K3S介绍
K3s 是一个轻量级的 Kubernetes 发行版,是一个开源的用于治理云平台中多个主机上的容器化的利用。因在内存占用方面只是Kubernetes一半的大小,故简写为 K3s。
在本文中,我将展现如何一步步基于Rocky Linux搭建K3S服务集群。
第 1 步:为搭建做筹备
咱们先在Virtualbox上新建三台实例,并且设置网络为桥接模式
如图:
而后启动,期待装置实现
在本文中,咱们别离在三台实例上通过编辑 /etc/hosts 配置好IP
tee -a /etc/hosts<<EOF192.168.1.90 master192.168.1.91 node1192.168.1.92 node2EOF为不便前面辨别查看节点信息,咱们须要配置一下每一台机器的 hostname
应用hostnamectl命令,hostnamectl set-hostname name ,再通过hostname或者hostnamectl status命令查看更改是否失效
[root@localhost ~]# hostnamectl set-hostname master #这里是设置master[root@localhost ~]# hostnamemaster敞开防火墙以及selinux
[root@master ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config[root@master ~]# systemctl stop firewalld && systemctl disable firewalld Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.应用dnf命令将所有软件包更新到最新版本
[root@master ~]# dnf update -y[root@master ~]# reboot这里须要正文敞开swap替换分区
[root@master ~]# cat /etc/fstab ## /etc/fstab# Created by anaconda on Sat Feb 26 09:13:56 2022## Accessible filesystems, by reference, are maintained under '/dev/disk/'.# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.## After editing this file, run 'systemctl daemon-reload' to update systemd# units generated from this file.#/dev/mapper/rl-root / xfs defaults 0 0UUID=a4c1024b-862b-49f9-befa-8e1cefd2e7b5 /boot xfs defaults 0 0# /dev/mapper/rl-swap none swap defaults 0 0(可选)跟我一样有强迫症的同学,能够应用这条命令主动筛选并删除以后零碎老版本的内核,而后重启
[root@master ~]# dnf remove $(rpm -qa | grep kernel | grep -v $(uname -r))第 2 步:装置K3s
在以后master实例当中,执行
[root@master ~]# curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -结束![INFO] Creating /usr/local/bin/kubectl symlink to k3s[INFO] Creating /usr/local/bin/crictl symlink to k3s[INFO] Creating /usr/local/bin/ctr symlink to k3s[INFO] Creating killall script /usr/local/bin/k3s-killall.sh[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env[INFO] systemd: Creating service file /etc/systemd/system/k3s.service[INFO] systemd: Enabling k3s unit[INFO] systemd: Starting k3s[root@master ~]# 应用kubectl get nodes 去验证装置实现
[root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSIONmaster Ready control-plane,master 60s v1.22.6+k3s1在这里,倡议把master k3s设为开机启动
[root@master ~]# systemctl enable k3s查看k3s server的token
[root@master ~]# cat /var/lib/rancher/k3s/server/node-tokenK104415b7f79fdf3fd5bfde8f0c4d1f7be6de7f9d33de478e154931dfb8862fb2b9::server:801c4f3faf48d6ce25b95790f35a4ad0在work实例中,执行脚本
[root@node1 ~]# export K3S_URL="https://192.168.1.90:6443"[root@node1 ~]# export K3S_TOKEN="K104415b7f79fdf3fd5bfde8f0c4d1f7be6de7f9d33de478e154931dfb8862fb2b9::server:801c4f3faf48d6ce25b95790f35a4ad0"[root@node1 ~]# curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=${K3S_URL} K3S_TOKEN=${K3S_TOKEN} sh -[INFO] Creating /usr/local/bin/kubectl symlink to k3s[INFO] Creating /usr/local/bin/crictl symlink to k3s[INFO] Creating /usr/local/bin/ctr symlink to k3s[INFO] Creating killall script /usr/local/bin/k3s-killall.sh[INFO] Creating uninstall script /usr/local/bin/k3s-agent-uninstall.sh[INFO] env: Creating environment file /etc/systemd/system/k3s-agent.service.env[INFO] systemd: Creating service file /etc/systemd/system/k3s-agent.service[INFO] systemd: Enabling k3s-agent unit[INFO] systemd: Starting k3s-agent 同样倡议把k3s-agent也设为开机启动
[root@node1 ~]# systemctl enable k3s-agent回到master实例,执行kubectl get nodes 咱们能够查看以后所有节点
[root@master ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONmaster Ready control-plane,master 24m v1.22.6+k3s1node2 Ready <none> 4m28s v1.22.6+k3s1node1 Ready <none> 5m58s v1.22.6+k3s1在这里,咱们能够看到所有work节点都曾经退出到k3s集群
第 3 步:部署 Kubernetes 仪表板
在master实例上,执行脚本
[root@master dashboard]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml -O kubernetes-dashboard.yaml在此过程中,有很大机率因github网络稳定无奈实现下载。
在这里,我倡议在浏览器关上 https://raw.githubusercontent... ,而后 关上vim 复制粘贴并保留到master 实例上。
批改编辑 kubernetes-dashboard.yaml,咱们设置成能够通过NodePort模式来从浏览器拜访到dashboard,
增加nodePort 并凋谢31989端口,增加type:NodePort
运行k3s kubectl create -f 命令
[root@master dashboard]# k3s kubectl create -f kubernetes-dashboard.yamlnamespace/kubernetes-dashboard createdserviceaccount/kubernetes-dashboard createdservice/kubernetes-dashboard createdsecret/kubernetes-dashboard-certs createdsecret/kubernetes-dashboard-csrf createdsecret/kubernetes-dashboard-key-holder createdconfigmap/kubernetes-dashboard-settings createdrole.rbac.authorization.k8s.io/kubernetes-dashboard createdclusterrole.rbac.authorization.k8s.io/kubernetes-dashboard createdrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard createdclusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard createddeployment.apps/kubernetes-dashboard createdservice/dashboard-metrics-scraper createddeployment.apps/dashboard-metrics-scraper created查看以后所有pods运行状况,以便排查到有哪些pod没有胜利运行
等这几个pod 的status 状态都为Running,咱们再持续下一步
[root@master dashboard]# kubectl get pods --all-namespacesNAMESPACE NAME READY STATUS RESTARTS AGEkube-system coredns-96cc4f57d-79hbr 1/1 Running 0 77mkube-system local-path-provisioner-84bb864455-mss9p 1/1 Running 0 77mkube-system helm-install-traefik-crd--1-6j2qm 0/1 Completed 0 77mkube-system metrics-server-ff9dbcb6c-skrzg 1/1 Running 0 77mkube-system helm-install-traefik--1-j5nc5 0/1 Completed 1 77mkube-system svclb-traefik-tmwwd 2/2 Running 0 76mkube-system traefik-55fdc6d984-zg8k7 1/1 Running 0 76mkube-system svclb-traefik-zjwnh 2/2 Running 2 (23m ago) 58mkube-system svclb-traefik-vhg4f 2/2 Running 2 (23m ago) 56mkubernetes-dashboard dashboard-metrics-scraper-c45b7869d-5bwql 1/1 Running 0 38skubernetes-dashboard kubernetes-dashboard-764b4dd7-b82cj 1/1 Running 0 39s创立以下资源配置文件:
dashboard.admin-user.yml
apiVersion: v1kind: ServiceAccountmetadata: name: admin-user namespace: kubernetes-dashboarddashboard.admin-user-role.yml
apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata: name: admin-userroleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-adminsubjects:- kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard部署admin-user配置:
[root@master dashboard]# k3s kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.ymlserviceaccount/admin-user createdclusterrolebinding.rbac.authorization.k8s.io/admin-user created获取登录拜访Dashboard的Token令牌
[root@master dashboard]# k3s kubectl -n kubernetes-dashboard describe secret admin-user-token | grep '^token'token: eyJhbGciOiJSUzI1NiIsImtpZCI6IldNcGMzOVV0d2lSQjRKMnRPcl82X0xNb2FxeS0tUUVUa19uQ0VGQVpSRzAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWxoOHg3Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI4NTBmOGE2NC04ODI0LTRlZDUtYmUzOS1kZDZiZmFmZjA4YTYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.RPrZ9X63hnGtLiPz4ELGRPtFHm09WNwZlz0LaSXN2Hdw4_bpaSLFBqgpdr4wjJ7uVy-v2aVhCO1la6dPBoh_R3TQAEj5WFYmdt_9XJ9E6lwd4URb-y4MMXWAzZUgJNv06XEvCGlo_THQlgCssaqrDBZl1N-zs7bavbNNnSXk-VtTXiPuSKkiF5ijqXCDUkN1PJET0Y6o5j4zYOYi7AXeBCcZm7JSrRslx3SlcKM414Rcp52k30x4ahejQIDonp-jv6cltp3GfR18w0BGMc8x2rESVrZfmqH07S03lwMot20yQnZa8JQYco5gFfToDW06v_FD4AV38fwv3o1ZMz19ng执行代理拜访到Kubernetes-dashboard仪表板
[root@master dashboard]# k3s kubectl proxyStarting to serve on 127.0.0.1:8001咱们关上浏览器 拜访到 https://192.168.1.90:31989
因为Chrome和Safari 浏览器有https的证书策略,被迫长期下了个Firefox
在这里,咱们应用Token登录形式,所以须要把上一步获取到的Token填进去
进入到Kubernetes Dashboard ,拉到最上面 在Local Setting那一栏找到Language 咱们抉择中文显示
至此,K3s 集群和dashboard 初步部署曾经实现,前面持续钻研。