前言
原生的k8s 组件太重了,如果放置在一些需要服务但是流量又少的地区,那k8s组件占用资源比业务都要多;
朋友给推荐了k3s,正好研究学习一下;
架构
单节点
此配置为最简单的基础配置, 只需要安装server(内置了agent)即可部署一个开箱即用的k8s环境, 也是最省成本的一种方式.
单Server节点和多agent
此种模式实际上是第一种的衍生的方式, 只是新加了 agent(work)。
多server和外部数据库结构
此种工作模式将 数据抽离出来,从而达到server无状态并且高可用的一种情况。
使用内置的etcd数据库
此种工作模式不需要配置额外的数据库, 操作也比较简单,但是因为使用了etcd,所以节点必须要>3,且奇数。
控制器
Manifest Controller
类似于k8s的静态pod, 默认在 server的/var/lib/rancher/k3s/server/manifests 配置目录。
默认启用的:
- Coredns
- Metrics server
- Local storage provisoner
- Traefik Ingress controller
1
2
3
4
5
6
7
8
9
10
11
12
13
| ├── ccm.yaml
├── coredns.yaml
├── local-storage.yaml
├── metrics-server
│ ├── aggregated-metrics-reader.yaml
│ ├── auth-delegator.yaml
│ ├── auth-reader.yaml
│ ├── metrics-apiservice.yaml
│ ├── metrics-server-deployment.yaml
│ ├── metrics-server-service.yaml
│ └── resource-reader.yaml
├── rolebindings.yaml
└── traefik.yaml
|
默认组件
1
| kubectl -n kube-system get helmcharts.helm.cattle.io
|
Helm Controller
可以直接使用helm, 不需要安装helm。
Service Load Balancer
实际上用到了 Traefik, 做了ingress。
安装
下载github二进制文件, 这里.
安装server
简单部署
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
wget https://github.com/k3s-io/k3s/releases/download/v1.22.15%2Bk3s1/k3s
chmod +x k3s
./k3s kubectl get all -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/local-path-provisioner-84bb864455-5lvtb 1/1 Running 0 3m5s
kube-system pod/coredns-7796b77cd4-7m8r2 1/1 Running 0 3m5s
kube-system pod/helm-install-traefik-crd-dl9nq 0/1 Completed 0 3m5s
kube-system pod/metrics-server-ff9dbcb6c-vjk4w 1/1 Running 0 3m5s
kube-system pod/helm-install-traefik-k7clb 0/1 Completed 2 3m5s
kube-system pod/svclb-traefik-wq752 2/2 Running 0 2m7s
kube-system pod/traefik-d497b4cb6-wdpkd 1/1 Running 0 2m7s
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 3m19s
kube-system service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 3m17s
kube-system service/metrics-server ClusterIP 10.43.16.176 <none> 443/TCP 3m16s
kube-system service/traefik LoadBalancer 10.43.221.244 172.20.67.209 80:31377/TCP,443:30924/TCP 2m7s
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
kube-system daemonset.apps/svclb-traefik 1 1 1 1 1 <none> 2m7s
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kube-system deployment.apps/local-path-provisioner 1/1 1 1 3m17s
kube-system deployment.apps/coredns 1/1 1 1 3m17s
kube-system deployment.apps/metrics-server 1/1 1 1 3m16s
kube-system deployment.apps/traefik 1/1 1 1 2m7s
NAMESPACE NAME DESIRED CURRENT READY AGE
kube-system replicaset.apps/local-path-provisioner-84bb864455 1 1 1 3m5s
kube-system replicaset.apps/coredns-7796b77cd4 1 1 1 3m5s
kube-system replicaset.apps/metrics-server-ff9dbcb6c 1 1 1 3m5s
kube-system replicaset.apps/traefik-d497b4cb6 1 1 1 2m7s
NAMESPACE NAME COMPLETIONS DURATION AGE
kube-system job.batch/helm-install-traefik-crd 1/1 44s 3m14s
kube-system job.batch/helm-install-traefik 1/1 61s 3m14s
|
手动下载二进制安装
1
2
3
4
5
6
7
8
9
10
11
|
wget https://github.com/k3s-io/k3s/releases/download/v1.22.15%2Bk3s1/k3s
chmod +x k3s
mv k3s /usr/local/bin/
curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_DOWNLOAD="true" sh -
kubectl get node
NAME STATUS ROLES AGE VERSION
k3s-test-001 Ready control-plane,master 20m v1.22.15+k3s1
|
自动下载特定版本安装
1
| curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="v1.22.15+k3s1" sh -
|
自定义token安装
1
| curl -sfL https://get.k3s.io | K3S_TOKEN=12345 sh -
|
配置
k3s 默认配置文件 位于 /etc/rancher/k3s/config.yaml 此配置文件将在安装时使用
server
基于 server 的配置文件示例
1
2
3
4
5
6
| write-kubeconfig-mode: "0644"
tls-san:
- "foo.local"
node-label:
- "foo=bar"
- "something=amazing"
|
同样,基于CLI也可以配置参数
1
2
3
4
5
| k3s server \
--write-kubeconfig-mode "0644" \
--tls-san "foo.local" \
--node-label "foo=bar" \
--node-label "something=amazing"
|
直接修改 systemd 文件也更方便点。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
[Unit]
Description=Lightweight Kubernetes
Documentation=https://k3s.io
Wants=network-online.target
After=network-online.target
[Install]
WantedBy=multi-user.target
[Service]
Type=notify
EnvironmentFile=-/etc/default/%N
EnvironmentFile=-/etc/sysconfig/%N
EnvironmentFile=-/etc/systemd/system/k3s.service.env
KillMode=process
Delegate=yes
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
Restart=always
RestartSec=5s
ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service'
ExecStartPre=-/sbin/modprobe br_netfilter
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/k3s \
server \
|
安装的时候直接配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| cat /etc/rancher/k3s/config.yaml
write-kubeconfig-mode: "0644"
tls-san:
- "aaa.xmomo.top"
node-label:
- "env=aaa"
- "use=inner"
- "env-aaaa=1"
token: "dawdjioasjdiojwaoih"
# 不部署 metrics-server
ls /var/lib/rancher/k3s/server/manifests/metrics-server.skip
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="v1.22.15+k3s1" sh -
|
配置SAN
对外暴露接口的时候,需要配置SAN.
注意了, 在已经安装完成的集群中更新证书SAN, 会出现缓存未刷新的情况。 需要在本机环境中执行;
1
2
| export MY_LB_IP=<IP>
curl -vk --resolve $MY_LB_IP:6443:127.0.0.1 https://$MY_LB_IP:6443/ping
|
具体参考,结尾 2,3 参考链接;
卸载
server
1
| /usr/local/bin/k3s-uninstall.sh
|
node
1
| /usr/local/bin/k3s-agent-uninstall.sh
|
参考
- introduction-to-k3s
- Using the –tls-san option to update the cluster does not take effect
- Renew API cert with added –tls-san
