使用Docker驱动程序启动Minikube并将其绑定到主机网络 [英] Starting Minikube with Docker driver and bind it to host network

问题描述

我想知道是否可以将minikube网络绑定到我的 host 网络.

我尝试过:

  minikube start --memory = 10000 --cpus = 4 --vm-driver = docker --kubernetes-version = v1.19.6 --mount --mount-string =''"/usr/local/citizennet/db:/usr/local/citizennet/db"；--network =主机" 

但是我遇到了以下错误:

 ❗无法创建专用网络，重新启动后可能会导致群集IP更改:不可重试:创建网络主机192.168.49.0/24:docker network create --driver = bridge --subnet = 192.168.49.0/24-网关= 192.168.49.1 -o --ip-masq -o --icc -o com.docker.network.driver.mtu = 1500 --label = created_by.minikube.sigs.k8s.io = true主机:退出状态1标准输出:stderr:来自守护程序的错误响应:在预定义的主机网络上不允许进行操作 

我能够通过使用 haproxy 来做到这一点，但我想知道是否有更清洁的方法.我的minikube托管在EC2实例上，我想将所有内容直接转发到我的minikube.或至少是HTTP/HTTPS请求.

谢谢！

解决方案

我还没有找到将 minikube 实例和-driver = docker 实例公开的方法.主机网络(除了在主机上运行的 $ kubectl port-forward svc/svc-name --address = 0.0.0.0 local_port:pod_port 外).

它会产生与原始海报相同的错误:

 守护程序的错误响应:在预定义的主机网络上不允许进行操作 

确认以下评论:

问题是我想使用 ingress 插件，并且此插件不再与-driver = none 兼容.

您可以选择使用-driver = none 而不是使用-driver = docker 将所有资源放置在Docker容器中您所有的资源都直接在 VM 上.您将能够直接从其他网络设备查询资源.

目前 minikube 版本 v1.17.1 不允许将 ingress 插件与-driver = none ，但我发现了一种可以配置的方式.我已经在答案的结尾处包含了这个示例.请将此作为解决方法.

此问题(无法在-driver = none 上使用 ingress 插件)已在github 中解决:

• Github.com:Kubernetes:Minikube:问题:Ingress插件已停止使用从v1.12.x
开始的无" VM驱动程序

---

从公开 minikube 的角度讲:

由于它打算从外部源进行访问，因此我建议尝试使用其他解决方案，这些解决方案从主观角度来讲可以使您将工作负载暴露给外部源的时间更短.有许多可用的工具可以生成Kubernetes集群.您可以找到最适合您的需求.其中一些是:

• Kubeadm
• Kubespray
• MicroK8S

---

使用 minikube --driver = none

部署 nginx-ingress

如前所述，请将其视为解决方法.

旁注！

看看 NGINX Ingress 控制器是如何配置 minikube插件启用入口的，因为在本示例中将对此进行模仿.

步骤:

• 下载 nginx-ingress YAML 清单:
  • 修改清单中的 Deployment
  • 从清单中删除 Service
• 应用并检查

下载 nginx-ingress YAML 清单

您可以使用以下清单:

• Kubernetes.github.io:Ingress Nginx:部署 (例如，可以下载 GKE 清单)

修改清单中的 Deployment

正如我之前说的，当您运行 minikube插件启用入口时会发生什么情况可能会很有用.部署的资源提供了一些有关如何修改它的线索.

• 添加用于 HTTP 和 HTTPS 通信的 hostPort :

 端口:-名称:httphostPort:80#<-重要，请添加此containerPort:80协议:TCP-名称:httpshostPort:443#<-重要，请添加此containerPort:443协议:TCP-名称:webhookcontainerPort:8443协议:TCP 

• 删除-publish-service = $(POD_NAMESPACE)/ingress-nginx-controller :

  args:-/nginx-ingress-controller---publish-service = $(POD_NAMESPACE)/ingress-nginx-controller#<-删除此---election-id = ingress-controller-leader---ingress-class = nginx---configmap = $(POD_NAMESPACE)/ingress-nginx-controller---validating-webhook =:8443---validating-webhook-certificate =/usr/local/certificates/cert---validating-webhook-key =/usr/local/certificates/key 

从清单中删除 Service

您将需要从清单中完全删除名为 ingress-nginx 的 LoadBalancer 类型的 Service ，因为您已经在使用 hostPort .

完成此步骤后，您应该能够使用 Ingress 资源并在 VM_IP : 80 / 443 上与它们通信代码>.

---

其他资源:

• Kubernetes.io:文档:概念:服务网络:Ingress
• Minikube.sigs.k8s.io:文档:驱动程序:无

I was wondering if it was possible to bind my minikube network to my host network.

I tried:

minikube start --memory=10000 --cpus=4 --vm-driver=docker --kubernetes-version=v1.19.6 --mount --mount-string="/usr/local/citizennet/db:/usr/local/citizennet/db" --network="host"

But I'm getting the following error:

❗  Unable to create dedicated network, this might result in cluster IP change after restart: un-retryable: create network host 192.168.49.0/24: docker network create --driver=bridge --subnet=192.168.49.0/24 --gateway=192.168.49.1 -o --ip-masq -o --icc -o com.docker.network.driver.mtu=1500 --label=created_by.minikube.sigs.k8s.io=true host: exit status 1
stdout:

stderr:
Error response from daemon: operation is not permitted on predefined host network

I was able to do that by using haproxy but I would like to know if there is a cleaner way of doing that. My minikube is hosted on an EC2 instance and I would like to forward everything to my minikube directly. Or at least the HTTP/HTTPS requests.

Thanks!

解决方案

I haven't found a way to expose the minikube instance with --driver=docker to the host network (apart from $ kubectl port-forward svc/svc-name --address=0.0.0.0 local_port:pod_port ran on the host).

It produces the same error as original poster is experiencing:

Error response from daemon: operation is not permitted on predefined host network

Acknowledging following comment:

the problem is that I want to use the ingress addon and this addon is not compatible anymore with --driver=none.

Instead of using --driver=docker which will place all of the resources in the Docker container, you can opt for a --driver=none which will provision all of your resources directly on the VM. You will be able to directly query the resources from other network devices.

For now minikube version v1.17.1 does not allow to use the ingress addon with --driver=none but I found a way it could be provisioned. I've included this example on the end of this answer. Please treat this as a workaround.

This issue (inability to use ingress addon on --driver=none) is already addressed on github:

• Github.com: Kubernetes: Minikube: Issues: Ingress addon stopped to work with 'none' VM driver starting from v1.12.x

---

Talking from the perspective of exposing minikube:

As it's intended for accessing from external sources, I do recommend trying out other solutions that will subjectively speaking have easier time exposing your workloads to the external sources. There are many available tools that spawn Kubernetes clusters and you can look which suits your needs the most. Some of them are:

• Kubeadm
• Kubespray
• MicroK8S

---

Deploying nginx-ingress with minikube --driver=none

As stated previously, please treat it as a workaround.

A side note!

Take a look on how your NGINX Ingress controller is configured with minikube addons enable ingress as it will be pretty much mimicked in this example.

Steps:

• Download the nginx-ingress YAML manifest:
  • Modify the Deployment in the manifest
  • Delete the Service from manifest
• Apply and check

Download the nginx-ingress YAML manifest

You can use following manifest:

• Kubernetes.github.io: Ingress Nginx: Deploy (for example GKE manifest could be downloaded)

Modify the Deployment in the manifest

As I said previously, what is happening when you run minikube addons enable ingress could prove useful. The resources deployed have some clues on how you need to modify it.

• Add the hostPort for HTTP and HTTPS communication:

          ports:
            - name: http
              hostPort: 80 # <-- IMPORTANT, ADD THIS
              containerPort: 80
              protocol: TCP
            - name: https
              hostPort: 443 # <-- IMPORTANT, ADD THIS
              containerPort: 443
              protocol: TCP
            - name: webhook
              containerPort: 8443
              protocol: TCP

• Delete the --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller:

          args:
            - /nginx-ingress-controller
            - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller # <-- DELETE THIS
            - --election-id=ingress-controller-leader
            - --ingress-class=nginx
            - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
            - --validating-webhook=:8443
            - --validating-webhook-certificate=/usr/local/certificates/cert
            - --validating-webhook-key=/usr/local/certificates/key

Delete the Service from manifest

You will need to entirely delete the Service of type LoadBalancer named: ingress-nginx from the manifest as you will already be using hostPort.

After this steps you should be able to use Ingress resources and communicate with them on VM_IP:80/443.

---

Additional resources:

• Kubernetes.io: Docs: Concepts: Services networking: Ingress
• Minikube.sigs.k8s.io: Docs: Drivers: None

这篇关于使用Docker驱动程序启动Minikube并将其绑定到主机网络的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！