安装参考:

https://github.com/AliyunContainerService/k8s-for-docker-desktop

安装docker+k8s

mac 直接下载 docker-desktop,就包含k8s
image.png

docker-desktop更新版本后k8s启动失败

image.png
原因是k8s版本从v1.22.4 —> v1.22.5, 但是原来下载的k8s镜像还是1.22.4版本
image.png
github仓库还未更新,所以本地手动修改版本,
image.png
重新./load_images.sh 下载新版本镜像,重新启动
image.png

安装k8s-dashboard

https://yeasy.gitbook.io/docker_practice/setup/dashboard
If you use K8S dashboard v2.0.0-betax,

  1. kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

Then use this to access the dashboard:

  1. http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

If you use K8S dashboard v1.10.1,

  1. kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

Then use this to access the dashboard:

  1. http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

I also faced the same problem, but then i realized that dashboard v2.0.0-betax and v1.10.1 use different namespace. Latest version use kubernetes-dashboard namespace, but the older one use kube-system namespace

遇到问题

image.png
Kubenetes 部署 Dashboard | HelloWood
原来是拉取镜像失败
Failed to pull image “k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1”
image.png

命令行代理

你可以使用 kubectl 命令行工具访问 Dashboard,命令如下:
kubectl proxy
kubectl 会使得 Dashboard 可以通过
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ (这个地址具体的看上面那个版本)
访问。
UI 只能 通过执行这条命令的机器进行访问。更多选项参见 kubectl proxy —help。
image.png
image.png

生成token

  1. TOKEN=$(kubectl -n kube-system describe secret default| awk '$1=="token:"{print $2}')
  2. kubectl config set-credentials docker-desktop --token="${TOKEN}"
  3. echo $TOKEN

image.png
Docker Desktop for Mac用户手册 | Docker文档

dashborad forbidden 问题

某次重新安装k8s+dashboard后,
打开dashboard网址,可以打开dashboard 控制台,进入后,提示被拒绝等消息
namespaces is forbidden: User “system:serviceaccount:kube-system:default” cannot list resource “namespaces” in API group “” at the cluster scope

解决

参考:https://jimmysong.io/kubernetes-handbook/practice/dashboard-addon-installation.html

创建创建kubernetes-dashboard管理员角色

vim k8s-admin.yaml

  2. apiVersion: v1
  3. kind: ServiceAccount
  4. metadata:
  5.   name: dashboard-admin
  6.   namespace: kube-system
  7. ---
  8. kind: ClusterRoleBinding
  9. apiVersion: rbac.authorization.k8s.io/v1   (网上大部分还是写的v1beta1)
  10. metadata:
  11.   name: dashboard-admin
  12. subjects:
  13.   - kind: ServiceAccount
  14.     name: dashboard-admin
  15.     namespace: kube-system
  16. roleRef:
  17.   kind: ClusterRole
  18.   name: cluster-admin
  19.   apiGroup: rbac.authorization.k8s.io

kubectl create -f k8s-admin.yaml

获取dashboard管理员角色token

kubectl describe secret dashboard-admin -n kube-system

image.png
使用该token 登录后正常