离线搭建部署高可用 k3s 集群
k3s 是一个轻量级 Kubernetes,它易于安装,二进制文件包小于 40 mb,只需要 512MB RAM 即可运行。
k3s 旨在成为完全兼容的 Kubernetes 发行版,相比 k8s 主要更改如下:
- 旧的、Alpha 版本的、非默认功能都已经删除。
- 删除了大多数内部云提供商和存储插件,可以用插件替换。
- 新增 SQLite3 作为默认存储机制,etcd3 仍然有效,但是不再是默认项。
- 封装在简单的启动器中,可以处理大量 LTS 复杂性和选项。
- 最小化到没有操作系统依赖,只需要一个内核和 cgroup 挂载。
下载 k3s
下载地址
Git 下载地址:
https://github.com/k3s-io/k3s/releases/
下载镜像
查看操作系统发行编号:
$ uname -r
4.9.0-13-amd64下载对应发行编号的镜像版本:
$ wget https://github.com/k3s-io/k3s/releases/download/v1.21.4%2Bk3s1/k3s-airgap-images-amd64.tar导入镜像
$ docker load < k3s-airgap-images-amd64.tar查看导入的镜像
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rancher/klipper-helm v0.6.4-build20210813 f0b5a8f3a50a 4 weeks ago 194MB
rancher/library-traefik 2.4.8 deaf4b1027ed 5 months ago 91.3MB
rancher/library-busybox 1.32.1 388056c9a683 5 months ago 1.23MB
rancher/coredns-coredns 1.8.3 3885a5b7f138 6 months ago 43.5MB
rancher/local-path-provisioner v0.0.19 148c19256271 9 months ago 42.4MB
rancher/klipper-lb v0.2.0 465db341a9e5 10 months ago 6.1MB
rancher/metrics-server v0.3.6 9dd718864ce6 23 months ago 39.9MB
rancher/pause 3.1 da86e6ba6ca1 3 years ago 742kB可执行文件
下载可执行文件:
$ wget https://github.com/k3s-io/k3s/releases/download/v1.21.4%2Bk3s1/k3s下载安装文件:
$ wget https://raw.githubusercontent.com/k3s-io/k3s/master/install.sh移动:
chmod +x install.sh //赋予文件可执行权限
chmod +x k3s //赋予文件可执行权限
mv k3s /usr/local/bin //将k3s二进制文件移动到k3s安装目录部署 k3s Server
部署 install
修改 install.sh ,增加如下两个配置:
export INSTALL_K3S_SKIP_DOWNLOAD=true //设置跳过下载k3s二进制文件
export INSTALL_K3S_BIN_DIR=/usr/local/bin //设置k3s安装目录使用 root 直接执行 install.sh。
# ./install.sh
[INFO] Skipping k3s download and verify
[INFO] Skipping installation of SELinux RPM
[INFO] Creating /usr/local/bin/kubectl symlink to k3s
[INFO] Creating /usr/local/bin/crictl symlink to k3s
[INFO] Skipping /usr/local/bin/ctr symlink to k3s, command exists in PATH at /usr/bin/ctr
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s.service
[INFO] systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO] systemd: Starting k3s
Job for k3s.service failed because the control process exited with error code.
See "systemctl status k3s.service" and "journalctl -xe" for details.修改配置
修改配置文件 k3s.service,增加 --docker --no-deploy traefik
vi /etc/systemd/system/k3s.service
ExecStart=/usr/local/bin/k3s server --docker --no-deploy traefik如下图所示:
刷新服务配置文件:
systemctl daemon-reload重新启动 k3s:
systemctl restart k3s确认服务端
查看节点配置进行确认:
kubectl get node
NAME STATUS ROLES AGE VERSION
dm93.bjth.xxx.org Ready control-plane,master 71m v1.21.4-engine0+k3s1添加 k3s Agent
准备工作
导入镜像 k3s-airgap-images-amd64.tar
下载可执行文件:install.sh、k3s,并赋可执行权限
chmod +x将 k3s 移动至
/usr/local/bin下修改 install.sh ,增加如下两个配置:
export INSTALL_K3S_SKIP_DOWNLOAD=true export INSTALL_K3S_BIN_DIR=/usr/local/bin
查看 token
K3S_TOKEN 是 server 端的,位于 /var/lib/rancher/k3s/server/node-token 下
# cat /var/lib/rancher/k3s/server/node-token
K1030a11e463e308a0926965dd7d851a8b0db33b0cfe00b48bec4edac3ab4d4af07::server:9ac27053cc40b4ca82e88e0e6a3b0776在 node 节点执行命令,格式为
K3S_URL=k3surl K3S_TOKEN={k3s_token} ./install.sh如执行如下命令:
K3S_TOKEN="K1030a11e463e308a0926965dd7d851a8b0db33b0cfe00b48bec4edac3ab4d4af07::server:9ac27053cc40b4ca82e88e0e6a3b0776" K3S_URL=https://serverIP:6443 ./install.sh【注】K3S_TOKEN 的值必须加双引号,否则会失败!
配置文件
启动失败,编辑配置文件 /etc/systemd/system/k3s-agent.service
修改最后一行,添加从 docker 拉取镜像,内容如下:
ExecStart=/usr/local/bin/k3s \
agent --docker如下图所示:
使配置生效,并重启 k3s:
systemctl daemon-reload
systemctl restart k3s部分可能需要
systemctl status k3s-agent确认客户端
再次查看节点配置进行确认:
kubectl get node
NAME STATUS ROLES AGE VERSION
dm93.bjth.xxx.org Ready control-plane,master 71m v1.21.4-engine0+k3s1
dm95.bjth.xxx.org Ready <none> 13m v1.21.4-engine0+k3s1权限问题
搭建完成后,root 执行没问题,但普通用户会显示如下权限问题:
$ kubectl get node
WARN[2021-09-16T09:29:50.657258755+08:00] Unable to read /etc/rancher/k3s/k3s.yaml, please start server with --write-kubeconfig-mode to modify kube config permissions
error: error loading config file "/etc/rancher/k3s/k3s.yaml": open /etc/rancher/k3s/k3s.yaml: permission denied提示权限不够,给 /etc/rancher/k3s/k3s.yaml 添加可读权限:
$ sudo chmod a+r /etc/rancher/k3s/k3s.yaml然后再次有普通用户检查集群状态:
kubectl get node
NAME STATUS ROLES AGE VERSION
dm93.bjth.xxx.org Ready control-plane,master 71m v1.21.4-engine0+k3s1
dm95.bjth.xxx.org Ready <none> 13m v1.21.4-engine0+k3s1证书过期
登录服务器执行相关命令出现以下错误:
$ kg pod
error: You must be logged in to the server (Unauthorized)对于 K3S 来说解决证书的问题其实很简单。可以通过重启 K3S 服务的来解决问题:
sudo systemctl restart k3s安装 kubens
kubens 是 命名空间切换工具。
解决需求:k3s 每次查看指定命名空间的资源都需要加 -n 命名空间 来指定命名空间,我们可以通过开源项目 kubens 来切换当前命名空间,切换命名空间后,就无需每次都使用 -n 命令来指定命名空间了。
下载 kubens
下载地址:https://github.com/ahmetb/kubectx/releases
安装 kubens
将下载的 kubens 移动到 /usr/local/bin 目录下即可。
问题处理
使用普通用户时,出现:
$ kubens my-app
error: open /etc/rancher/k3s/k3s.yaml.lock: permission denied需要将 /etc/rancher/k3s 文件夹赋权限给相应的用户:
chown -R ant /etc/rancher/k3s/"Failed to run kubelet" err="failed to run Kubelet: misconfiguration: kubelet cgroup driver: \"cgroupfs\"
Nov 26 10:54:59 dm252.bjzjy.163.org systemd[1]: k3s.service: Main process exited, code=exited, status=1/FAILURE
Nov 26 10:54:59 dm252.bjzjy.163.org systemd[1]: Failed to start Lightweight Kubernetes.
-- Subject: Unit k3s.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit k3s.service has failed.
--
-- The result is failed.
相关文章