colben/www.colben.cn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
www.colben.cn/content/post/k3s-install.md
colben b0f6120151 update
2021-11-14 14:32:08 +08:00

160 lines
4.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: "CentOS7 安装 K3S"
date: 2020-09-25T14:21:00+08:00
lastmod: 2020-09-25T14:21:00+08:00
keywords: []
tags: ["rancher", "k3s"]
categories: ["container"]
---
# 环境
角色 | 主机名 | 操作系统 | 软件
---- | ---- | ---- | ----
数据库 | - | - | docker-ce 19.03
k3s server | k3s-server0 | CentOS7.8 | docker-ce 19.03, k3s v1.18.9
k3s server | k3s-server1 | CentOS7.8 | docker-ce 19.03, k3s v1.18.9
k3s agent | k3s-agent0 | CentOS7.8 | docker-ce 19.03, k3s v1.18.9
k3s agent | k3s-agent1 | CentOS7.8 | docker-ce 19.03, k3s v1.18.9
- **全部服务器关闭 firewalld、selinux 和 swap设置时间同步**
- **全部 k3s 服务器(除了数据库)必须设置唯一主机名**
# 安装数据库
- 在数据库服务器上执行如下操作
- 启动 docker 容器
```bash
docker run -d \
--name mariadb \
-p 3306:3306 \
-v /data/mariadb/binlog:/var/lib/mysql-bin \
-v /data/mariadb/db:/var/lib/mysql \
-v /data/mariadb/log:/var/log/mysql \
harbor.colben.cn/general/alpine-mariadb
```
- 创建 k3s 数据库
```bash
docker exec mariadb mysql -e "
CREATE DATABASE k3s DEFAULT CHARSET UTF8MB4;
CREATE USER k3s@'%' IDENTIFIED BY 'Password_1234';
GRANT ALL ON k3s.* TO k3s@'%';
FLUSH PRIVILEGES;
"
```
- 生产环境建议配置 mysql 主从高可用,参考[MariaDB 主从复制](/post/mariadb-replication/)
# 安装 k3s server
- 在每台 k3s server 服务器上执行如下操作
- 下载并安装 k3s
```bash
cd /usr/local/bin/
curl -LO https://github.com/rancher/k3s/releases/download/v1.18.9%2Bk3s1/k3s
chmod 0755 k3s
ln -s k3s kubectl
```
- 创建 systemd 服务文件 /etc/systemd/system/k3s-server.service内容如下
```ini
[Unit]
Description=Lightweight Kubernetes
Documentation=https://k3s.io
Wants=network-online.target
[Install]
WantedBy=multi-user.target
[Service]
Type=notify
KillMode=process
Delegate=yes
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
Restart=always
RestartSec=5s
SuccessExitStatus=1
ExecStartPre=-/sbin/modprobe br_netfilter
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/k3s \
server \
--docker \
--datastore-endpoint 'mysql://k3s:Password_1234@tcp({mysql 地址}:{mysql 端口})/k3s' \
--disable 'coredns,servicelb,traefik,local-storage,metrics-server' \
--pause-image 'harbor.colben.cn/k3s/pause:3.2'
```
- 重载 systemd 系统服务,启动 k3s-server 服务
```bash
systemctl daemon-reload
systemctl start k3s-server
```
- 获取 token 信息(同一集群内各 server 上该文件完全一样),该信息用于 agent 连接
```bash
cat /var/lib/rancher/k3s/server/token
```
- 多个 k3s-server 服务可通过 keepalived 配置高可用,参考[keepalived 笔记](/post/keepalived/)
# 安装 k3s agent
- 在每台 k3s agent 服务器上执行如下操作
- 下载并安装 k3s
```bash
cd /usr/local/bin/
curl -LO https://github.com/rancher/k3s/releases/download/v1.18.9%2Bk3s1/k3s
chmod 0755 k3s
```
- 创建 systemd 服务文件 /etc/systemd/system/k3s-agent.service内容如下
```ini
[Unit]
Description=Lightweight Kubernetes
Documentation=https://k3s.io
Wants=network-online.target
[Install]
WantedBy=multi-user.target
[Service]
Type=notify
KillMode=process
Delegate=yes
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
Restart=always
RestartSec=5s
SuccessExitStatus=1
ExecStartPre=-/sbin/modprobe br_netfilter
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/k3s \
agent \
--docker \
--server 'https://{任一 server 地址或 server 高可用地址}:6443' \
--pause-image 'harbor.boyachain.cn:20443/k3s/pause:3.2' \
--token '{server token 信息}'
```
- 重载 systemd 系统服务,启动 k3s-agent 服务
```bash
systemctl daemon-reload
systemctl start k3s-agent
```
# 查看节点信息
- 在任一 k3s server 服务器上执行如下操作
- 查看节点信息
```bash
kubectl get nodes
```
# 注意事项
- k3s 内部 ssl 证书有效期一年,可在到期前重启 k3s 集群轮换证书
Reference in New Issue View Git Blame Copy Permalink