如何在Mac(docker-desktop)上更改默认的节点端口范围? [英] How to change the default nodeport range on Mac (docker-desktop)?

查看:1143
本文介绍了如何在Mac(docker-desktop)上更改默认的节点端口范围?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

如何在Mac(docker-desktop)上更改默认的节点端口范围?

How to change the default nodeport range on Mac (docker-desktop)?

我想在Mac上更改默认的节点端口范围.是否有可能?很高兴找到这篇文章:http://www.thinkcode.se/blog/2019/02/20/kubernetes-service-node-port-range.由于在我的环境中找不到/etc/kubernetes/manifests/kube-apiserver.yaml,因此我尝试通过运行sudo kubectl edit pod kube-apiserver-docker-desktop --namespace=kube-system并添加参数--service-node-port-range=443-22000来实现所需的功能.但是,当我尝试保存它时,出现以下错误:

I'd like to change the default nodeport range on Mac. Is it possible? I'm glad to have found this article: http://www.thinkcode.se/blog/2019/02/20/kubernetes-service-node-port-range. Since I can't find /etc/kubernetes/manifests/kube-apiserver.yaml in my environment, I tried to achieve what I want to do by running sudo kubectl edit pod kube-apiserver-docker-desktop --namespace=kube-system and add the parameter --service-node-port-range=443-22000. But when I tried to save it, I got the following error:

# pods "kube-apiserver-docker-desktop" was not valid:
# * spec: Forbidden: pod updates may not change fields other than `spec.containers[*].image`, `spec.initContainers[*].image`, `spec.activeDeadlineSeconds` or `spec.tolerations` (only additions to existing tolerations)

(即使我不触摸端口443,我也会遇到相同的错误.)有人可以分享他/她的想法或经验吗?谢谢!

(I get the same error even if I don't touch port 443.) Can someone please share his/her thoughts or experience? Thanks!

追加:

skwok-mbp:kubernetes skwok$ kubectl get deployment -A
NAMESPACE       NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
docker          compose                    1/1     1            1           15d
docker          compose-api                1/1     1            1           15d
ingress-nginx   nginx-ingress-controller   1/1     1            1           37m
kube-system     coredns                    2/2     2            2           15d
skwok-mbp:kubernetes skwok$ kubectl get pod -A
NAMESPACE       NAME                                        READY   STATUS    RESTARTS   AGE
default         fortune-configmap-volume                    2/2     Running   4          14d
default         kubia-2qzmm                                 1/1     Running   2          15d
docker          compose-6c67d745f6-qqmpb                    1/1     Running   2          15d
docker          compose-api-57ff65b8c7-g8884                1/1     Running   4          15d
ingress-nginx   nginx-ingress-controller-756f65dd87-sq6lt   1/1     Running   0          37m
kube-system     coredns-fb8b8dccf-jn8cm                     1/1     Running   6          15d
kube-system     coredns-fb8b8dccf-t6qhs                     1/1     Running   6          15d
kube-system     etcd-docker-desktop                         1/1     Running   2          15d
kube-system     kube-apiserver-docker-desktop               1/1     Running   2          15d
kube-system     kube-controller-manager-docker-desktop      1/1     Running   29         15d
kube-system     kube-proxy-6nzqx                            1/1     Running   2          15d
kube-system     kube-scheduler-docker-desktop               1/1     Running   30         15d

推荐答案

为Mac上的Docker-for-desktop更改kube-apiserver参数的正确方法:

The correct way to change kube-apiserver parameters for Docker-for-desktop on Mac:

  1. 登录Docker VM:

  1. login to Docker VM:

$ screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty

#(you can also use privileged container for the same purpose)
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh
#or
docker run --rm -it --privileged --pid=host walkerlee/nsenter -t 1 -m -u -i -n sh
# as suggested here: https://forums.docker.com/t/is-it-possible-to-ssh-to-the-xhyve-machine/17426/5
# in case of minikube use the following command:
$ minikube ssh

  • 编辑kube-apiserver.yaml(它是静态容器之一,它们是由kubelet使用/etc/kubernetes/manifests中的文件创建的)

  • Edit kube-apiserver.yaml (it's one of static pods, they are created by kubelet using files in /etc/kubernetes/manifests)

    $ vi /etc/kubernetes/manifests/kube-apiserver.yaml
# for minikube 
$ sudo vi /etc/kubernetes/manifests/kube-apiserver.yaml

  • 将以下行添加到pod规范:

  • Add the following line to the pod spec:

    spec:
  containers:
  - command:
    - kube-apiserver
    - --advertise-address=192.168.65.3
    ...
    - --service-node-port-range=443-22000   # <-- add this line
    ...

  • 保存并退出. Pod kube-apiserver将使用新参数重新启动.

  • Save and exit. Pod kube-apiserver will be restarted with new parameters.

    检查结果:

    $ kubectl get pod kube-apiserver-docker-desktop -o yaml -n kube-system | less

    创建简单的部署并通过服务公开它:

    Create simple deployment and expose it with service:

    $ kubectl run nginx1 --image=nginx --replicas=2
$ kubectl expose deployment nginx1 --port 80 --type=NodePort
$ kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        14d
nginx1       NodePort    10.99.173.234   <none>        80:14966/TCP   5s

    您会看到NodePort是从新范围中选择的.

    As you can see NodePort was chosen from the new range.

    还有其他方式公开您的容器:

    There are other ways to expose your container: HostNetwork, HostPort, MetalLB

    您需要添加正确的安全上下文为此,请查看minikube中的入口插件如何工作.

    You need to add the correct security context for that purpose, check out how the ingress addon in minikube works, for example.

    ...
ports:
- containerPort: 80
  hostPort: 80
  protocol: TCP
- containerPort: 443
  hostPort: 443
  protocol: TCP
...
securityContext:
  capabilities:
    add:
    - NET_BIND_SERVICE
    drop:
    - ALL

    这篇关于如何在Mac(docker-desktop)上更改默认的节点端口范围?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

    • 查看全文
    相关文章
    其他开发最新文章
    热门教程
    热门工具
    登录 关闭
    扫码关注1秒登录
    发送“验证码”获取 | 15天全站免登陆