K3S 安装部署
安装k3s
- 关闭
selinux
和防火墙
关闭防火墙
systemctl stop firewalld
systemctl disable firewalld --now
禁用SELinux
setenforce 0
sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config
- 下载安装脚本
curl -O https://rancher-mirror.rancher.cn/k3s/k3s-install.sh
- 初始化集群
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_KUBECONFIG_MODE="644" sh -s - server --cluster-init --disable-network-policy --cluster-cidr "10.1.0.0/16" --flannel-backend none --disable traefik
安装网络插件
- 安装calico
curl -O https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml
在 - name: CLUSTER_TYPE 下方添加如下内容
vim calico.yaml
...
- name: CLUSTER_TYPE
value: "k8s,bgp"
# 下方为新增内容
- name: IP_AUTODETECTION_METHOD
value: "interface=网卡名称"
...
修改POD网络,将value值修改为初始化集群时指定的pod-network-cidr
。如果是默认的192.168.0.0/16,可以忽略本步骤。
vim calico.yaml
...
- name: CALICO_IPV4POOL_CIDR
value: "10.1.0.0/16"
...
修改cni_network_config部分,增加
"container_settings": {
"allow_ip_forwarding": true
},
例如:
# The CNI network configuration to install on each node. The special
# values in this config will be automatically populated.
cni_network_config: |-
{
"name": "k8s-pod-network",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "calico",
"log_level": "info",
"log_file_path": "/var/log/calico/cni/cni.log",
"datastore_type": "kubernetes",
"nodename": "__KUBERNETES_NODE_NAME__",
"mtu": __CNI_MTU__,
"container_settings": {
"allow_ip_forwarding": true
},
"ipam": {
"type": "calico-ipam"
},
应用yaml文件到k3s
kubectl apply -f calico.yaml
- 检查
[root@node56 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
node56 Ready control-plane,etcd,master 27s v1.25.7+k3s1
获取token
[root@node56 ~]# cat /var/lib/rancher/k3s/server/token
K10f9b0bb4f998653cfa41e6b4a2e440edaa6ca28140d8e6e08e83477e625d01e43::server:b23b35f68de4c3204eeb42ce99150044
加入其他节点
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_TOKEN=K10f9b0bb4f998653cfa41e6b4a2e440edaa6ca28140d8e6e08e83477e625d01e43::server:b23b35f68de4c3204eeb42ce99150044 K3S_URL=https://192.168.113.56:6443 sh -s - server
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_KUBECONFIG_MODE="644" K3S_TOKEN=K10d25a6ed90a0b0b561c23b8d2af9d7a838e6613d9b5cc0970685497c067acedd2::server:b60c9a7831b4ec01f2363129de01bc49 K3S_URL=https://192.168.113.57:6443 sh -s - server --disable-network-policy --cluster-cidr "10.1.0.0/16" --flannel-backend none --disable traefik
问题
https://docs.rancher.cn/docs/k3s/faq/_index/
- K3s 的日志在哪里?
安装脚本会自动检测你的操作系统是 systemd 或 openrc 并启动服务。
当使用 openrc 运行时,日志将在/var/log/k3s.log
中创建。
当使用 systemd 运行时,日志将在/var/log/syslog
中创建,并使用journalctl -u k3s
查看。
- 加入节点的时候提示:
k3s ETCD join failed: duplicate node name found
进入etcd容器:
kubectl run --rm --tty --stdin --image docker.io/bitnami/etcd:latest etcdctl --overrides='{"apiVersion":"v1","kind":"Pod","spec":{"hostNetwork":true,"restartPolicy":"Never","securityContext":{"runAsUser":0,"runAsGroup":0},"containers":[{"command":["/bin/bash"],"image":"docker.io/bitnami/etcd:latest","name":"etcdctl","stdin":true,"stdinOnce":true,"tty":true,"volumeMounts":[{"mountPath":"/var/lib/rancher","name":"var-lib-rancher"}]}],"volumes":[{"name":"var-lib-rancher","hostPath":{"path":"/var/lib/rancher","type":"Directory"}}]}}'
查看现有节点信息:
root@node58:/opt/bitnami/etcd# etcdctl --key /var/lib/rancher/k3s/server/tls/etcd/client.key --cert /var/lib/rancher/k3s/server/tls/etcd/client.crt --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt member list
3b3fe8e01dca540, started, node56-d441b94f, https://192.168.113.56:2380, https://192.168.113.56:2379, false
50edb7c50cbb6172, started, node57-a657eb67, https://192.168.113.57:2380, https://192.168.113.57:2379, false
983c91629667171c, started, node58-f1e80b15, https://192.168.113.58:2380, https://192.168.113.58:2379, false
删除节点:
etcdctl --key /var/lib/rancher/k3s/server/tls/etcd/client.key --cert /var/lib/rancher/k3s/server/tls/etcd/client.crt --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt member remove 50edb7c50cbb6172
- K3s worker 节点的角色默认为
none
,如何修改?
可以通过kubectl label node ${node} node-role.kubernetes.io/worker=worker
为节点增加 worker 角色。