k3d介绍
k3d 就是一个工具,用于管理k3s集群。包括启动,删除,关闭,停止,查看等。
k3d安装
容器和二进制两种
容器:就是k3d部署在容器中,再这个容器中启动k3s集群。就是docker-in-docker
二进制:下载电脑合适的。
https://github.com/rancher/k3d/releases/download/v5.0.3/k3d-darwin-arm64 mv k3d-darwin-arm64 /usr/local/bin/k3d chmod +x /usr/local/bin/k3d
github地址:https://github.com/rancher/k3d
k3s介绍
轻量级的kubernetes
组件:默认的,可以替换
flannel、coredns、traefik、kipper load balancer、sqlite3、containerd。
创建集群
先创建一个单机版的集群。由于默认使用的containerd运行时,所以kubernetes.io/dockerconfigjso 的创建仓库认证就不能用了。
此处使用--registry-config配置镜像仓库认证。参考地址:https://k3d.io/v5.1.0/usage/registries/#registries-file
常用参数:
--k3s-arg : 参考地址:https://rancher.com/docs/k3s/latest/en/installation/install-options/server-config/#k3s-server-cli-help
如:--k3s-arg "--disable=traefik@server:0"
k3d cluster create dev --port "80:80@loadbalancer" --port "443:443@loadbalancer" --registry-config "registries.yaml"
######私有仓库######
cat registries.yaml
mirrors:
"registry.cn-beijing.aliyuncs.com":
endpoint:
- https://registry.cn-beijing.aliyuncs.com
configs:
"registry.cn-beijing.aliyuncs.com":
auth:
username: username
password: password
注:"registry.cn-beijing.aliyuncs.com" 保持一致名字
实例测试
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx-demo
spec:
rules:
- host: "foo.bar.com"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: nginx
port:
number: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: default
spec:
ports:
- port: 80
name: http
selector:
app: nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: default
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
添加hosts解析:172.168.3.139 foo.bar.com
使用:curl foo.bar.com 测试
Use Calico instead of Flannel
不想使用默认flannel 的可以选择其他网络组件 如:calico 参考:
https://github.com/rancher/k3d/blob/main/docs/usage/advanced/calico.md
Use Ingress nginx instead of Traefik
使用ingress nginx 代替traefik。对于熟悉ingress nginx的 可以使用
k3d cluster create dev --image "rancher/k3s:v1.20.12-k3s1" --volume "$(pwd)/calico.yaml:/var/lib/rancher/k3s/server/manifests/calico.yaml" --port "80:80@loadbalancer" --port "443:443@loadbalancer" --k3s-arg "--flannel-backend=none@server:0" --k3s-arg "--disable=traefik@server:0" --registry-config "registries.yaml"
ingress nginx官网:https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal
https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.4/deploy/static/provider/cloud/deploy.yaml
替换镜像: grep 'image:' deploy.yaml image: liangjw/ingress-nginx-controller:v1.0.4 image: liangjw/kube-webhook-certgen:v1.1.1 image: liangjw/kube-webhook-certgen:v1.1.1
参考docker hub:https://registry.hub.docker.com/u/liangjw
其他参数:
-p "32000-23767:32000-23767@loadbalancer"
流量走向
一种方案:模拟真实网络请求
Dns 解析---> 部署节点ip(此处本机) 80:443端口 ---> k3d 的 loadbance 容器:80 443 ---> k3s集群的ingress nginx controler 的80:443
dns解析根据实际情况。主要把流量导入到k3d的lb容器80:443端口即可,lb实际是一个代理ng将流量导入k3s集群。
删除集群:
k3d cluster delete dev
地址收藏:
https://github.com/linuxkit/linuxkit