大小仅有40MB的k3s为想要节省开销进行开发和测试的企业提供了一个很好的选择。本文将用一种极为简洁的方式,教你在5分钟之内使用k3s部署轻量Kubernetes集群。
Kubernetes已经改变了如何大规模部署和管理容器化工作负载。现在开发人员面临的挑战主要在于设置过程的复杂性和资源需求量巨大。如果你深受内存不足的困扰,想要部署轻量级Kubernetes集群来减少内存占用,那么你一定要考虑由Rancher Labs发布的轻量级Kubernetes发行版——k3s。它把安装Kubernetes所需的一切文件都打包进一个40MB大小的二进制文件中,仅需512MB的RAM即可运行。非常适用于资源有限的环境,如边缘计算场景、IoT等。
在实际场景中,为了获得开发和测试的动力,节省开销,用户希望能够以最少的资源利用率和较低的硬件规格来部署Kubernetes。而k3s正好满足了这一需求,它能够在任何512MB RAM以上的设备上运行集群,如IoT设备或ARM驱动的设备。
既然k3s仅需少量资源即可运行,那么这意味着一些Kubernetes的特性被移除了:
-
旧的、非默认的、alpha功能
-
大部分in-tree插件(云提供商和存储插件),将其用附加组件进行替换
-
用sqlite来代替etcd作为默认存储机制
5分钟之内使用k3s部署轻量K8s集群
在本文中,我将使用运行在Debian 10上的3个server,每个server有1GB的RAM和1vcpu。其中一个server作为master,其他两个作为worker节点。
$ openstack server list
+--------------------------------------+-------------------+---------+-----------------------------------+-----------+-----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------------+---------+-----------------------------------+-----------+-----------+
| 4df6a6dc-26e8-4ae0-8b6e-2f97daec0ef3 | k3s-master | ACTIVE | private=10.10.1.159 | Debian-10 | m1.tiny |
| 5ca13239-b745-4f62-ab11-0a27949c9b35 | k3s-node02 | ACTIVE | private=10.10.1.142 | Debian-10 | m1.tiny |
| a54997f2-4d94-4718-86ab-73609b328761 | k3s-node01 | ACTIVE | private=10.10.1.126 | Debian-10 | m1.tiny |
+--------------------------------------+-------------------+---------+-----------------------------------+-----------+-----------+
我将在每个服务器的/ etc / hosts文件中为服务器添加A record。
sudo tee -a /etc/hosts<<EOF
10.10.1.159 k3s-master
10.10.1.126 k3s-node01
10.10.1.142 k3s-node02
EOF
在Master节点上安装k3s
运行k3s的方式有很多,最快的方式是通过提供的bash脚本进行安装,同时该脚本提供了一个便捷的方式来安装到systemd或openrc。
curl -sfL https://get.k3s.io | sh -
安装输出:
[INFO] Finding latest release
[INFO] Using v0.8.1 as release
[INFO] Downloading hash https://github.com/rancher/k3s/releases/download/v0.8.1/sha256sum-amd64.txt
[INFO] Downloading binary https://github.com/rancher/k3s/releases/download/v0.8.1/k3s
[INFO] Verifying binary download
[INFO] Installing k3s to /usr/local/bin/k3s
[INFO] Creating /usr/local/bin/kubectl symlink to k3s
[INFO] Creating /usr/local/bin/crictl symlink to k3s
[INFO] Creating /usr/local/bin/ctr symlink to k3s
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s.service
[INFO] systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO] systemd: Starting k3s
安装完成之后,服务会自动启动。
$ systemctl status k3s
● k3s.service - Lightweight Kubernetes
Loaded: loaded (/etc/systemd/system/k3s.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-09-17 19:20:00 UTC; 2min 24s ago
Docs: https://k3s.io
Process: 833 ExecStartPre=/sbin/modprobe br_netfilter (code=exited, status=0/SUCCESS)
Process: 836 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 837 (k3s-server)
Tasks: 98
Memory: 571.1M
CGroup: /system.slice/k3s.service
├─ 837 /usr/local/bin/k3s server KillMode=process
├─ 851 containerd -c /var/lib/rancher/k3s/agent/etc/containerd/config.toml -a /run/k3s/containerd/containerd.sock --state /run/k3s/conta
├─1110 containerd-shim -namespace k8s.io -workdir /var/lib/rancher/k3s/agent/containerd/io.containerd.runtime.v1.linux/k8s.io/f6eeb59978
├─1127 /pause
├─1207 containerd-shim -namespace k8s.io -workdir /var/lib/rancher/k3s/agent/containerd/io.containerd.runtime.v1.linux/k8s.io/0baf0ca181
├─1225 /coredns -conf /etc/coredns/Corefile
├─1576 containerd-shim -namespace k8s.io -workdir /var/lib/rancher/k3s/agent/containerd/io.containerd.runtime.v1.linux/k8s.io/dcce4b7e17
├─1594 /pause
├─1599 containerd-shim -namespace k8s.io -workdir /var/lib/rancher/k3s/agent/containerd/io.containerd.runtime.v1.linux/k8s.io/50816ffba8
├─1617 /pause
├─1824 containerd-shim -namespace k8s.io -workdir /var/lib/rancher/k3s/agent/containerd/io.containerd.runtime.v1.linux/k8s.io/d0ff393609
├─1842 /bin/sh /usr/bin/entry
├─1882 containerd-shim -namespace k8s.io -workdir /var/lib/rancher/k3s/agent/containerd/io.containerd.runtime.v1.linux/k8s.io/046779175f
├─1899 /bin/sh /usr/bin/entry
├─1904 containerd-shim -namespace k8s.io -workdir /var/lib/rancher/k3s/agent/containerd/io.containerd.runtime.v1.linux/k8s.io/93f0fe2361
└─1921 /traefik --configfile=/config/traefik.toml
Sep 17 19:20:34 deb10 k3s[837]: E0917 19:20:34.714229 837 daemon_controller.go:302] kube-system/svclb-traefik failed with : error storing statu
Sep 17 19:20:34 deb10 k3s[837]: E0917 19:20:34.719452 837 daemon_controller.go:302] kube-system/svclb-traefik failed with : error storing statu
Sep 17 19:20:34 deb10 k3s[837]: I0917 19:20:34.726816 837 reconciler.go:207] operationExecutor.VerifyControllerAttachedVolume started for volum
Sep 17 19:20:34 deb10 k3s[837]: I0917 19:20:34.726836 837 reconciler.go:207] operationExecutor.VerifyControllerAttachedVolume started for volum
Sep 17 19:20:34 deb10 k3s[837]: I0917 19:20:34.726857 837 reconciler.go:207] operationExecutor.VerifyControllerAttachedVolume started for volum
Sep 17 19:20:34 deb10 k3s[837]: I0917 19:20:34.726869 837 reconciler.go:207] operationExecutor.VerifyControllerAttachedVolume started for volum
Sep 17 19:20:35 deb10 k3s[837]: I0917 19:20:35.529102 837 reconciler.go:181] operationExecutor.UnmountVolume started for volume "helm-traefik-t
Sep 17 19:20:35 deb10 k3s[837]: I0917 19:20:35.542858 837 operation_generator.go:799] UnmountVolume.TearDown succeeded for volume "kubernetes.i
Sep 17 19:20:35 deb10 k3s[837]: I0917 19:20:35.629277 837 reconciler.go:285] Volume detached for volume "helm-traefik-token-kjwrl" (UniqueName:
Sep 17 19:20:36 deb10 k3s[837]: W0917 19:20:36.355273 837 pod_container_deletor.go:75] Container "2f0c4a787b13c029d65aa865c1b473f5a7497cb6f9b92
将kubeconfig文件写入/etc/rancher/k3s/k3s.yaml:
$ cat /etc/rancher/k3s/k3s.yaml
cat: /etc/rancher/k3s/k3s.yaml: Permission denied
debian@deb10:~$ sudo cat /etc/rancher/k3s/k3s.yaml
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJWakNCL3FBREFnRUNBZ0VBTUFvR0NDcUdTTTQ5QkFNQ01DTXhJVEFmQmdOVkJBTU1HR3N6Y3kxelpYSjIKWlhJdFkyRkFNVFUyT0RjME56azVOakFlRncweE9UQTVNVGN4T1RFNU5UWmFGdzB5T1RBNU1UUXhPVEU1TlRaYQpNQ014SVRBZkJnTlZCQU1NR0dzemN5MXpaWEoyWlhJdFkyRkFNVFUyT0RjME56azVOakJaTUJNR0J5cUdTTTQ5CkFnRUdDQ3FHU000OUF3RUhBMElBQkM5aTMyUTdkVnhJaTFCVFNEOTRqYzJaZy9ESHFGc051b0Q4eWhSbjZsUlIKQWp5Q0p3UEZYQ3Y4QUdSMmFaK1lSempTYUJvM2M1LzMwQnZwKzY3OFNYeWpJekFoTUE0R0ExVWREd0VCL3dRRQpBd0lDcERBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUFvR0NDcUdTTTQ5QkFNQ0EwY0FNRVFDSUJwTXdOejAyZzUwCkExdEloU0Y1MFJqSVprVVVuNk8rODdLV25obWRUYkh5QWlBQnJqcDFxWU1HcWE0RmJ2Ym9rTm1kM3VOelVvQm8KeGxqTGlnWnZCN3ZEVGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://localhost:6443
name: default
contexts:
- context:
cluster: default
user: default
name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default
user:
password: 2d99cae31c075743be704bb717ceaae8
username: admin
其他已经安装的有:
-
kubectl
-
crictl
-
k3s-killall.sh
-
k3s-uninstall.sh
在Worker节点上安装k3s
要在Woker节点上安装k3s,我们应该将K3S_URL以及K3S_TOKEN或K3S_CLUSTER_SECRET环境变量一起传递。
K3S_TOKEN在第一个节点上的/ var / lib / rancher / k3s / server / node-token中创建。
$ sudo cat /var/lib/rancher/k3s/server/node-token
K1042e2f8e353b9409472c1e0cca8457abe184dc7be3f0805109e92c50c193ceb42::node:c83acbf89a7de7026d6f6928dc270028
所以为了在worker节点上安装Kubernetes,我将运行:
k3s_url="https://k3s-master:6443"
k3s_token="K1042e2f8e353b9409472c1e0cca8457abe184dc7be3f0805109e92c50c193ceb42::node:c83acbf89a7de7026d6f6928dc270028"
curl -sfL https://get.k3s.io | K3S_URL=${k3s_url} K3S_TOKEN=${k3s_token} sh -
安装输出:
[INFO] Finding latest release
[INFO] Using v0.8.1 as release
[INFO] Downloading hash https://github.com/rancher/k3s/releases/download/v0.8.1/sha256sum-amd64.txt
[INFO] Downloading binary https://github.com/rancher/k3s/releases/download/v0.8.1/k3s
[INFO] Verifying binary download
[INFO] Installing k3s to /usr/local/bin/k3s
[INFO] Creating /usr/local/bin/kubectl symlink to k3s
[INFO] Creating /usr/local/bin/crictl symlink to k3s
[INFO] Creating /usr/local/bin/ctr symlink to k3s
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-agent-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s-agent.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s-agent.service
[INFO] systemd: Enabling k3s-agent unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s-agent.service → /etc/systemd/system/k3s-agent.service.
[INFO] systemd: Starting k3s-agent
登录到其中一个master节点并检查集群状态:
$ sudo kubectl config get-clusters
NAME
default
$ sudo kubectl cluster-info
Kubernetes master is running at https://localhost:6443
CoreDNS is running at https://localhost:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
$ sudo kubectl get nodes
NAME STATUS ROLES AGE VERSION
k3s-master Ready master 14m v1.14.6-k3s.1
k3s-node01 Ready worker 3m11s v1.14.6-k3s.1
k3s-node02 Ready worker 3m58s v1.14.6-k3s.1
$ sudo kubectl get namespaces
NAME STATUS AGE
default Active 16m
kube-node-lease Active 16m
kube-public Active 16m
kube-system Active 16m
$ sudo kubectl get endpoints -n kube-system
NAME ENDPOINTS AGE
kube-dns 10.42.0.2:53,10.42.0.2:53,10.42.0.2:9153 14m
traefik 10.42.0.5:80,10.42.0.5:443 14m
$ sudo kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-b7464766c-q9frk 1/1 Running 0 15m
helm-install-traefik-8dhpk 0/1 Completed 0 15m
svclb-traefik-9c2j8 2/2 Running 0 4m49s
svclb-traefik-bf9zd 2/2 Running 0 4m2s
svclb-traefik-v2fpx 2/2 Running 0 14m
traefik-5c79b789c5-k589d 1/1 Running 0 14m
使用crictl命令来查看正在运行的容器
# Master
$ sudo crictl ps
CONTAINER ID IMAGE CREATED STATE NAME ATTEMPT POD ID
acfafb50852d3 18471c10e6e4b 16 minutes ago Running traefik 0 bf8534452389f
fee5ac7e88f2e 4a065d8dfa588 16 minutes ago Running lb-port-443 0 e7068ff7ab2f2
bbab5b07e5efb 4a065d8dfa588 16 minutes ago Running lb-port-80 0 e7068ff7ab2f2
65c5d1333ea04 2ee68ed074c6e 16 minutes ago Running coredns 0 435c51f4716fc
# Workers
$ sudo crictl ps
CONTAINER ID IMAGE CREATED STATE NAME ATTEMPT POD ID
7ad5c83d6466f 4a065d8dfa588 6 minutes ago Running lb-port-443 0 bf8d9fe57c3f3
c1380eabc0b33 4a065d8dfa588 6 minutes ago Running lb-port-80 0 bf8d9fe57c3f3
大功告成啦!如果你需要更高级的配置,请参阅k3s文档: