K3s 由 Rancher Labs 开发,轻量级别的 Kubernetes (K8s) 版本,Kubernetes (K8s) 的简化版,
对比 K8s,K3s 更加轻量,资源消耗低且易部署
学 K8s 前入门 K3s 应该比较好
K3s 架构
图文来自 K3s 官网
- Server 节点指的是运行
k3s server
命令的主机,control plane 和数据存储组件由 K3s 管理。 - Agent 节点指的是运行
k3s agent
命令的主机,不具有任何数据存储或 control plane 组件。 - Server 和 Agent 都运行 kubelet、容器运行时和 CNI。
Prerequisites
如若搭建高可用(HA)K3s 服务器集群,则需要至少 3 个 server 节点组成集群
因为资源有限,所以此次实验中只准备 1 个 server 节点和 3 个 agent 节点。单节点 K3s 集群无冗余即非高可用
本次实验所用服务器来自 Akamai (Linode),server 用 dedicated CPU 类型,agent 用普通的 nanode 类型,根据文档配置 linode-cli
linode-cli linodes create \
--authorized_users ${linode-user} \
--backups_enabled false \
--booted true \
--image linode/debian12 \
--label debian-ap-south-master \
--private_ip true \
--region ap-south \
--root_pass ${node-root-passwd} \
--authorized_keys "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEC+DOVfw+8Jsw1IPrYCcU9/HCuKayCsV8bXjsHqX/Zq [email protected]" \
--tags k3s \
--tags master \
--type g6-dedicated-2
linode-cli linodes create \
--authorized_users ${linode-user} \
--backups_enabled false \
--booted true \
--image linode/debian12 \
--label debian-ap-south-agent-001 \
--private_ip true \
--region ap-south \
--root_pass ${node-root-passwd} \
--authorized_keys "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEC+DOVfw+8Jsw1IPrYCcU9/HCuKayCsV8bXjsHqX/Zq [email protected]" \
--tags k3s \
--tags agent \
--type g6-nanode-1
获取各个服务器 IP (IPv4) 位置
┌──────────┬────────────────────────┬──────────┬────────────────┬─────────────────┬─────────┬─────────────────────────────────┐
│ id │ label │ region │ type │ image │ status │ ipv4 │
├──────────┼────────────────────────┼──────────┼────────────────┼─────────────────┼─────────┼─────────────────────────────────┤
│ 52544665 │ debian-ap-south-master │ ap-south │ g6-dedicated-2 │ linode/debian12 │ running │ 172.104.*.*, 192.168.133.214 │
│ 52845335 │ debian-ap-south-001 │ ap-south │ g6-nanode-1 │ linode/debian12 │ running │ 172.104.*.*, 192.168.133.102 │
│ 52845350 │ debian-ap-south-002 │ ap-south │ g6-nanode-1 │ linode/debian12 │ running │ 139.162.*.*, 192.168.133.142 │
│ 52845356 │ debian-ap-south-003 │ ap-south │ g6-nanode-1 │ linode/debian12 │ running │ 139.162.*.*, 192.168.156.114 │
└──────────┴────────────────────────┴──────────┴────────────────┴─────────────────┴─────────┴─────────────────────────────────┘
更改 hostname
hostnamectl set-hostname k3s-agent-master
hostnamectl set-hostname k3s-agent-001
hostnamectl set-hostname k3s-agent-002
hostnamectl set-hostname k3s-agent-003
安装部署
此处用官网提供的脚本安装
Server节点
curl -sfL https://get.k3s.io | sh -
获取 join token
cat /var/lib/rancher/k3s/server/token
K102a48d774e8cfe6d56b81a3e6605e3f00fc330d83f360d27807b270bab7b92820::server:ccf69d70eb9b75a9597b5841712423c8
Agent节点
配置位 Agent 并注册到 Server 节点中
curl -sfL https://get.k3s.io | K3S_URL=https://192.168.133.214:6443 K3S_TOKEN=K102a48d774e8cfe6d56b81a3e6605e3f00fc330d83f360d27807b270bab7b92820::server:ccf69d70eb9b75a9597b5841712423c8 sh -
#若 agent 与 server 主机名重复,则可添加参数 --with-node-id
curl -sfL https://get.k3s.io | K3S_URL=https://192.168.133.214:6443 K3S_TOKEN=K102a48d774e8cfe6d56b81a3e6605e3f00fc330d83f360d27807b270bab7b92820::server:ccf69d70eb9b75a9597b5841712423c8 sh - -- --with-node-id
获取加入节点
kubectl get nodes
NAME STATUS ROLES AGE VERSION
k3s-agent-master Ready control-plane,master 51m v1.28.4+k3s2
k3s-agent-001 Ready <none> 9h v1.28.4+k3s2
k3s-agent-002 Ready <none> 9h v1.28.4+k3s2
k3s-agent-003 Ready <none> 9h v1.28.4+k3s2
Kubernetes 仪表盘
初学难免磕磕碰碰,有个 WebUI 或许对学习 K3s/K8s 有所帮助,这里使用适用于 Kubernetes 集群的WebUI
GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters
curl -o dashboard.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
更改dashboard.yaml配置
这里更改至 30000 之后的端口
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
创建资源清单文件
dashboard.admin-user.yml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
dashboard.admin-user-role.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
部署admin-user
配置
k3s kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml
kubectl apply -f dashboard.yaml
获得 Bearer Token
k3s kubectl -n kubernetes-dashboard create token admin-user
本地创建 k3s-master-kubeconfig.yaml 充当 Kubeconfig 配置对集群的访问权限
获取集群信息得到集群证书数据(certificate-authority-data)
kubectl config view --minify --raw
apiVersion: v1
kind: Config
clusters:
- name: kubernetes
cluster:
server: <k3s-master-ip-address(https://172.104.*.*:30001)>
certificate-authority-data: <certificate-authority-data>
contexts:
- name: admin-user@kubernetes
context:
cluster: kubernetes
user: admin-user
current-context: admin-user@kubernetes
users:
- name: admin-user
user:
token: <serviceaccount-token>
访问远程仪表盘 https://172.104.*.*:30001/
卸载 K3s
从Server节点卸载
/usr/local/bin/k3s-uninstall.sh
从Agent节点卸载
/usr/local/bin/k3s-uninstall.sh
参考资料
k3s安装与部署 - 运维人在路上 - 博客园 (cnblogs.com)
Install and Configure the Linode CLI | Linode Docs
Deploy and Access the Kubernetes Dashboard | Kubernetes
GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters