k3s 快速入门 - 集群搭建
齐奕
K3s快速搭建入门
1、什么是 K3s?#
K3s 是一个轻量级的 Kubernetes 发行版,它针对边缘计算、物联网等场景进行了高度优化。K3s 有以下增强功能:
- 打包为单个二进制文件。
- 使用基于 sqlite3 的轻量级存储后端作为默认存储机制。同时支持使用 etcd3、MySQL 和 PostgreSQL 作为存储机制。
- 封装在简单的启动程序中,通过该启动程序处理很多复杂的 TLS 和选项。
- 默认情况下是安全的,对轻量级环境有合理的默认值。
- 添加了简单但功能强大的
2、环境准备
这次主要是搭建多节点环境,所以准备的两台服务器进行搭建,服务器是在同一个网段内。环境相关配置如下:
主节点操作系统:CentOS Linux release 7.9.2009 (Core)
内存:8G,cpu:4core
从节点操作系统:Ubuntu-20.04
内存:8G,cpu:8core
3、执行脚本搭建
在官网文档中,k3s提供了一个安装脚本,可以方便在systemd 或 openrc 的系统上将其作为服务安装。相关脚步如下:
curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -
执行脚本之后会在文件夹/usr/local/bin生成以下文件:crictl 、ctr、k3s、k3s-killall.sh、k3s-uninstall.sh、kubectl
同时会启动k3s服务。
[root@localhost bin]# curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -
[INFO] Finding release for channel stable
[INFO] Using v1.24.3+k3s1 as release
[INFO] Downloading hash rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/v1.24.3-k3s1/sha256sum-amd64.txt
[INFO] Downloading binary rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/v1.24.3-k3s1/k3s
[INFO] Verifying binary download
[INFO] Installing k3s to /usr/local/bin/k3s
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.njupt.edu.cn
* extras: mirrors.njupt.edu.cn
* updates: mirror.lzu.edu.cn
Package yum-utils-1.1.31-54.el7_8.noarch already installed and latest version
Nothing to do
Loaded plugins: fastestmirror, langpacks
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.njupt.edu.cn
* extras: mirrors.njupt.edu.cn
* updates: mirror.lzu.edu.cn
rancher-k3s-common-stable | 2.9 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package k3s-selinux.noarch 0:1.2-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================================================
Installing:
k3s-selinux noarch 1.2-2.el7 rancher-k3s-common-stable 16 k
Transaction Summary
======================================================================================================================================================================
Install 1 Package
Total download size: 16 k
Installed size: 94 k
Downloading packages:
k3s-selinux-1.2-2.el7.noarch.rpm | 16 kB 00:00:06
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : k3s-selinux-1.2-2.el7.noarch 1/1
Verifying : k3s-selinux-1.2-2.el7.noarch 1/1
Installed:
k3s-selinux.noarch 0:1.2-2.el7
Complete!
[INFO] Creating /usr/local/bin/kubectl symlink to k3s
[INFO] Creating /usr/local/bin/crictl symlink to k3s
[INFO] Creating /usr/local/bin/ctr symlink to k3s
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s.service
[INFO] systemd: Enabling k3s unit
Created symlink from /etc/systemd/system/multi-user.target.wants/k3s.service to /etc/systemd/system/k3s.service.
[INFO] systemd: Starting k3s
[root@localhost bin]#
当执行到“[INFO] systemd: Starting k3s”的会启动k3s,在这需要等待一段时间,启动成功之后,会返回命令行操作。
# 执行k3s-uninstall.sh对k3s进行卸载
[root@localhost bin]# ./k3s-uninstall.sh
4、测试k3s是否安装成功
执行“k3s kubectl get pods -A” 查看k3s安装之后容器内存在的pod。
[root@localhost bin]# k3s kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system helm-install-traefik-rxqbm 0/1 ContainerCreating 0 2m35s
kube-system helm-install-traefik-crd-wtlpt 0/1 ContainerCreating 0 2m35s
kube-system local-path-provisioner-7b7dc8d6f5-vn4sh 0/1 ContainerCreating 0 2m34s
kube-system coredns-b96499967-hvc6b 0/1 ContainerCreating 0 2m34s
kube-system metrics-server-668d979685-m96v2 0/1 ContainerCreating 0 2m34s
查看pod的状态为“ContainerCreating”正在创建中,等待片刻。大概过了5分钟左右,pod的状态还是没有改变。这个时候需要查看一下pod详情及日志查看一下是否pod出现了问题。可以看我在“minikube 快速使用入门 - 命令篇 - 4”中的命令:
# 查看 pod 详情
kubectl describe pod {{PodName}}
# 查看 log
kubectl logs {{PodName}}
首先查看一下pod详情:
[root@localhost bin]# kubectl describe pod helm-install-traefik-rxqbm -n kube-system
Name: helm-install-traefik-rxqbm
Namespace: kube-system
Priority: 0
Node: localhost.localdomain/192.168.2.42
Start Time: Tue, 16 Aug 2022 19:00:17 -0700
Labels: controller-uid=80acabd9-0e86-44bc-ba9a-179ab934ff5f
helmcharts.helm.cattle.io/chart=traefik
job-name=helm-install-traefik
Annotations: helmcharts.helm.cattle.io/configHash: SHA256=4FB81B006A924ED2BC02CE1CB7DFCFE3E5970FC345CBF525F6CC773F78938C37
Status: Pending
IP:
IPs: <none>
Controlled By: Job/helm-install-traefik
Containers:
helm:
Container ID:
Image: rancher/klipper-helm:v0.7.3-build20220613
Image ID:
Port: <none>
Host Port: <none>
Args:
install
--set-string
global.systemDefaultRegistry=
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Environment:
NAME: traefik
VERSION:
REPO:
HELM_DRIVER: secret
CHART_NAMESPACE: kube-system
CHART: https://%{KUBERNETES_API}%/static/charts/traefik-10.19.300.tgz
HELM_VERSION:
TARGET_NAMESPACE: kube-system
NO_PROXY: .svc,.cluster.local,10.42.0.0/16,10.43.0.0/16
FAILURE_POLICY: reinstall
Mounts:
/chart from content (rw)
/config from values (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-5ghgq (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
values:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: chart-values-traefik
Optional: false
content:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: chart-content-traefik
Optional: false
kube-api-access-5ghgq:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: kubernetes.io/os=linux
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 6m56s default-scheduler Successfully assigned kube-system/helm-install-traefik-rxqbm to localhost.localdomain
Warning FailedCreatePodSandBox 80s (x26 over 6m49s) kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create containerd task: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open /proc/sys/net/ipv4/ip_unprivileged_port_start: no such file or directory: unknown
在详情的末尾,可以看到如下信息: Warning FailedCreatePodSandBox 80s (x26 over 6m49s) kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create containerd task: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open /proc/sys/net/ipv4/ip_unprivileged_port_start: no such file or directory: unknown。
大概意思是:/proc/sys/net/ipv4/ip_unprivileged_port_start ,这个文件或者文件夹找不到了。网上找了一下资料说是需要升级linux内核,或者是对kubernetes进行降级操作。我根据网上的提示对kubernetes进行了降级。执行降级之前首先要卸载原来的k3s。我们进入/usr/local/bin下面执行卸载脚步,如下:
# 执行k3s-uninstall.sh对k3s进行卸载
[root@localhost bin]# ./k3s-uninstall.sh
然后执行安装脚本:
curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn INSTALL_K3S_VERSION=v1.24.1+k3s1 sh -
最后显示安装成功。
5、查看pod状态
执行完脚本之后等待几分钟左右查看一下pod状态,如下:
[root@localhost bin]# k3s kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-b96499967-ggjk5 1/1 Running 0 67s
kube-system local-path-provisioner-7b7dc8d6f5-fxwgk 1/1 Running 0 67s
kube-system helm-install-traefik-crd-tql4c 0/1 Completed 0 67s
kube-system helm-install-traefik-rs5g6 0/1 Completed 1 67s
kube-system svclb-traefik-2zcq6 2/2 Running 0 40s
kube-system metrics-server-668d979685-ff78t 1/1 Running 0 67s
kube-system traefik-7cd4fcff68-r6kgf 1/1 Running 0 40s
pod的状态为Running和Completed说明安装成功。总体来说k3s安装要比k8s快很多
6、加入新的节点
主节点环境部署好了,现在开始部署从节点环境,从k3s的文档中描述,加入从节点需要执行脚本:
curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=https://myserver:6443 K3S_TOKEN=mynodetoken sh -
其中“K3S_URL=https://myserver:6443”,K3S_URL是主节点的接入地址,我的主节点ip地址为:192.168.2.42。
其中“K3S_TOKEN=mynodetoken”,K3S_TOKEN是主节点的token,存在token节点的位置为:/var/lib/rancher/k3s/server/node-token
#查看token信息
[root@localhost bin]# cat /var/lib/rancher/k3s/server/node-token
K101092b90aed05ef75579f24a19bbdbdc766209c581c3d84e421915230081f3b87::server:680ea0edcc69f898d976e6b2a4346691
根据上面的参数重写注册节点的脚本:
curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn INSTALL_K3S_VERSION=v1.24.1+k3s1 K3S_URL=https://192.168.2.42:6443 K3S_TOKEN=K101092b90aed05ef75579f24a19bbdbdc766209c581c3d84e421915230081f3b87::server:680ea0edcc69f898d976e6b2a4346691 sh -
重写完之后,执行注册节点的脚本。
root@LAPTOP-7HC3FEQ9:/usr/local/bin# curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=https://192.168.2.42:6443 K3S_TOKEN=K101092b90aed05ef75579f24a19bbdbdc766209c581c3d84e421915230081f3b87::server:680ea0edcc69f898d976e6b2a4346691 sh -
[INFO] Finding release for channel stable
[INFO] Using v1.24.3+k3s1 as release
[INFO] Downloading hash rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/v1.24.3-k3s1/sha256sum-amd64.txt
[INFO] Downloading binary rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/v1.24.3-k3s1/k3s
[INFO] Verifying binary download
[INFO] Installing k3s to /usr/local/bin/k3s
[INFO] Skipping installation of SELinux RPM
[INFO] Creating /usr/local/bin/kubectl symlink to k3s
[INFO] Creating /usr/local/bin/crictl symlink to k3s
[INFO] Creating /usr/local/bin/ctr symlink to k3s
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-agent-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s-agent.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s-agent.service
[INFO] systemd: Enabling k3s-agent unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s-agent.service → /etc/systemd/system/k3s-agent.service.
[INFO] systemd: Starting k3s-agent
root@LAPTOP-7HC3FEQ9:/usr/local/bin#
执行完成之后,在主节点查看新节点是否注册成功,执行命令k3s kubectl get node -A。
[root@localhost bin]# k3s kubectl get node -A
NAME STATUS ROLES AGE VERSION
localhost.localdomain Ready control-plane,master 5h6m v1.24.1+k3s1
laptop-7hc3feq9 Ready <none> 66s v1.24.1+k3s1
laptop-7hc3feq9是新注册的节点,说明已经注册成功。
查看一下pod信息:
[root@localhost bin]# kubectl get pods -A -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system coredns-b96499967-ggjk5 1/1 Running 0 5h13m 10.42.0.5 localhost.localdomain <none> <none>
kube-system local-path-provisioner-7b7dc8d6f5-fxwgk 1/1 Running 0 5h13m 10.42.0.2 localhost.localdomain <none> <none>
kube-system helm-install-traefik-crd-tql4c 0/1 Completed 0 5h13m 10.42.0.6 localhost.localdomain <none> <none>
kube-system helm-install-traefik-rs5g6 0/1 Completed 1 5h13m 10.42.0.4 localhost.localdomain <none> <none>
kube-system svclb-traefik-2zcq6 2/2 Running 0 5h12m 10.42.0.7 localhost.localdomain <none> <none>
kube-system metrics-server-668d979685-ff78t 1/1 Running 0 5h13m 10.42.0.3 localhost.localdomain <none> <none>
kube-system traefik-7cd4fcff68-r6kgf 1/1 Running 0 5h12m 10.42.0.8 localhost.localdomain <none> <none>
kube-system svclb-traefik-wv6jn 2/2 Running 2 7m56s 10.42.1.2 laptop-7hc3feq9 <none> <none>
laptop-7hc3feq9 已经成功安装了svclb-traefik-wv6jn 这个pod。
之后可以按照我写的关于“minikube 快速使用入门 - 部署 - 3”、“minikube 实战篇 - 镜像打包部署 - 1”等相关的文章进行部署,查看一下节点是否正常。
类似资料: