k3s安装部署流程
<div id="navCategory"><h5 class="catalogue">目录</h5><ul class="first_class_ul"><li><a href="#_label0">k3s国内下载地址</a></li><li><a href="#_label1">配置镜像源</a></li><li><a href="#_label2">部署仪表盘</a></li><li><a href="#_label3">配置仪表盘角色</a></li><li><a href="#_label4">部署用户角色配置</a></li><li><a href="#_label5">获取仪表盘 token</a></li><li><a href="#_label6">端口转发</a></li><li><a href="#_label7">以NodePort的方式进行暴露</a></li><li><a href="#_label8">安装nerdctl + buildkitd 构建容器镜像</a></li><ul class="second_class_ul"><li><a href="#_lab2_8_0">1. 安装buildkitd</a></li><li><a href="#_lab2_8_1">2. 安装nerdctl</a></li><li><a href="#_lab2_8_2">3. 注意事项</a></li></ul><li><a href="#_label9">总结</a></li><ul class="second_class_ul"></ul></ul></div><p class="maodian"><a name="_label0"></a></p><h2>k3s国内下载地址</h2><div class="jb51code"><pre class="brush:plain;">curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -
</pre></div>
<p class="maodian"><a name="_label1"></a></p><h2>配置镜像源</h2>
<div class="jb51code"><pre class="brush:plain;">tee /etc/rancher/k3s/registries.yaml <<'EOF'
mirrors:
"docker.io":
endpoint:
- "https://docker.m.daocloud.io"
- "https://docker.mirrors.ustc.edu.cn"
- "https://hub-mirror.c.163.com"
- "https://mirror.baidubce.com"
- "https://docker.nju.edu.cn"
- "https://mirrors.tuna.tsinghua.edu.cn"
- "https://registry-1.docker.io"
EOF
</pre></div>
<p class="maodian"><a name="_label2"></a></p><h2>部署仪表盘</h2>
<div class="jb51code"><pre class="brush:plain;">kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
</pre></div>
<p class="maodian"><a name="_label3"></a></p><h2>配置仪表盘角色</h2>
<p>dashboard.admin-user-role.yml</p>
<div class="jb51code"><pre class="brush:yaml;">apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
</pre></div>
<p>dashboard.admin-user.yml</p>
<div class="jb51code"><pre class="brush:yaml;">apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
</pre></div>
<p class="maodian"><a name="_label4"></a></p><h2>部署用户角色配置</h2>
<div class="jb51code"><pre class="brush:plain;">kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml
</pre></div>
<p class="maodian"><a name="_label5"></a></p><h2>获取仪表盘 token</h2>
<div class="jb51code"><pre class="brush:plain;">kubectl -n kubernetes-dashboard create token admin-user
</pre></div>
<p class="maodian"><a name="_label6"></a></p><h2>端口转发</h2>
<p>–address 0.0.0.0 可以远程访问</p>
<div class="jb51code"><pre class="brush:plain;">kubectl port-forward -n kubernetes-dashboard --address 0.0.0.0 svc/kubernetes-dashboard 8443:443
</pre></div>
<p class="maodian"><a name="_label7"></a></p><h2>以NodePort的方式进行暴露</h2>
<p>直接端口转发命令需要一直保持命令行运行状态,如果需要后台需要使用 NodePort 来对外暴露服务。</p>
<div class="jb51code"><pre class="brush:yaml;">apiVersion: v1
kind: Service
metadata:
name: dashboard-nodeport
namespace: kubernetes-dashboard
spec:
type: NodePort
selector:
k8s-app: kubernetes-dashboard
ports:
- name: dashboard-https
port: 443 #应用端口
targetPort: 8443 #pod端口
nodePort: 30443 # 转发端口
</pre></div>
<p>访问https://192.168.204.137:30443/地址,根据自己服务器实际情况来。</p>
<p class="maodian"><a name="_label8"></a></p><h2>安装nerdctl + buildkitd 构建容器镜像</h2>
<blockquote><p>nerdctl地址:https://github.com/containerd/nerdctl/releases/download/v1.5.0/nerdctl-1.5.0-linux-amd64.tar.gz</p>
<p>buildkitd地址:https://github.com/moby/buildkit/releases/download/v0.12.1/buildkit-v0.12.1.linux-amd64.tar.gz</p></blockquote>
<p class="maodian"><a name="_lab2_8_0"></a></p><h3>1. 安装buildkitd</h3>
<p>解压缩包</p>
<div class="jb51code"><pre class="brush:plain;">tar xf buildkit-v0.12.1.linux-amd64.tar.gz
</pre></div>
<p>复制两个文件夹到bin目录下</p>
<div class="jb51code"><pre class="brush:plain;">cp bin/buildkitd bin/buildctl /usr/local/bin/
</pre></div>
<p>创建service文件</p>
<div class="jb51code"><pre class="brush:plain;">
Description=BuildKit
Documentation=https://github.com/moby/buildkit
After=network-online.target
Wants=network-online.target
ExecStart=/usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true
User=root
Restart=always
RestartSec=5
WantedBy=multi-user.target
</pre></div>
<p>启动buildkitd服务</p>
<div class="jb51code"><pre class="brush:plain;">systemctl daemon-reload
systemctl enable buildkitd --now
# systemctl enable buildkitd --now
# 相当于systemctl enable buildkitd 和 systemctl start buildkitd
</pre></div>
<p class="maodian"><a name="_lab2_8_1"></a></p><h3>2. 安装nerdctl</h3>
<p>解压缩</p>
<div class="jb51code"><pre class="brush:plain;">tar xf nerdctl-1.5.0-linux-amd64.tar.gz
</pre></div>
<p>复制到bin目录下</p>
<div class="jb51code"><pre class="brush:plain;">mv nerdctl /usr/local/bin/
</pre></div>
<p>由于直接使用的k3s的容器,所以没有/run/containerd/containerd.sock,使用nerdctl会报错</p>
<p>创建符号链接</p>
<div class="jb51code"><pre class="brush:plain;">ln -sf /run/k3s/containerd/containerd.sock /run/containerd/containerd.sock
# 验证链接
ls -la /run/containerd/containerd.sock
</pre></div>
<p class="maodian"><a name="_lab2_8_2"></a></p><h3>3. 注意事项</h3>
<p>nerdctl拉取的镜像默认在default命名空间,这样子k3s查询不到,部署会有问题。</p>
<p><strong>方案1</strong>:拉取的时候指定命名空间k8s.io</p>
<div class="jb51code"><pre class="brush:plain;">nerdctl -n k8s.io pull docker.1ms.run/library/nginx:alpine3.22
</pre></div>
<p><strong>方案2</strong>:修改环境变量</p>
<div class="jb51code"><pre class="brush:plain;">echo 'export CONTAINERD_NAMESPACE=k8s.io' >> ~/.bashrc
source ~/.bashrc
</pre></div>
<p><strong>方案3</strong>:修改nerdctl配置文件(推荐)</p>
<div class="jb51code"><pre class="brush:plain;">mkdir -p /etc/nerdctl
echo 'namespace = "k8s.io"' | tee /etc/nerdctl/nerdctl.toml
</pre></div>
<p>验证nerdctl命名空间</p>
<div class="jb51code"><pre class="brush:plain;">nerdctl info
</pre></div>
<p>验证,使用nerdctl拉取镜像,如果在crictl查询出来就是成功了</p>
<div class="jb51code"><pre class="brush:plain;">nerdctl pull docker.1ms.run/library/nginx:alpine3.22
</pre></div>
<p class="maodian"><a name="_label9"></a></p><h2>总结</h2>
<p>以上为个人经验,希望能给大家一个参考,也希望大家多多支持琼殿技术社区。</p>
頁:
[1]