Docker Desktop Kubernetes: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 69: Line 69:
</syntaxhighlight>
</syntaxhighlight>


Kubelet pods:
Kubelet pods (the directory is relative to the Kubernetes VM):
<syntaxhighlight lang='yaml'>
<syntaxhighlight lang='yaml'>
/var/lib/kubelet/pods/<pod-id>/volumes/....
/var/lib/kubelet/pods/<pod-id>/volumes/....
</syntaxhighlight>
</syntaxhighlight>


 
<font color=darkgray>Turning on kubelet verbosity.</font>
Turning on kubelet verbosity.


===Other Resources===
===Other Resources===
{{External|https://docs.docker.com/docker-for-mac/troubleshoot/}}
{{External|https://docs.docker.com/docker-for-mac/troubleshoot/}}

Revision as of 02:48, 4 November 2020

External

Internal

Overview

Docker Desktop Kubernetes creates a virtual machine on your local machine and starting a single-node Kubernetes cluster inside that VM. It also configures the kubectl installed on the local machine with a context that allows it to talk to the cluster.

Installation

https://docs.docker.com/docker-for-windows/#kubernetes

Idiosyncrasies

Docker Desktop Kubernetes automatically adds a cluster role binding giving cluster-admin to all service accounts.. More details in https://stackoverflow.com/questions/62892972/kubernetes-service-account-default-permissions. The offending cluster role is "docker-for-desktop-binding":

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: docker-for-desktop-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:serviceaccounts
  namespace: kube-system

Apparently, "namespace:" in the "system:serviceaccounts" group does not work as intended.

To fix, overwrite the biding with this:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: docker-for-desktop-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:serviceaccounts:kube-system

Operations

Connecting into the Kubernetes VM

Did not work:

screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty

ingress-nginx Installation

ingress-nginx Installation on Docker Desktop Kubernetes

Troubleshooting

Access to Kubelet Logs

/Users/<...>/Library/Containers/com.docker.docker/Data/log/vm/kubelet.log

Kubelet pods (the directory is relative to the Kubernetes VM):

/var/lib/kubelet/pods/<pod-id>/volumes/....

Turning on kubelet verbosity.

Other Resources

https://docs.docker.com/docker-for-mac/troubleshoot/