Docker Desktop Kubernetes: Difference between revisions
Jump to navigation
Jump to search
| Line 60: | Line 60: | ||
==ingress-nginx Installation== | ==ingress-nginx Installation== | ||
{{Internal|Ingress-nginx#Docker_Desktop_Kubernetes|ingress-nginx Installation on Docker Desktop Kubernetes}} | {{Internal|Ingress-nginx#Docker_Desktop_Kubernetes|ingress-nginx Installation on Docker Desktop Kubernetes}} | ||
==Troubleshooting== | |||
{{External|https://docs.docker.com/docker-for-mac/troubleshoot/}} | |||
Revision as of 23:12, 13 October 2020
Internal
Overview
Docker Desktop Kubernetes creates a virtual machine on your local machine and starting a single-node Kubernetes cluster inside that VM. It also configures the kubectl installed on the local machine with a context that allows it to talk to the cluster.
Installation
Idiosyncrasies
Docker Desktop Kubernetes automatically adds a cluster role binding giving cluster-admin to all service accounts.. More details in https://stackoverflow.com/questions/62892972/kubernetes-service-account-default-permissions. The offending cluster role is "docker-for-desktop-binding":
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: docker-for-desktop-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts
namespace: kube-system
Apparently, "namespace:" in the "system:serviceaccounts" group does not work as intended.
To fix, overwrite the biding with this:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: docker-for-desktop-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:kube-system
Operations
Connecting into the Kubernetes VM
Did not work:
screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty