如何更改 Mac (docker-desktop) 上的默认节点端口范围? [英] How to change the default nodeport range on Mac (docker-desktop)?
问题描述
如何在 Mac (docker-desktop) 上更改默认节点端口范围?
我想更改 Mac 上的默认节点端口范围.是否可以?我很高兴找到这篇文章:http://www.thinkcode.se/blog/2019/02/20/kubernetes-service-node-port-range.由于在我的环境中找不到 /etc/kubernetes/manifests/kube-apiserver.yaml,我尝试通过运行 sudo kubectl edit pod kube-apiserver 来实现我想要做的-docker-desktop --namespace=kube-system 并添加参数--service-node-port-range=443-22000.但是当我尝试保存它时,出现以下错误:
# pods "kube-apiserver-docker-desktop" 无效:# * spec: Forbidden: pod 更新不能改变除 `spec.containers[*].image`、`spec.initContainers[*].image`、`spec.activeDeadlineSeconds` 或 `spec.tolerations` 以外的字段(仅限添加)到现有的容忍度)(即使我不接触端口 443,我也会收到同样的错误.)有人可以分享他/她的想法或经验吗?谢谢!
附加:
skwok-mbp:kubernetes skwok$ kubectl get deployment -ANAMESPACE NAME READY 最新的可用年龄码头工人撰写 1/1 1 1 15d码头工人撰写 API 1/1 1 1 15d入口-nginx nginx-入口-控制器 1/1 1 1 37mkube-system coredns 2/2 2 2 15dskwok-mbp:kubernetes skwok$ kubectl get pod -ANAMESPACE NAME READY STATUS RESTARTS 年龄默认 Fortune-configmap-volume 2/2 运行 4 14d默认 kubia-2qzmm 1/1 运行 2 15ddocker compose-6c67d745f6-qqmpb 1/1 运行 2 15ddocker compose-api-57ff65b8c7-g8884 1/1 运行 4 15d入口-nginx nginx-入口-控制器-756f65dd87-sq6lt 1/1 运行 0 37mkube-system coredns-fb8b8dccf-jn8cm 1/1 运行 6 15dkube-system coredns-fb8b8dccf-t6qhs 1/1 运行 6 15dkube-system etcd-docker-desktop 1/1 运行 2 15dkube-system kube-apiserver-docker-desktop 1/1 运行 2 15dkube-system kube-controller-manager-docker-desktop 1/1 运行 29 15dkube-system kube-proxy-6nzqx 1/1 运行 2 15dkube-system kube-scheduler-docker-desktop 1/1 运行 30 15d更新:示例 文档中显示了一种在 Minikube 启动期间调整 apiserver 参数的方法:
minikube start --extra-config=apiserver.service-node-port-range=1-65535--extra-config:一组 key=value 对,描述可能传递给不同组件的配置.关键应该是'.'分开,点之前的第一部分是要应用配置的组件.有效组件有:kubelet、apiserver、controller-manager、etcd、proxy, 调度器.link可用选项列表可以在 CLI 文档
在 Mac 上更改 Docker-for-desktop 的 kube-apiserver 参数的另一种方法:
登录 Docker 虚拟机:
$ screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty#(您也可以出于相同目的使用特权容器)docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh#或者docker run --rm -it --privileged --pid=host walkerlee/nsenter -t 1 -m -u -i -n sh# 如此处建议:https://forums.docker.com/t/is-it-possible-to-ssh-to-the-xhyve-machine/17426/5# 在 minikube 的情况下,使用以下命令:$ minikube ssh编辑 kube-apiserver.yaml(它是静态 Pod 之一,它们由 kubelet 使用/etc/kubernetes/manifests 中的文件创建)
$ vi/etc/kubernetes/manifests/kube-apiserver.yaml# 对于 minikube$ sudo vi/etc/kubernetes/manifests/kube-apiserver.yaml将以下行添加到 pod 规范:
规格:容器:- 命令:- kube-apiserver- --advertise-address=192.168.65.3...- --service-node-port-range=443-22000 # <-- 添加这一行...保存并退出.Pod kube-apiserver 将使用新参数重新启动.
退出Docker VM(对于
screen:Ctrl-a,k,对于容器:Ctrl-d)
检查结果:
$ kubectl get pod kube-apiserver-docker-desktop -o yaml -n kube-system |较少的创建简单的部署并使用服务公开它:
$ kubectl run nginx1 --image=nginx --replicas=2$ kubectl 公开部署 nginx1 --port 80 --type=NodePort$ kubectl 获取 svc名称 类型 CLUSTER-IP EXTERNAL-IP PORT(S) AGEkubernetes ClusterIP 10.96.0.1 <无>443/TCP 14dnginx1 节点端口 10.99.173.234 <无>80:14966/TCP 5s如您所见,NodePort 是从新范围中选择的.
还有其他方法来公开您的容器:HostNetwork, HostPort, MetalLB
您需要添加正确的安全上下文为此,请查看 minikube 中的入口插件如何工作,例如.
<代码>...端口:- 容器端口:80主机端口:80协议:TCP- 容器端口:443主机端口:443协议:TCP...安全上下文:能力:添加:- NET_BIND_SERVICE降低:- 全部
How to change the default nodeport range on Mac (docker-desktop)?
I'd like to change the default nodeport range on Mac. Is it possible? I'm glad to have found this article: http://www.thinkcode.se/blog/2019/02/20/kubernetes-service-node-port-range. Since I can't find /etc/kubernetes/manifests/kube-apiserver.yaml in my environment, I tried to achieve what I want to do by running sudo kubectl edit pod kube-apiserver-docker-desktop --namespace=kube-system and add the parameter --service-node-port-range=443-22000. But when I tried to save it, I got the following error:
# pods "kube-apiserver-docker-desktop" was not valid:
# * spec: Forbidden: pod updates may not change fields other than `spec.containers[*].image`, `spec.initContainers[*].image`, `spec.activeDeadlineSeconds` or `spec.tolerations` (only additions to existing tolerations)
(I get the same error even if I don't touch port 443.) Can someone please share his/her thoughts or experience? Thanks!
Append:
skwok-mbp:kubernetes skwok$ kubectl get deployment -A
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
docker compose 1/1 1 1 15d
docker compose-api 1/1 1 1 15d
ingress-nginx nginx-ingress-controller 1/1 1 1 37m
kube-system coredns 2/2 2 2 15d
skwok-mbp:kubernetes skwok$ kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default fortune-configmap-volume 2/2 Running 4 14d
default kubia-2qzmm 1/1 Running 2 15d
docker compose-6c67d745f6-qqmpb 1/1 Running 2 15d
docker compose-api-57ff65b8c7-g8884 1/1 Running 4 15d
ingress-nginx nginx-ingress-controller-756f65dd87-sq6lt 1/1 Running 0 37m
kube-system coredns-fb8b8dccf-jn8cm 1/1 Running 6 15d
kube-system coredns-fb8b8dccf-t6qhs 1/1 Running 6 15d
kube-system etcd-docker-desktop 1/1 Running 2 15d
kube-system kube-apiserver-docker-desktop 1/1 Running 2 15d
kube-system kube-controller-manager-docker-desktop 1/1 Running 29 15d
kube-system kube-proxy-6nzqx 1/1 Running 2 15d
kube-system kube-scheduler-docker-desktop 1/1 Running 30 15d
Update: The example from the documentation shows a way to adjust apiserver parameters during Minikube start:
minikube start --extra-config=apiserver.service-node-port-range=1-65535
--extra-config: A set of key=value pairs that describe configuration that may be passed to different components. The key should be '.' separated, and the first part before the dot is the component to apply the configuration to. Valid components are: kubelet, apiserver, controller-manager, etcd, proxy, scheduler. link
The list of available options could be found in CLI documentation
Another way to change kube-apiserver parameters for Docker-for-desktop on Mac:
login to Docker VM:
$ screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty #(you can also use privileged container for the same purpose) docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh #or docker run --rm -it --privileged --pid=host walkerlee/nsenter -t 1 -m -u -i -n sh # as suggested here: https://forums.docker.com/t/is-it-possible-to-ssh-to-the-xhyve-machine/17426/5 # in case of minikube use the following command: $ minikube sshEdit kube-apiserver.yaml (it's one of static pods, they are created by kubelet using files in /etc/kubernetes/manifests)
$ vi /etc/kubernetes/manifests/kube-apiserver.yaml # for minikube $ sudo vi /etc/kubernetes/manifests/kube-apiserver.yamlAdd the following line to the pod spec:
spec: containers: - command: - kube-apiserver - --advertise-address=192.168.65.3 ... - --service-node-port-range=443-22000 # <-- add this line ...Save and exit. Pod kube-apiserver will be restarted with new parameters.
Exit Docker VM (for
screen:Ctrl-a,k, for container:Ctrl-d)
Check the results:
$ kubectl get pod kube-apiserver-docker-desktop -o yaml -n kube-system | less
Create simple deployment and expose it with service:
$ kubectl run nginx1 --image=nginx --replicas=2
$ kubectl expose deployment nginx1 --port 80 --type=NodePort
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 14d
nginx1 NodePort 10.99.173.234 <none> 80:14966/TCP 5s
As you can see NodePort was chosen from the new range.
There are other ways to expose your container: HostNetwork, HostPort, MetalLB
You need to add the correct security context for that purpose, check out how the ingress addon in minikube works, for example.
...
ports:
- containerPort: 80
hostPort: 80
protocol: TCP
- containerPort: 443
hostPort: 443
protocol: TCP
...
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
这篇关于如何更改 Mac (docker-desktop) 上的默认节点端口范围?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
