K3S 是轻量级的 Kubernetes。易于安装,仅需要 Kubernetes 内存的一半,所有组件都在一个小于 100 MB 的二进制文件中。
# 配置yum源
yum install -y yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 关闭防火墙
sudo systemctl stop firewalld
sudo systemctl disable firewalld
# 关闭SeLinux
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# 设置主机名
hostnamectl set-hostname xxx
# 修改hosts文件
cat >> /etc/hosts << EOF
192.168.*.* node1
EOF
# 修改resolv.conf,解决域名解析失败的问题
cat >> /etc/resolv.conf << EOF
nameserver 8.8.8.8
nameserver 114.114.114.114
EOF
# 同步时间
yum install ntpdate -y
ntpdate time.windows.com
下载资源包,官方地址:https://github.com/k3s-io/k3s/releases。
wget https://github.com/rancher/k3s/releases/download/v0.10.2/k3s-airgap-images-amd64.tar
wget https://github.com/rancher/k3s/releases/download/v0.10.2/k3s
wget https://github.com/rancher/k3s/blob/master/install.sh
chmod 755 k3s
chmod 755 insatll.sh
chmod 755 k3s-airgap-images-amd64.tar
cp k3s /usr/local/bin/k3s
docker load -i k3s-airgap-images-amd64.tar
./install.sh
wget https://github.com/rancher/k3s/releases/download/v0.10.2/k3s
wget https://github.com/rancher/k3s/blob/master/install.sh
chmod 755 k3s
chmod 755 insatll.sh
cp k3s /usr/local/bin/k3s
K3S_TOKEN是server端的,位于/var/lib/rancher/k3s/server/node-token下 ,token是动态的。
## 获取token
[root@k3s-master ~]# cat /var/lib/rancher/k3s/server/node-token
K10107382aac1d56c3f5754f7daafa1d8c7769ae8c48941771c7b5c551e4b2093ac::node:97e3e5fa24588e6673577cdae1eaff8d
## 设置token
[root@k3s-node1 ~]# export K3S_TOKEN=K10107382aac1d56c3f5754f7daafa1d8c7769ae8c48941771c7b5c551e4b2093ac::node:97e3e5fa24588e6673577cdae1eaff8d
## 设置server
[root@k3s-node1 ~]# export K3S_URL=https://192.168.*.*:6443
## 添加工作节点
[root@k3s-node1 ~]# ./install.sh
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -
部署完,执行命令:
kubectl get nodes
检查是否正常安装:
k3s check-config
如需调整启动参数:
vim /etc/default/grub
# 原始值
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet"
# 修改后
GRUB_CMDLINE_LINUX="user_namespace.enable=1 crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet"
cat /var/lib/rancher/k3s/server/node-token
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=https://myserver:6443 K3S_TOKEN=mynodetoken sh -
在任意地方执行:
k3s-killall.sh
k3s-uninstall
执行kubectl等相关命令时,出现以下问题:
Unable to connect to the server: x509: certificate has expired or is not yet valid
依次执行以下命令(可先执行2、3、5步,未解决再顺序执行)
(1)(1) 修改操作系统时间为证书过期前时间,此时可通过kubectl访问K3S集群。
data -s xxx
(2)删除k3s中的密钥k3s-serving,k3s重启后会自动重建
kubectl --insecure-skip-tls-verify -n kube-system delete secrets k3s-serving
(3)删除操作系统上的k3s动态证书,k3s重启后会自动重建
rm -f /var/lib/rancher/k3s/server/tls/dynamic-cert.json
(4)将操作系统时间修改为当前时间
data -s xxx
(5)重启k3s服务,动态证书在此基础上续签了1年,此时k3s可正常访问
sudo systemctl restart k3s
for i in `ls /var/lib/rancher/k3s/server/tls/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done