Docker Desktop Kubernetes: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 10: Line 10:


{{External|https://docs.docker.com/docker-for-windows/#kubernetes}}
{{External|https://docs.docker.com/docker-for-windows/#kubernetes}}
=Idiosyncrasies=
Docker Desktop Kubernetes automatically adds a cluster role binding giving cluster-admin to all service accounts.. More details in https://stackoverflow.com/questions/62892972/kubernetes-service-account-default-permissions. The offending cluster role is "docker-for-desktop-binding":
<syntaxhighlight lang='yaml'>
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  creationTimestamp: "2020-08-09T01:16:59Z"
  name: docker-for-desktop-binding
  resourceVersion: "490"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/docker-for-desktop-binding
  uid: 3757cc59-ff53-440d-8a4c-c57a6c1938cc
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:serviceaccounts
  namespace: kube-system
</syntaxhighlight>

Revision as of 22:10, 10 August 2020

Internal

Overview

Docker Desktop Kubernetes creates a virtual machine on your local machine and starting a single-node Kubernetes cluster inside that VM. It also configures the kubectl installed on the local machine with a context that allows it to talk to the cluster.

Installation

https://docs.docker.com/docker-for-windows/#kubernetes

Idiosyncrasies

Docker Desktop Kubernetes automatically adds a cluster role binding giving cluster-admin to all service accounts.. More details in https://stackoverflow.com/questions/62892972/kubernetes-service-account-default-permissions. The offending cluster role is "docker-for-desktop-binding": 

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  creationTimestamp: "2020-08-09T01:16:59Z"
  name: docker-for-desktop-binding
  resourceVersion: "490"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/docker-for-desktop-binding
  uid: 3757cc59-ff53-440d-8a4c-c57a6c1938cc
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:serviceaccounts
  namespace: kube-system
Retrieved from "https://kb.novaordis.com/index.php?title=Docker_Desktop_Kubernetes&oldid=68023"