wordpress 发布状态
```shell
helm install wordpress stable/wordpress
```
卸载 wordpress 发布
```shell
helm uninstall wordpress
```
### 配置 Istio ### 配置 Istio
说明Istio Ingress Gateway和Ingress缺省的端口冲突请移除Ingress并进行下面测试 说明Istio Ingress Gateway和Ingress缺省的端口冲突请移除Ingress并进行下面测试
可以根据文档安装 Istio https://istio.io/docs/setup/kubernetes/ 可以根据文档安装 Istio https://istio.io/docs/setup/getting-started/
#### 下载 Istio 1.1.1 并安装 CLI #### 下载 Istio 1.5.0
```bash ```bash
curl -L https://git.io/getLatestIstio | sh - curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.5.0 sh -
cd istio-1.1.1/ cd istio-1.5.0
export PATH=$PWD/bin:$PATH export PATH=$PWD/bin:$PATH
``` ```
@ -280,25 +282,16 @@ export PATH=$PWD/bin:$PATH
.\getLatestIstio.ps1 .\getLatestIstio.ps1
``` ```
#### 安装 Istio
#### 通过 Helm chart 安装 Istio
```shell ```shell
# 安装 istio-init chart 安装所有的 Istio CRD istioctl manifest apply --set profile=demo
helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system
# 验证下安装的 Istio CRD 个数
kubectl get crds | grep 'istio.io\|certmanager.k8s.io' | wc -l
# 开始 istio chart 安装
helm install install/kubernetes/helm/istio --name istio --namespace istio-system
``` ```
#### 查看 istio 发布状态 #### 检查 Istio 状态
```shell ```shell
helm status istio kubectl get pods -n istio-system
``` ```
#### 为 ```default``` 名空间开启自动 sidecar 注入 #### 为 ```default``` 名空间开启自动 sidecar 注入
@ -310,53 +303,57 @@ kubectl get namespace -L istio-injection
#### 安装 Book Info 示例 #### 安装 Book Info 示例
请参考 https://istio.io/docs/examples/bookinfo/
```shell ```shell
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
``` ```
查看示例应用资源
```shell
kubectl get svc,pod
```
确认示例应用在运行中 确认示例应用在运行中
```bash ```shell
export GATEWAY_URL=localhost:80 kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
curl -o /dev/null -s -w "%{http_code}\n" http://${GATEWAY_URL}/productpage
``` ```
可以通过浏览器访问 创建 Ingress Gateway
http://localhost/productpage
```shell
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
```
说明如果当前80端口已经被占用或保留我们可以编辑 ```install/kubernetes/helm/istio/values.yaml``` 文件中 查看 Gateway 配置
Gateway 端口进行调整,比如将 80 端口替换为 8888 端口
``` ```shell
## You can add custom gateway ports kubectl get gateway
- port: 8888 # Changed from 80
targetPort: 80
name: http2
nodePort: 31380
``` ```
然后执行如下命令并生效 确认示例应用可以访问
```shell ```shell
kubectl delete service istio-ingressgateway -n istio-system export GATEWAY_URL=localhost:80
helm upgrade istio install/kubernetes/helm/istio curl -s http://${GATEWAY_URL}/productpage | grep -o "<title>.*</title>"
``` ```
可以通过浏览器访问
http://localhost/productpage
#### 删除实例应用 #### 删除实例应用
```bash ```shell
samples/bookinfo/platform/kube/cleanup.sh samples/bookinfo/platform/kube/cleanup.sh
``` ```
### 卸载 Istio ### 卸载 Istio
```shell ```shell
helm del --purge istio istioctl manifest generate --set profile=demo | kubectl delete -f -
kubectl delete -f install/kubernetes/helm/istio/templates/crds.yaml -n istio-system
``` ```

@ -1,17 +1,26 @@
# Enable Kubernetes on Docker for Mac/Windows in China # Enable Kubernetes on Docker Desktop for Mac/Windows in China
[中文](README.md) | English [中文](README.md) | English
NOTE: NOTE:
* The master branch is tested with Docker for Mac/Windows version 2.0.1.x (with Docker 18.09.1 and Kubernetes 1.13.0). * The master branch is tested with Docker Desktop for Mac/Windows version 2.2.2.0 Edge (with Docker CE 19.03.5 and Kubernetes 1.16.5).
* If you want to use v2.0.0.2/v2.0.0.3 (with Docker CE 18.09.1 and Kubernetes 1.10.11), please use the 18.09 branch ```git checkout v2.0.0.2``` * If you want to use with other version, pls check version of KubernetesDocker -> About Docker Desktop
* If you want to use Docker CE 18.09/18.06 (with Kubernetes 1.10.3), please use the 18.09 branch ```git checkout 18.09``` ![about](images/about.png)
* If you want to use Docker CE 18.03, please use the 18.03 branch ```git checkout 18.03``` * For Kubernetes v1.15.5, please use the v1.15.5 branch ```git checkout v1.15.5```
* For Kubernetes v1.15.4, please use the v1.15.4 branch ```git checkout v1.15.4```
* For Kubernetes v1.14.8, please use the v1.14.8 branch ```git checkout v1.14.8```
* For Kubernetes v1.14.7, please use the v1.14.7 branch ```git checkout v1.14.7```
* For Kubernetes v1.14.6, please use the v1.14.6 branch ```git checkout v1.14.6```
* For Kubernetes v1.14.3, please use the v1.14.3 branch ```git checkout v1.14.3```
* For Kubernetes v1.14.1, please use the v1.14.1 branch ```git checkout v1.14.1```
* For Kubernetes v1.13.0, please use the v1.13.0 branch ```git checkout v1.13.0```
* For Kubernetes v1.10.11, please use the v1.10.11 branch ```git checkout v1.10.11```
### Enable Kubernetes on Docker for Mac
Config registry mirror for Docker daemon with ```https://registry.docker-cn.com``` only if in China ### Enable Kubernetes on Docker Desktop
Config registry mirror for Docker daemon with ```https://docker.mirrors.ustc.edu.cn``` only if in China
![mirror](images/mirror.png) ![mirror](images/mirror.png)
@ -21,36 +30,13 @@ Optional: config the CPU and memory for Kubernetes, 4GB RAM or more is suggested
Preload Kubernetes images form Alibaba Cloud Registry Service, NOTE: you can modify the ```images.properties``` for your own images Preload Kubernetes images form Alibaba Cloud Registry Service, NOTE: you can modify the ```images.properties``` for your own images
On Mac, execute the following scripts
```bash ```bash
./load_images.sh ./load_images.sh
``` ```
Enable Kubernetes in Docker for Mac, and wait a while for Kubernetes is running Or on Windows, execute the following scripts in PowerShell
![k8s](images/k8s.png)
### Enable Kubernetes on Docker for Windows
Config registry mirror for Docker daemon with ```https://registry.docker-cn.com```
![mirror](images/mirror_win.png)
Optional: config the CPU and memory for Kubernetes, 4GB RAM or more is suggested.
![resource](images/resource_win.png)
Preload Kubernetes images form Alibaba Cloud Registry Service, NOTE: you can modify the ```images.properties``` for your own images
In Bash shell
```bash
./load_images.sh
```
or in PowerShell of Windows
```powershell ```powershell
.\load_images.ps1 .\load_images.ps1
@ -58,19 +44,20 @@ or in PowerShell of Windows
NOTE: if you failed to start PowerShell scripts for security policy, please execute ```Set-ExecutionPolicy RemoteSigned``` command in PowerShell with "Run as administrator" option. NOTE: if you failed to start PowerShell scripts for security policy, please execute ```Set-ExecutionPolicy RemoteSigned``` command in PowerShell with "Run as administrator" option.
Enable Kubernetes in Docker for Windows, and wait a while for Kubernetes is running
![k8s](images/k8s_win.png) Enable Kubernetes, and wait a while for Kubernetes is running
![k8s](images/k8s.png)
### Config Kubernetes ### Config Kubernetes
Optional: switch the context to `docker-for-desktop` (under docker ce 18.09, the conext is `docker-desktop`) Optional: switch the context to `docker-desktop` (In the former version, the context is `docker-for-desktop`)
```shell ```shell
kubectl config use-context docker-for-desktop kubectl config use-context docker-desktop
``` ```
Verify Kubernetes installation Verify Kubernetes installation
@ -80,10 +67,13 @@ kubectl cluster-info
kubectl get nodes kubectl get nodes
``` ```
Deploy Kubernetes dashboard
### Deploy Kubernetes dashboard
#### Install Kubernetes dashboard
```shell ```shell
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc5/aio/deploy/recommended.yaml
``` ```
or or
@ -92,23 +82,30 @@ or
kubectl create -f kubernetes-dashboard.yaml kubectl create -f kubernetes-dashboard.yaml
``` ```
Check Kubernetes Dashboard status
```shell
kubectl get pod -n kubernetes-dashboard
```
Start proxy for API server Start proxy for API server
```shell ```shell
kubectl proxy kubectl proxy
``` ```
Access Kubernetes dashboard #### Access Kubernetes dashboard
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/overview?namespace=default http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
#### Config kubeconfig (Or skip) #### Config Token for dashboard
For Mac For Mac
```bash ```bash
TOKEN=$(kubectl -n kube-system describe secret default| awk '$1=="token:"{print $2}') TOKEN=$(kubectl -n kube-system describe secret default| awk '$1=="token:"{print $2}')
kubectl config set-credentials docker-for-desktop --token="${TOKEN}" kubectl config set-credentials docker-for-desktop --token="${TOKEN}"
echo $TOKEN
``` ```
For Windows For Windows
@ -116,13 +113,16 @@ For Windows
```cmd ```cmd
$TOKEN=((kubectl -n kube-system describe secret default | Select-String "token:") -split " +")[1] $TOKEN=((kubectl -n kube-system describe secret default | Select-String "token:") -split " +")[1]
kubectl config set-credentials docker-for-desktop --token="${TOKEN}" kubectl config set-credentials docker-for-desktop --token="${TOKEN}"
echo $TOKEN
``` ```
#### Choose kubeconfig file (Optional) #### Login dashboard
![resource](images/k8s_credentials.png) ![resource](images/k8s_credentials.png)
Choose kubeconfig file, Path Choose **Token**, and input the output from above result
Or, choose **Kubeconfig**, select file from below path
``` ```
Win: %UserProfile%\.kube\config Win: %UserProfile%\.kube\config
@ -133,18 +133,18 @@ Click login, go to Kubernetes Dashboard
### Install Helm ### Install Helm
Install helm following the instruction on https://github.com/helm/helm/blob/master/docs/install.md Install helm following the instruction on https://helm.sh/docs/intro/install/
#### For Mac OS #### For Mac OS
```shell ```shell
# Use homebrew on Mac # Use homebrew on Mac
brew install kubernetes-helm brew install helm
# Install Tiller into your Kubernetes cluster # add helm repo
helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.12.2 --skip-refresh helm repo add stable http://mirror.azure.cn/kubernetes/charts/
# update charts repo (Optional) # update charts repo
helm repo update helm repo update
``` ```
@ -155,70 +155,112 @@ helm repo update
# NOTE: please ensure you can access googleapis # NOTE: please ensure you can access googleapis
choco install kubernetes-helm choco install kubernetes-helm
# Install Tiller into your Kubernetes cluster # add helm repo
helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.12.2 --skip-refresh helm repo add stable http://mirror.azure.cn/kubernetes/charts/
# update charts repo (Optional) # update charts repo
helm repo update helm repo update
``` ```
### Install Istio ### Setup Istio
More details can be found in https://istio.io/docs/setup/kubernetes/ More details can be found in https://istio.io/docs/setup/getting-started/
Download Istio 1.1.1 and install CLI #### Download Istio 1.5.0 and install CLI
```bash ```shell
curl -L https://git.io/getLatestIstio | sh - curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.5.0 sh -
cd istio-1.1.1/ cd istio-1.5.0/
export PATH=$PWD/bin:$PATH export PATH=$PWD/bin:$PATH
``` ```
Install Istio with Helm chart In Windows, you can download the Istio manually, or copy ```getLatestIstio.ps1``` to your Istio directory, and execute the script.
```shell NOTE: It refer the [scripts](https://gist.github.com/kameshsampath/796060a806da15b39aa9569c8f8e6bcf) from community.
# Install the istio-init chart to bootstrap all the Istios CRDs
helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system
# Verify that all Istio CRDs were committed to the Kubernetes api-server ```powershell
kubectl get crds | grep 'istio.io\|certmanager.k8s.io' | wc -l .\getLatestIstio.ps1
```
# Install the istio chart #### Install Istio
helm install install/kubernetes/helm/istio --name istio --namespace istio-system
```shell
istioctl manifest apply --set profile=demo
``` ```
Check status of istio release Check status of istio release
```shell ```shell
helm status istio kubectl get pods -n istio-system
``` ```
Enable automatic sidecar injection for ```default``` namespace #### Enable automatic sidecar injection for ```default``` namespace
```shell ```shell
kubectl label namespace default istio-injection=enabled kubectl label namespace default istio-injection=enabled
kubectl get namespace -L istio-injection kubectl get namespace -L istio-injection
``` ```
Install Book Info sample #### Install Book Info sample
Please refer https://istio.io/docs/examples/bookinfo/
```shell ```shell
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
```
Check the resources of sample application
```shell
kubectl get svc,pod
```
Confirm the application is running
```shell
kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
```
Create Ingress Gateway
```shell
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
```
Check Gateway status
Confirm application is running ```shell
kubectl get gateway
```
Confirm the application is accessible
```shell
export GATEWAY_URL=localhost:80
curl -s http://${GATEWAY_URL}/productpage | grep -o "<title>.*</title>"
```
Open with browser http://localhost/productpage
```bash
#### Confirm application is running
```shell
export GATEWAY_URL=localhost:80 export GATEWAY_URL=localhost:80
curl -o /dev/null -s -w "%{http_code}\n" http://${GATEWAY_URL}/productpage curl -o /dev/null -s -w "%{http_code}\n" http://${GATEWAY_URL}/productpage
``` ```
Delete Istio #### Cleanup sample application
```shell
samples/bookinfo/platform/kube/cleanup.sh
```
#### Delete Istio
```shell ```shell
helm del --purge istio istioctl manifest generate --set profile=demo | kubectl delete -f -
kubectl delete -f install/kubernetes/helm/istio/templates/crds.yaml -n istio-system
``` ```

@ -1,10 +1,10 @@
param( param(
[string] $IstioVersion = "1.0.3" [string] $IstioVersion = $(Invoke-RestMethod "https://api.github.com/repos/istio/istio/releases")[0].tag_name
) )
$url = "https://github.com/istio/istio/releases/download/$($IstioVersion)/istio-$($IstioVersion)-win.zip" $url = "https://github.com/istio/istio/releases/download/$($IstioVersion)/istio-$($IstioVersion)-win.zip"
$Path = Get-Location $Path = Get-Location
$output = [IO.Path]::Combine($Path, "istio-$($IstioVersion)-win.zip¡±) $output = [IO.Path]::Combine($Path, "istio-$($IstioVersion)-win.zip")
Write-Host "Downloading Istio from $url to path " $Path -ForegroundColor Green Write-Host "Downloading Istio from $url to path " $Path -ForegroundColor Green

@ -1,10 +1,8 @@
k8s.gcr.io/pause:3.1=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
k8s.gcr.io/kube-controller-manager:v1.13.0=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.13.0 k8s.gcr.io/kube-controller-manager:v1.16.5=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.16.5
k8s.gcr.io/kube-scheduler:v1.13.0=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.13.0 k8s.gcr.io/kube-scheduler:v1.16.5=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.16.5
k8s.gcr.io/kube-proxy:v1.13.0=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.13.0 k8s.gcr.io/kube-proxy:v1.16.5=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.16.5
k8s.gcr.io/kube-apiserver:v1.13.0=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.13.0 k8s.gcr.io/kube-apiserver:v1.16.5=registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.16.5
k8s.gcr.io/etcd:3.2.24=registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 k8s.gcr.io/etcd:3.3.15-0=registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.15-0
k8s.gcr.io/coredns:1.2.6=registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.2.6 k8s.gcr.io/coredns:1.6.2=registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2
k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1=registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1=registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.26.1
quay.io/coreos/hyperkube:v1.7.6_coreos.0=registry.cn-hangzhou.aliyuncs.com/coreos_containers/hyperkube:v1.7.6_coreos.0
quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0=registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.21.0

Binary file not shown.

After

Width:  |  Height:  |  Size: 386 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 124 KiB

After

Width:  |  Height:  |  Size: 540 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 121 KiB

After

Width:  |  Height:  |  Size: 54 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 134 KiB

After

Width:  |  Height:  |  Size: 507 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 111 KiB

After

Width:  |  Height:  |  Size: 491 KiB

@ -12,7 +12,38 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
# ------------------- Dashboard Secret ------------------- # apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
@ -20,74 +51,121 @@ metadata:
labels: labels:
k8s-app: kubernetes-dashboard k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs name: kubernetes-dashboard-certs
namespace: kube-system namespace: kubernetes-dashboard
type: Opaque type: Opaque
--- ---
# ------------------- Dashboard Service Account ------------------- #
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: Secret
metadata: metadata:
labels: labels:
k8s-app: kubernetes-dashboard k8s-app: kubernetes-dashboard
name: kubernetes-dashboard name: kubernetes-dashboard-csrf
namespace: kube-system namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kubernetes-dashboard
--- ---
# ------------------- Dashboard Role & Role Binding ------------------- #
kind: Role kind: Role
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: kubernetes-dashboard-minimal labels:
namespace: kube-system k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
rules: rules:
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create"]
# Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
# Allow Dashboard to get, update and delete Dashboard exclusive secrets. # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""] - apiGroups: [""]
resources: ["secrets"] resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"] verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""] - apiGroups: [""]
resources: ["configmaps"] resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"] resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"] verbs: ["get", "update"]
# Allow Dashboard to get metrics from heapster. # Allow Dashboard to get metrics.
- apiGroups: [""] - apiGroups: [""]
resources: ["services"] resources: ["services"]
resourceNames: ["heapster"] resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"] verbs: ["proxy"]
- apiGroups: [""] - apiGroups: [""]
resources: ["services/proxy"] resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:"] resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"] verbs: ["get"]
--- ---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules:
# Allow Metrics Scraper to get metrics from the Metrics server
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: kubernetes-dashboard-minimal labels:
namespace: kube-system k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
name: kubernetes-dashboard-minimal name: kubernetes-dashboard
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: kubernetes-dashboard name: kubernetes-dashboard
namespace: kube-system namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
--- ---
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment kind: Deployment
apiVersion: apps/v1 apiVersion: apps/v1
@ -95,7 +173,7 @@ metadata:
labels: labels:
k8s-app: kubernetes-dashboard k8s-app: kubernetes-dashboard
name: kubernetes-dashboard name: kubernetes-dashboard
namespace: kube-system namespace: kubernetes-dashboard
spec: spec:
replicas: 1 replicas: 1
revisionHistoryLimit: 10 revisionHistoryLimit: 10
@ -109,12 +187,14 @@ spec:
spec: spec:
containers: containers:
- name: kubernetes-dashboard - name: kubernetes-dashboard
image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 image: kubernetesui/dashboard:v2.0.0-rc5
imagePullPolicy: Always
ports: ports:
- containerPort: 8443 - containerPort: 8443
protocol: TCP protocol: TCP
args: args:
- --auto-generate-certificates - --auto-generate-certificates
- --namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host # Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect # If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work. # to it. Uncomment only if the default does not work.
@ -132,6 +212,11 @@ spec:
port: 8443 port: 8443
initialDelaySeconds: 30 initialDelaySeconds: 30
timeoutSeconds: 30 timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes: volumes:
- name: kubernetes-dashboard-certs - name: kubernetes-dashboard-certs
secret: secret:
@ -139,24 +224,79 @@ spec:
- name: tmp-volume - name: tmp-volume
emptyDir: {} emptyDir: {}
serviceAccountName: kubernetes-dashboard serviceAccountName: kubernetes-dashboard
nodeSelector:
"beta.kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master # Comment the following tolerations if Dashboard must not be deployed on master
tolerations: tolerations:
- key: node-role.kubernetes.io/master - key: node-role.kubernetes.io/master
effect: NoSchedule effect: NoSchedule
--- ---
# ------------------- Dashboard Service ------------------- #
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
labels: labels:
k8s-app: kubernetes-dashboard k8s-app: dashboard-metrics-scraper
name: kubernetes-dashboard name: dashboard-metrics-scraper
namespace: kube-system namespace: kubernetes-dashboard
spec: spec:
ports: ports:
- port: 443 - port: 8000
targetPort: 8443 targetPort: 8000
selector: selector:
k8s-app: kubernetes-dashboard k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
containers:
- name: dashboard-metrics-scraper
image: kubernetesui/metrics-scraper:v1.0.3
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
"beta.kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
volumes:
- name: tmp-volume
emptyDir: {}

@ -1,4 +1,4 @@
#/bin/bash #!/bin/bash
file="images.properties" file="images.properties"
@ -17,3 +17,4 @@ then
else else
echo "$file not found." echo "$file not found."
fi fi

Loading…
Cancel
Save