关于容器:一步步基于Rocky-Linux-搭建K3s集群

44次阅读

共计 7378 个字符,预计需要花费 19 分钟才能阅读完成。

K3S 介绍

K3s 是一个轻量级的 Kubernetes 发行版,是一个开源的用于治理云平台中多个主机上的容器化的利用。因在内存占用方面只是 Kubernetes 一半的大小,故简写为 K3s。

在本文中,我将展现如何一步步基于 Rocky Linux 搭建 K3S 服务集群。

第 1 步:为搭建做筹备

咱们先在 Virtualbox 上新建三台实例,并且设置网络为桥接模式
如图:


而后启动,期待装置实现

在本文中,咱们别离在三台实例上通过编辑 /etc/hosts 配置好 IP

tee -a /etc/hosts<<EOF
192.168.1.90    master
192.168.1.91    node1
192.168.1.92    node2
EOF

为不便前面辨别查看节点信息,咱们须要配置一下每一台机器的 hostname
应用 hostnamectl 命令,hostnamectl set-hostname name,再通过 hostname 或者 hostnamectl status 命令查看更改是否失效

[root@localhost ~]# hostnamectl set-hostname master    #这里是设置 master
[root@localhost ~]# hostname
master

敞开防火墙以及 selinux

[root@master ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
[root@master ~]# systemctl stop firewalld && systemctl disable firewalld 
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

应用 dnf 命令将所有软件包更新到最新版本

[root@master ~]# dnf update -y
[root@master ~]# reboot

这里须要正文敞开 swap 替换分区

[root@master ~]# cat /etc/fstab 

#
# /etc/fstab
# Created by anaconda on Sat Feb 26 09:13:56 2022
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/rl-root     /                       xfs     defaults        0 0
UUID=a4c1024b-862b-49f9-befa-8e1cefd2e7b5 /boot                   xfs     defaults        0 0
# /dev/mapper/rl-swap     none                    swap    defaults        0 0

(可选)跟我一样有强迫症的同学,能够应用这条命令主动筛选并删除以后零碎老版本的内核,而后重启

[root@master ~]# dnf remove $(rpm -qa | grep kernel | grep -v $(uname -r))

第 2 步:装置 K3s

在以后 master 实例当中,执行

[root@master ~]# curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -
结束![INFO]  Creating /usr/local/bin/kubectl symlink to k3s
[INFO]  Creating /usr/local/bin/crictl symlink to k3s
[INFO]  Creating /usr/local/bin/ctr symlink to k3s
[INFO]  Creating killall script /usr/local/bin/k3s-killall.sh
[INFO]  Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO]  env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO]  systemd: Creating service file /etc/systemd/system/k3s.service
[INFO]  systemd: Enabling k3s unit
[INFO]  systemd: Starting k3s
[root@master ~]# 

应用 kubectl get nodes 去验证装置实现

[root@master ~]# kubectl get nodes 
NAME     STATUS   ROLES                  AGE   VERSION
master   Ready    control-plane,master   60s   v1.22.6+k3s1

在这里,倡议把 master k3s 设为开机启动

[root@master ~]# systemctl enable k3s

查看 k3s server 的 token

[root@master ~]# cat /var/lib/rancher/k3s/server/node-token
K104415b7f79fdf3fd5bfde8f0c4d1f7be6de7f9d33de478e154931dfb8862fb2b9::server:801c4f3faf48d6ce25b95790f35a4ad0

在 work 实例中,执行脚本

[root@node1 ~]# export K3S_URL="https://192.168.1.90:6443"
[root@node1 ~]# export K3S_TOKEN="K104415b7f79fdf3fd5bfde8f0c4d1f7be6de7f9d33de478e154931dfb8862fb2b9::server:801c4f3faf48d6ce25b95790f35a4ad0"
[root@node1 ~]# curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=${K3S_URL} K3S_TOKEN=${K3S_TOKEN}  sh -
[INFO]  Creating /usr/local/bin/kubectl symlink to k3s
[INFO]  Creating /usr/local/bin/crictl symlink to k3s
[INFO]  Creating /usr/local/bin/ctr symlink to k3s
[INFO]  Creating killall script /usr/local/bin/k3s-killall.sh
[INFO]  Creating uninstall script /usr/local/bin/k3s-agent-uninstall.sh
[INFO]  env: Creating environment file /etc/systemd/system/k3s-agent.service.env
[INFO]  systemd: Creating service file /etc/systemd/system/k3s-agent.service
[INFO]  systemd: Enabling k3s-agent unit
[INFO]  systemd: Starting k3s-agent    

同样倡议把 k3s-agent 也设为开机启动

[root@node1 ~]# systemctl enable k3s-agent

回到 master 实例,执行 kubectl get nodes 咱们能够查看以后所有节点

[root@master ~]# kubectl get nodes
NAME     STATUS   ROLES                  AGE     VERSION
master   Ready    control-plane,master   24m     v1.22.6+k3s1
node2    Ready    <none>                 4m28s   v1.22.6+k3s1
node1    Ready    <none>                 5m58s   v1.22.6+k3s1

在这里,咱们能够看到所有 work 节点都曾经退出到 k3s 集群

第 3 步:部署 Kubernetes 仪表板

在 master 实例上,执行脚本

[root@master dashboard]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml -O kubernetes-dashboard.yaml

在此过程中,有很大机率因 github 网络稳定无奈实现下载。
在这里,我倡议在浏览器关上 https://raw.githubusercontent…,而后 关上 vim 复制粘贴并保留到 master 实例上。

批改编辑 kubernetes-dashboard.yaml,咱们设置成能够通过 NodePort 模式来从浏览器拜访到 dashboard,

增加 nodePort 并凋谢 31989 端口,增加 type:NodePort


运行 k3s kubectl create -f 命令

[root@master dashboard]# k3s kubectl create -f kubernetes-dashboard.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

查看以后所有 pods 运行状况,以便排查到有哪些 pod 没有胜利运行

等这几个 pod 的 status 状态都为 Running,咱们再持续下一步

[root@master dashboard]# kubectl get pods --all-namespaces
NAMESPACE              NAME                                        READY   STATUS      RESTARTS      AGE
kube-system            coredns-96cc4f57d-79hbr                     1/1     Running     0             77m
kube-system            local-path-provisioner-84bb864455-mss9p     1/1     Running     0             77m
kube-system            helm-install-traefik-crd--1-6j2qm           0/1     Completed   0             77m
kube-system            metrics-server-ff9dbcb6c-skrzg              1/1     Running     0             77m
kube-system            helm-install-traefik--1-j5nc5               0/1     Completed   1             77m
kube-system            svclb-traefik-tmwwd                         2/2     Running     0             76m
kube-system            traefik-55fdc6d984-zg8k7                    1/1     Running     0             76m
kube-system            svclb-traefik-zjwnh                         2/2     Running     2 (23m ago)   58m
kube-system            svclb-traefik-vhg4f                         2/2     Running     2 (23m ago)   56m
kubernetes-dashboard   dashboard-metrics-scraper-c45b7869d-5bwql   1/1     Running     0             38s
kubernetes-dashboard   kubernetes-dashboard-764b4dd7-b82cj         1/1     Running     0             39s

创立以下资源配置文件:

dashboard.admin-user.yml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

dashboard.admin-user-role.yml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

部署 admin-user 配置:

[root@master dashboard]# k3s kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

获取登录拜访 Dashboard 的 Token 令牌

[root@master dashboard]# k3s kubectl -n kubernetes-dashboard describe secret admin-user-token | grep '^token'
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IldNcGMzOVV0d2lSQjRKMnRPcl82X0xNb2FxeS0tUUVUa19uQ0VGQVpSRzAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWxoOHg3Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI4NTBmOGE2NC04ODI0LTRlZDUtYmUzOS1kZDZiZmFmZjA4YTYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.RPrZ9X63hnGtLiPz4ELGRPtFHm09WNwZlz0LaSXN2Hdw4_bpaSLFBqgpdr4wjJ7uVy-v2aVhCO1la6dPBoh_R3TQAEj5WFYmdt_9XJ9E6lwd4URb-y4MMXWAzZUgJNv06XEvCGlo_THQlgCssaqrDBZl1N-zs7bavbNNnSXk-VtTXiPuSKkiF5ijqXCDUkN1PJET0Y6o5j4zYOYi7AXeBCcZm7JSrRslx3SlcKM414Rcp52k30x4ahejQIDonp-jv6cltp3GfR18w0BGMc8x2rESVrZfmqH07S03lwMot20yQnZa8JQYco5gFfToDW06v_FD4AV38fwv3o1ZMz19ng

执行代理拜访到 Kubernetes-dashboard 仪表板

[root@master dashboard]# k3s kubectl proxy
Starting to serve on 127.0.0.1:8001

咱们关上浏览器 拜访到 https://192.168.1.90:31989

因为 Chrome 和 Safari 浏览器有 https 的证书策略,被迫长期下了个 Firefox

在这里,咱们应用 Token 登录形式,所以须要把上一步获取到的 Token 填进去


进入到 Kubernetes Dashboard,拉到最上面 在 Local Setting 那一栏找到 Language 咱们抉择中文显示


至此,K3s 集群和 dashboard 初步部署曾经实现,前面持续钻研。

正文完
 0