共计 7378 个字符,预计需要花费 19 分钟才能阅读完成。
K3S 介绍
K3s 是一个轻量级的 Kubernetes 发行版,是一个开源的用于治理云平台中多个主机上的容器化的利用。因在内存占用方面只是 Kubernetes 一半的大小,故简写为 K3s。
在本文中,我将展现如何一步步基于 Rocky Linux 搭建 K3S 服务集群。
第 1 步:为搭建做筹备
咱们先在 Virtualbox 上新建三台实例,并且设置网络为桥接模式
如图:
而后启动,期待装置实现
在本文中,咱们别离在三台实例上通过编辑 /etc/hosts 配置好 IP
tee -a /etc/hosts<<EOF
192.168.1.90 master
192.168.1.91 node1
192.168.1.92 node2
EOF
为不便前面辨别查看节点信息,咱们须要配置一下每一台机器的 hostname
应用 hostnamectl 命令,hostnamectl set-hostname name,再通过 hostname 或者 hostnamectl status 命令查看更改是否失效
[root@localhost ~]# hostnamectl set-hostname master #这里是设置 master
[root@localhost ~]# hostname
master敞开防火墙以及 selinux
[root@master ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
[root@master ~]# systemctl stop firewalld && systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.应用 dnf 命令将所有软件包更新到最新版本
[root@master ~]# dnf update -y
[root@master ~]# reboot这里须要正文敞开 swap 替换分区
[root@master ~]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Sat Feb 26 09:13:56 2022
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/rl-root / xfs defaults 0 0
UUID=a4c1024b-862b-49f9-befa-8e1cefd2e7b5 /boot xfs defaults 0 0
# /dev/mapper/rl-swap none swap defaults 0 0(可选)跟我一样有强迫症的同学,能够应用这条命令主动筛选并删除以后零碎老版本的内核,而后重启
[root@master ~]# dnf remove $(rpm -qa | grep kernel | grep -v $(uname -r))第 2 步:装置 K3s
在以后 master 实例当中,执行
[root@master ~]# curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -
结束![INFO] Creating /usr/local/bin/kubectl symlink to k3s
[INFO] Creating /usr/local/bin/crictl symlink to k3s
[INFO] Creating /usr/local/bin/ctr symlink to k3s
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s.service
[INFO] systemd: Enabling k3s unit
[INFO] systemd: Starting k3s
[root@master ~]# 应用 kubectl get nodes 去验证装置实现
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 60s v1.22.6+k3s1在这里,倡议把 master k3s 设为开机启动
[root@master ~]# systemctl enable k3s查看 k3s server 的 token
[root@master ~]# cat /var/lib/rancher/k3s/server/node-token
K104415b7f79fdf3fd5bfde8f0c4d1f7be6de7f9d33de478e154931dfb8862fb2b9::server:801c4f3faf48d6ce25b95790f35a4ad0在 work 实例中,执行脚本
[root@node1 ~]# export K3S_URL="https://192.168.1.90:6443"
[root@node1 ~]# export K3S_TOKEN="K104415b7f79fdf3fd5bfde8f0c4d1f7be6de7f9d33de478e154931dfb8862fb2b9::server:801c4f3faf48d6ce25b95790f35a4ad0"
[root@node1 ~]# curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=${K3S_URL} K3S_TOKEN=${K3S_TOKEN} sh -
[INFO] Creating /usr/local/bin/kubectl symlink to k3s
[INFO] Creating /usr/local/bin/crictl symlink to k3s
[INFO] Creating /usr/local/bin/ctr symlink to k3s
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-agent-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s-agent.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s-agent.service
[INFO] systemd: Enabling k3s-agent unit
[INFO] systemd: Starting k3s-agent 同样倡议把 k3s-agent 也设为开机启动
[root@node1 ~]# systemctl enable k3s-agent回到 master 实例,执行 kubectl get nodes 咱们能够查看以后所有节点
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 24m v1.22.6+k3s1
node2 Ready <none> 4m28s v1.22.6+k3s1
node1 Ready <none> 5m58s v1.22.6+k3s1在这里,咱们能够看到所有 work 节点都曾经退出到 k3s 集群
第 3 步:部署 Kubernetes 仪表板
在 master 实例上,执行脚本
[root@master dashboard]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml -O kubernetes-dashboard.yaml在此过程中,有很大机率因 github 网络稳定无奈实现下载。
在这里,我倡议在浏览器关上 https://raw.githubusercontent…,而后 关上 vim 复制粘贴并保留到 master 实例上。
批改编辑 kubernetes-dashboard.yaml,咱们设置成能够通过 NodePort 模式来从浏览器拜访到 dashboard,
增加 nodePort 并凋谢 31989 端口,增加 type:NodePort
运行 k3s kubectl create -f 命令
[root@master dashboard]# k3s kubectl create -f kubernetes-dashboard.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created查看以后所有 pods 运行状况,以便排查到有哪些 pod 没有胜利运行
等这几个 pod 的 status 状态都为 Running,咱们再持续下一步
[root@master dashboard]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-96cc4f57d-79hbr 1/1 Running 0 77m
kube-system local-path-provisioner-84bb864455-mss9p 1/1 Running 0 77m
kube-system helm-install-traefik-crd--1-6j2qm 0/1 Completed 0 77m
kube-system metrics-server-ff9dbcb6c-skrzg 1/1 Running 0 77m
kube-system helm-install-traefik--1-j5nc5 0/1 Completed 1 77m
kube-system svclb-traefik-tmwwd 2/2 Running 0 76m
kube-system traefik-55fdc6d984-zg8k7 1/1 Running 0 76m
kube-system svclb-traefik-zjwnh 2/2 Running 2 (23m ago) 58m
kube-system svclb-traefik-vhg4f 2/2 Running 2 (23m ago) 56m
kubernetes-dashboard dashboard-metrics-scraper-c45b7869d-5bwql 1/1 Running 0 38s
kubernetes-dashboard kubernetes-dashboard-764b4dd7-b82cj 1/1 Running 0 39s创立以下资源配置文件:
dashboard.admin-user.yml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboarddashboard.admin-user-role.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard部署 admin-user 配置:
[root@master dashboard]# k3s kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created获取登录拜访 Dashboard 的 Token 令牌
[root@master dashboard]# k3s kubectl -n kubernetes-dashboard describe secret admin-user-token | grep '^token'
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IldNcGMzOVV0d2lSQjRKMnRPcl82X0xNb2FxeS0tUUVUa19uQ0VGQVpSRzAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWxoOHg3Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI4NTBmOGE2NC04ODI0LTRlZDUtYmUzOS1kZDZiZmFmZjA4YTYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.RPrZ9X63hnGtLiPz4ELGRPtFHm09WNwZlz0LaSXN2Hdw4_bpaSLFBqgpdr4wjJ7uVy-v2aVhCO1la6dPBoh_R3TQAEj5WFYmdt_9XJ9E6lwd4URb-y4MMXWAzZUgJNv06XEvCGlo_THQlgCssaqrDBZl1N-zs7bavbNNnSXk-VtTXiPuSKkiF5ijqXCDUkN1PJET0Y6o5j4zYOYi7AXeBCcZm7JSrRslx3SlcKM414Rcp52k30x4ahejQIDonp-jv6cltp3GfR18w0BGMc8x2rESVrZfmqH07S03lwMot20yQnZa8JQYco5gFfToDW06v_FD4AV38fwv3o1ZMz19ng执行代理拜访到 Kubernetes-dashboard 仪表板
[root@master dashboard]# k3s kubectl proxy
Starting to serve on 127.0.0.1:8001咱们关上浏览器 拜访到 https://192.168.1.90:31989
因为 Chrome 和 Safari 浏览器有 https 的证书策略,被迫长期下了个 Firefox
在这里,咱们应用 Token 登录形式,所以须要把上一步获取到的 Token 填进去
进入到 Kubernetes Dashboard,拉到最上面 在 Local Setting 那一栏找到 Language 咱们抉择中文显示
至此,K3s 集群和 dashboard 初步部署曾经实现,前面持续钻研。
正文完
