当前位置: 首页 > 工具软件 > k3s > 使用案例 >

k3s

宗政财
2023-12-01

修改主机名称

### 三台主机分别修改主机名
hostnamectl set-hostname master01
hostnamectl set-hostname work01
hostnamectl set-hostname work02

修改host

cat >> /etc/hosts<<EOF
192.168.131.64 master01
192.168.131.65 work01
192.168.131.68 work02
EOF

修改k3s命令

vi ~/.bashrc
alias kubectl='k3s kubectl'
alias docker='k3s crictl'
source ~/.bashrc

端口放行(关闭防火墙)

#firewall-cmd --add-port=6443/tcp --zone=public --permanent
#firewall-cmd --add-port=8472/udp --zone=public --permanent
#firewall-cmd --reload
### work节点访问不了,开放443依旧解决不了
systemctl disable firewalld

通过官方在线安装脚本(master)

curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -

### 查看k3s_token
cat /var/lib/rancher/k3s/server/node-token

加速docker

cd /var/lib/rancher/k3s/agent/etc/containerd
cp config.toml config.toml.tmpl

# 在 config.toml.tmpl 文件中添加
[plugins.cri.registry.mirrors]
  [plugins.cri.registry.mirrors."docker.io"]
    endpoint = ["https://docker.mirrors.ustc.edu.cn"]

worker节点 加入集群

curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh |INSTALL_K3S_MIRROR=cn K3S_URL=https://master01:6443 K3S_TOKEN=xxxxx::node:xxxx sh -

K3s worker 节点的角色默认为none,如果修改?

kubectl label node work01 node-role.kubernetes.io/worker=worker
kubectl label node work02 node-role.kubernetes.io/worker=worker

安装dashboard

##下载yaml(需翻墙)
curl https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recommended.yaml

## 运行安装dashboard
kubectl apply -f recommended.yaml

仪表盘 RBAC 配置

创建的 admin-user 将在仪表板中拥有管理权限
vi dashboard.admin-user.yml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
vi dashboard.admin-user-role.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: admin-user
    namespace: kubernetes-dashboard
部署admin-user 配置
kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml
获得 Bearer Token(登录时所需token)
kubectl -n kubernetes-dashboard describe secret admin-user-token | grep ^token
查看服务
 kubectl -n kubernetes-dashboard get svc 
使用nodeport方式将dashboard服务暴露在集群外,指定使用30443端口
kubectl  patch svc kubernetes-dashboard -n kubernetes-dashboard \
-p '{"spec":{"type":"NodePort","ports":[{"port":443,"targetPort":8443,"nodePort":30443}]}}'
访问dashboard, https://<any_node_ip>:30443
 类似资料:

相关阅读

相关文章

相关问答