k3s
宗政财
修改主机名称
### 三台主机分别修改主机名
hostnamectl set-hostname master01
hostnamectl set-hostname work01
hostnamectl set-hostname work02
修改host
cat >> /etc/hosts<<EOF
192.168.131.64 master01
192.168.131.65 work01
192.168.131.68 work02
EOF
修改k3s命令
vi ~/.bashrc
alias kubectl='k3s kubectl'
alias docker='k3s crictl'
source ~/.bashrc
端口放行(关闭防火墙)
#firewall-cmd --add-port=6443/tcp --zone=public --permanent
#firewall-cmd --add-port=8472/udp --zone=public --permanent
#firewall-cmd --reload
### work节点访问不了,开放443依旧解决不了
systemctl disable firewalld
通过官方在线安装脚本(master)
curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -
### 查看k3s_token
cat /var/lib/rancher/k3s/server/node-token
加速docker
cd /var/lib/rancher/k3s/agent/etc/containerd
cp config.toml config.toml.tmpl
# 在 config.toml.tmpl 文件中添加
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors."docker.io"]
endpoint = ["https://docker.mirrors.ustc.edu.cn"]
worker节点 加入集群
curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh |INSTALL_K3S_MIRROR=cn K3S_URL=https://master01:6443 K3S_TOKEN=xxxxx::node:xxxx sh -
K3s worker 节点的角色默认为none,如果修改?
kubectl label node work01 node-role.kubernetes.io/worker=worker
kubectl label node work02 node-role.kubernetes.io/worker=worker
安装dashboard
##下载yaml(需翻墙)
curl https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recommended.yaml
## 运行安装dashboard
kubectl apply -f recommended.yaml
仪表盘 RBAC 配置
创建的 admin-user 将在仪表板中拥有管理权限
vi dashboard.admin-user.yml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
vi dashboard.admin-user-role.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
部署admin-user 配置
kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml
获得 Bearer Token(登录时所需token)
kubectl -n kubernetes-dashboard describe secret admin-user-token | grep ^token
查看服务
kubectl -n kubernetes-dashboard get svc
使用nodeport方式将dashboard服务暴露在集群外,指定使用30443端口
kubectl patch svc kubernetes-dashboard -n kubernetes-dashboard \
-p '{"spec":{"type":"NodePort","ports":[{"port":443,"targetPort":8443,"nodePort":30443}]}}'
访问dashboard, https://<any_node_ip>:30443
类似资料: