K3s Cluster

K3s 由 Rancher Labs 开发,轻量级别的 Kubernetes (K8s) 版本,Kubernetes (K8s) 的简化版,

对比 K8s,K3s 更加轻量,资源消耗低且易部署

学 K8s 前入门 K3s 应该比较好

K3s 架构

图文来自 K3s 官网

  • Server 节点指的是运行 k3s server 命令的主机,control plane 和数据存储组件由 K3s 管理。
  • Agent 节点指的是运行 k3s agent 命令的主机,不具有任何数据存储或 control plane 组件。
  • Server 和 Agent 都运行 kubelet、容器运行时和 CNI。

Architecture

Prerequisites

如若搭建高可用(HA)K3s 服务器集群,则需要至少 3 个 server 节点组成集群

因为资源有限,所以此次实验中只准备 1 个 server 节点和 3 个 agent 节点。单节点 K3s 集群无冗余即非高可用

本次实验所用服务器来自 Akamai (Linode),server 用 dedicated CPU 类型,agent 用普通的 nanode 类型,根据文档配置 linode-cli

linode-cli linodes create \
  --authorized_users ${linode-user} \
  --backups_enabled false \
  --booted true \
  --image linode/debian12 \
  --label debian-ap-south-master \
  --private_ip true \
  --region ap-south \
  --root_pass ${node-root-passwd} \
  --authorized_keys "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEC+DOVfw+8Jsw1IPrYCcU9/HCuKayCsV8bXjsHqX/Zq [email protected]" \
  --tags k3s \
  --tags master \
  --type g6-dedicated-2

linode-cli linodes create \
  --authorized_users ${linode-user} \
  --backups_enabled false \
  --booted true \
  --image linode/debian12 \
  --label debian-ap-south-agent-001 \
  --private_ip true \
  --region ap-south \
  --root_pass ${node-root-passwd} \
  --authorized_keys "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEC+DOVfw+8Jsw1IPrYCcU9/HCuKayCsV8bXjsHqX/Zq [email protected]" \
  --tags k3s \
  --tags agent \
  --type g6-nanode-1

获取各个服务器 IP (IPv4) 位置

┌──────────┬────────────────────────┬──────────┬────────────────┬─────────────────┬─────────┬─────────────────────────────────┐
│ id       │ label                  │ region   │ type           │ image           │ status  │ ipv4                            │
├──────────┼────────────────────────┼──────────┼────────────────┼─────────────────┼─────────┼─────────────────────────────────┤
│ 52544665 │ debian-ap-south-master │ ap-south │ g6-dedicated-2 │ linode/debian12 │ running │ 172.104.*.*, 192.168.133.214  │
│ 52845335 │ debian-ap-south-001    │ ap-south │ g6-nanode-1    │ linode/debian12 │ running │ 172.104.*.*, 192.168.133.102 │
│ 52845350 │ debian-ap-south-002    │ ap-south │ g6-nanode-1    │ linode/debian12 │ running │ 139.162.*.*, 192.168.133.142  │
│ 52845356 │ debian-ap-south-003    │ ap-south │ g6-nanode-1    │ linode/debian12 │ running │ 139.162.*.*, 192.168.156.114  │
└──────────┴────────────────────────┴──────────┴────────────────┴─────────────────┴─────────┴─────────────────────────────────┘

更改 hostname

hostnamectl set-hostname k3s-agent-master
hostnamectl set-hostname k3s-agent-001
hostnamectl set-hostname k3s-agent-002
hostnamectl set-hostname k3s-agent-003

安装部署

此处用官网提供的脚本安装

Server节点

curl -sfL https://get.k3s.io | sh -

获取 join token

cat /var/lib/rancher/k3s/server/token 

K102a48d774e8cfe6d56b81a3e6605e3f00fc330d83f360d27807b270bab7b92820::server:ccf69d70eb9b75a9597b5841712423c8

Agent节点

配置位 Agent 并注册到 Server 节点中

curl -sfL https://get.k3s.io | K3S_URL=https://192.168.133.214:6443 K3S_TOKEN=K102a48d774e8cfe6d56b81a3e6605e3f00fc330d83f360d27807b270bab7b92820::server:ccf69d70eb9b75a9597b5841712423c8 sh -

#若 agent 与 server 主机名重复,则可添加参数 --with-node-id
curl -sfL https://get.k3s.io | K3S_URL=https://192.168.133.214:6443 K3S_TOKEN=K102a48d774e8cfe6d56b81a3e6605e3f00fc330d83f360d27807b270bab7b92820::server:ccf69d70eb9b75a9597b5841712423c8 sh - -- --with-node-id

获取加入节点

kubectl get nodes

NAME               STATUS   ROLES                  AGE   VERSION
k3s-agent-master   Ready    control-plane,master   51m   v1.28.4+k3s2
k3s-agent-001      Ready    <none>                 9h    v1.28.4+k3s2
k3s-agent-002      Ready    <none>                 9h    v1.28.4+k3s2
k3s-agent-003      Ready    <none>                 9h    v1.28.4+k3s2

Kubernetes 仪表盘

初学难免磕磕碰碰,有个 WebUI 或许对学习 K3s/K8s 有所帮助,这里使用适用于 Kubernetes 集群的WebUI

GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters

Kubernetes 仪表盘 | Rancher文档

curl -o dashboard.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

更改dashboard.yaml配置

这里更改至 30000 之后的端口

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard

创建资源清单文件

dashboard.admin-user.yml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

dashboard.admin-user-role.yml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: admin-user
    namespace: kubernetes-dashboard

部署admin-user 配置

k3s kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml
kubectl apply -f dashboard.yaml

获得 Bearer Token

k3s kubectl -n kubernetes-dashboard create token admin-user

本地创建 k3s-master-kubeconfig.yaml 充当 Kubeconfig 配置对集群的访问权限

获取集群信息得到集群证书数据(certificate-authority-data)

kubectl config view --minify --raw
apiVersion: v1
kind: Config
clusters:
- name: kubernetes
  cluster:
    server: <k3s-master-ip-address(https://172.104.*.*:30001)>
    certificate-authority-data: <certificate-authority-data>
contexts:
- name: admin-user@kubernetes
  context:
    cluster: kubernetes
    user: admin-user
current-context: admin-user@kubernetes
users:
- name: admin-user
  user:
    token: <serviceaccount-token>

访问远程仪表盘 https://172.104.*.*:30001/

Kubernetes Dashboard

Dashboard View

卸载 K3s

从Server节点卸载

/usr/local/bin/k3s-uninstall.sh

从Agent节点卸载

/usr/local/bin/k3s-uninstall.sh

参考资料

K3s - 轻量级 Kubernetes | K3s

k3s安装与部署 - 运维人在路上 - 博客园 (cnblogs.com)

Install and Configure the Linode CLI | Linode Docs

Deploy and Access the Kubernetes Dashboard | Kubernetes

GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters

Kubernetes 仪表盘 | Rancher文档

最后修改:2024 年 09 月 09 日
如果觉得我的文章对你有用,请随意赞赏