首页
K3S 安装部署

安装k3s

  1. 关闭selinux 和防火墙

关闭防火墙

systemctl stop firewalld 
systemctl disable firewalld --now

禁用SELinux

setenforce 0
sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config
  1. 下载安装脚本
curl -O https://rancher-mirror.rancher.cn/k3s/k3s-install.sh
  1. 初始化集群
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_KUBECONFIG_MODE="644" sh -s - server --cluster-init --disable-network-policy --cluster-cidr "10.1.0.0/16" --flannel-backend none --disable traefik

安装网络插件

  1. 安装calico
curl -O https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml

在 - name: CLUSTER_TYPE 下方添加如下内容

vim calico.yaml
...
            - name: CLUSTER_TYPE
              value: "k8s,bgp"
              # 下方为新增内容
            - name: IP_AUTODETECTION_METHOD
              value: "interface=网卡名称"
...              

修改POD网络,将value值修改为初始化集群时指定的pod-network-cidr。如果是默认的192.168.0.0/16,可以忽略本步骤。

vim calico.yaml
...
            - name: CALICO_IPV4POOL_CIDR
              value: "10.1.0.0/16"
...

修改cni_network_config部分,增加

		  "container_settings": {
          	"allow_ip_forwarding": true
          },

例如:

  # The CNI network configuration to install on each node. The special
  # values in this config will be automatically populated.
  cni_network_config: |-
    {
      "name": "k8s-pod-network",
      "cniVersion": "0.3.1",
      "plugins": [
        {
          "type": "calico",
          "log_level": "info",
          "log_file_path": "/var/log/calico/cni/cni.log",
          "datastore_type": "kubernetes",
          "nodename": "__KUBERNETES_NODE_NAME__",
          "mtu": __CNI_MTU__,
          
          "container_settings": {
          	"allow_ip_forwarding": true
          },
          
          "ipam": {
              "type": "calico-ipam"
          },

应用yaml文件到k3s

kubectl apply -f calico.yaml
  1. 检查
[root@node56 ~]# kubectl get nodes
NAME     STATUS   ROLES                       AGE   VERSION
node56   Ready    control-plane,etcd,master   27s   v1.25.7+k3s1

获取token

[root@node56 ~]# cat /var/lib/rancher/k3s/server/token
K10f9b0bb4f998653cfa41e6b4a2e440edaa6ca28140d8e6e08e83477e625d01e43::server:b23b35f68de4c3204eeb42ce99150044

加入其他节点

curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_TOKEN=K10f9b0bb4f998653cfa41e6b4a2e440edaa6ca28140d8e6e08e83477e625d01e43::server:b23b35f68de4c3204eeb42ce99150044 K3S_URL=https://192.168.113.56:6443 sh -s - server

curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_KUBECONFIG_MODE="644" K3S_TOKEN=K10d25a6ed90a0b0b561c23b8d2af9d7a838e6613d9b5cc0970685497c067acedd2::server:b60c9a7831b4ec01f2363129de01bc49 K3S_URL=https://192.168.113.57:6443 sh -s - server --disable-network-policy --cluster-cidr "10.1.0.0/16" --flannel-backend none --disable traefik

问题

https://docs.rancher.cn/docs/k3s/faq/_index/

  1. K3s 的日志在哪里?

安装脚本会自动检测你的操作系统是 systemd 或 openrc 并启动服务。

当使用 openrc 运行时,日志将在/var/log/k3s.log中创建。

当使用 systemd 运行时,日志将在/var/log/syslog中创建,并使用journalctl -u k3s查看。

  1. 加入节点的时候提示:k3s ETCD join failed: duplicate node name found

进入etcd容器:

kubectl run --rm --tty --stdin --image docker.io/bitnami/etcd:latest etcdctl --overrides='{"apiVersion":"v1","kind":"Pod","spec":{"hostNetwork":true,"restartPolicy":"Never","securityContext":{"runAsUser":0,"runAsGroup":0},"containers":[{"command":["/bin/bash"],"image":"docker.io/bitnami/etcd:latest","name":"etcdctl","stdin":true,"stdinOnce":true,"tty":true,"volumeMounts":[{"mountPath":"/var/lib/rancher","name":"var-lib-rancher"}]}],"volumes":[{"name":"var-lib-rancher","hostPath":{"path":"/var/lib/rancher","type":"Directory"}}]}}'

查看现有节点信息:

root@node58:/opt/bitnami/etcd# etcdctl --key /var/lib/rancher/k3s/server/tls/etcd/client.key --cert /var/lib/rancher/k3s/server/tls/etcd/client.crt --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt member list
3b3fe8e01dca540, started, node56-d441b94f, https://192.168.113.56:2380, https://192.168.113.56:2379, false
50edb7c50cbb6172, started, node57-a657eb67, https://192.168.113.57:2380, https://192.168.113.57:2379, false
983c91629667171c, started, node58-f1e80b15, https://192.168.113.58:2380, https://192.168.113.58:2379, false

删除节点:

etcdctl --key /var/lib/rancher/k3s/server/tls/etcd/client.key --cert /var/lib/rancher/k3s/server/tls/etcd/client.crt --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt member remove 50edb7c50cbb6172
  1. K3s worker 节点的角色默认为none,如何修改?

可以通过kubectl label node ${node} node-role.kubernetes.io/worker=worker为节点增加 worker 角色。