https://docs.k3s.io/zh/quick-start
curl -sfL https://get.k3s.io | sh -
# 或
curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -
INSTALL_K3S_VERSION:安装指定版本
curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_VERSION=v1.26.9+k3s1 sh -
echo 'source <(kubectl completion bash)' >> ~/.bashrc
断开连接,再次连接,即可生效
如果报错:
-bash: _get_comp_words_by_ref: command not found
安装
bash-completion
:yum -y install bash-completion source /usr/share/bash-completion/bash_completion
部署一个 nginx 进行测试
#部署nginx
kubectl create deployment nginx --image=nginx:1.18-alpine
#暴露端口
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc
防火墙放行对应端口即可
systemctl status firewalld
firewall-cmd --list-ports
firewall-cmd --zone=public --add-port={NodePort}/tcp --permanent
firewall-cmd --reload
参考:https://blog.csdn.net/easylife206/article/details/111243763
service发布为NortPort,同时修改externalTrafficPolicy
为Local
kubectl patch svc myservice -p '{"spec":{"externalTrafficPolicy":"Local"}}'
在k3s中,设置traefik的externalTrafficPolicy
为Local
,此时service就可以不做处理了,也可以不用发布为NortPort(域名访问时)
kubectl -n kube-system patch svc traefik -p '{"spec":{"externalTrafficPolicy":"Local"}}'
参考:https://blog.csdn.net/j610152753/article/details/127581375
直接使用kubectl安装
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.1/cert-manager.yaml
运行如下命令可看到创建了3个pod,并STATUS为:Running
kubectl get pods --namespace cert-manager
创建clusterIssuer.yml
并部署
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: 【此处修改为邮箱】
privateKeySecretRef:
name: letsencrypt-prod
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
class: traefik
kubectl apply -f clusterIssuer.yml
Deployment、Service正常创建即可,Ingress新增两处配置:metadata.annotations
、spec.tls
,例如:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: traefik
labels:
k8s.kuboard.cn/layer: web
k8s.kuboard.cn/name: hexo-blog
name: hexo-blog
namespace: default
resourceVersion: '232211'
spec:
ingressClassName: traefik
rules:
- host: blog.extra.kangaroohy.com
http:
paths:
- backend:
service:
name: hexo-blog
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- blog.extra.kangaroohy.com
secretName: hexo-blog-tls
中间件的介绍和使用:https://blog.csdn.net/j610152753/article/details/127251204
vi redirect-https.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: redirect-https
spec:
redirectScheme:
scheme: https
permanent: true
添加注解traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
default是Middleware所在的命名空间
redirect-https为Middleware的name