写这篇文章,是为了记录k3s的详细部署过程,方便他人查阅。
k3s是什么?简单来说,是轻量的kubernetes。kubernetes(k8s)是业界流行的容器编排云平台,你日常使用的app后台程序可能就运行在kubernetes上。
如果你手上有几台配置还行的x86架构服务器,你可以直接选择部署k8s而非k3s。我手上只有几台性能一般的树莓派,想拥有一个低成本的容器云集群,不管是学习还是应用,k3s都是最佳的选择。k3s官网还指出,它能完美适配树莓派的ARM64和ARM v7架构。
概览
这是一个部署在家里的1+1集群,即1个主节点,1个工作节点。
设备清单:
- K3S Master Node: 树莓派4,Raspbian-Buster系统
- K3S Worker Node: 树莓派4,Raspbian-Buster系统
- Network Gateway: 家用路由器
- Volume Node: 树莓派1,Raspbian-Buster系统
- Mobile SSD: 移动固态硬盘
我喜欢把Volume Node独立在集群之外,并让它充当网络文件系统服务器,这样做的好处有几点:
- 稳定性:任何一个K3S节点重启或异常,都不会影响其他还工作的节点访问磁盘,保证数据不丢失;
- 扩展性:如果磁盘空间满,可以充分利用树莓派的四个USB接口,扩展外挂的硬盘,轻松实现容量扩展或者内容备份;
- 灵活性:Volume Node不仅仅服务K3S集群,甚至还可以在上面再配置一个Samba服务,允许个人电脑、智能电视直接挂载它,做到更直接的访问。
配置静态IP
每个树莓派需要配置静态IP,这是其中一个例子:
vim /etc/dhcpcd.conf
# Example static IP configuration:
# 如果是无线连接wifi,interface eth0 替换成interface wlan0
interface eth0
static ip_address=192.168.0.210/24
static routers=192.168.0.1
static domain_name_servers=192.168.0.1 8.8.8.8
配置NFS(Network File System)
这一章的内容对于部署K3S来说不是必须的,你可以暂时跳过它;如果你的K3S集群没有长期使用计划,你更可以跳过它。但如果你打算长期维护K3S集群,以及上面的个人应用(网盘,笔记应用,个人博客,家庭影院...),那么这一章的实践会让你的数据更加可靠。
上文已提到独立Volume Node的好处,接下来会给出具体的操作步骤:
3.1 Volume Node挂载固态硬盘
固态硬盘USB口连接树莓派;机械硬盘建议考虑额外带外部电源,老款树莓派USB电流不足以驱动它。
1)查看树莓派是否识别到设备:
sudo fdisk -l | grep '^Disk'
我的Volume Node分别挂载了HITACHI机械硬盘(/dev/sda)和HP固态硬盘(/dev/sdb):
root@volume-node-1:/media/pi# sudo fdisk -l | grep '^Disk'
......
Disk /dev/mmcblk0: 29.7 GiB, 31914983424 bytes, 62333952 sectors
Disklabel type: dos
Disk identifier: 0xb0921384
Disk /dev/sda: 465.8 GiB, 500107862016 bytes, 976773168 sectors
Disk model: ASMT1153e
Disklabel type: dos
Disk identifier: 0x63b879d0
Disk /dev/sdb: 461.3 GiB, 495318295552 bytes, 967418546 sectors
Disk model: HP P500
2)查看硬盘格式:
sudo blkid
root@volume-node-1:/media/pi# sudo blkid
/dev/mmcblk0p1: LABEL_FATBOOT="boot" LABEL="boot" UUID="4AD7-B4D5" TYPE="vfat" PARTUUID="b0921384-01"
/dev/mmcblk0p2: LABEL="rootfs" UUID="2887d26c-6ae7-449d-9701-c5a4018755b0" TYPE="ext4" PARTUUID="b0921384-02"
/dev/sda1: LABEL="HITACHI" UUID="5277c321-55f9-5146-96a6-31d177fc83bd" TYPE="ext4" PARTUUID="63b879d0-01"
/dev/mmcblk0: PTUUID="b0921384" PTTYPE="dos"
/dev/sdb: UUID="d81b53cd-2dc5-4be2-a1a7-f5aac680ae74" TYPE="ext4"
3)格式化为ext4(注意:会格式化硬盘清空所有数据):
sudo mkfs.ext4 /dev/sda1
sudo mkfs.ext4 /dev/sdb
4)建立挂载点:
sudo mkdir /media/pi/HITACHI
sudo mkdir /media/pi/HP
sudo chown pi:pi /media/pi/HITACHI
sudo chown pi:pi /media/pi/HP
5)挂载:
sudo mount -t ext4 /dev/sda1 /media/pi/HITACHI
sudo mount -t ext4 /dev/sdb /media/pi/HP
6)配置开机自动挂载:
sudo vim /etc/fstab
----------------------
proc /proc proc defaults 0 0
PARTUUID=b0921384-01 /boot vfat defaults 0 2
PARTUUID=b0921384-02 / ext4 defaults,noatime 0 1
# a swapfile is not a swap partition, no line here
# use dphys-swapfile swap[on|off] for that
################### 添加这两行配置:######################
/dev/sda1 /media/pi/HITACHI ext4 defaults,noatime 0 0
/dev/sdb /media/pi/HP ext4 defaults.noatime 0 0
7)用"df -h"命令查看是否挂载成功:
root@volume-node-1:/media/pi# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/root 29G 1.5G 27G 6% /
devtmpfs 184M 0 184M 0% /dev
tmpfs 217M 0 217M 0% /dev/shm
tmpfs 217M 24M 193M 11% /run
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
tmpfs 217M 0 217M 0% /sys/fs/cgroup
/dev/sda1 459G 67G 369G 16% /media/pi/HITACHI
/dev/mmcblk0p1 253M 54M 199M 22% /boot
/dev/sdb 454G 67G 364G 16% /media/pi/HP
tmpfs 44M 0 44M 0% /run/user/0
3.2 Volume Node安装NFS Server
sudo apt-get install nfs-kernel-server
sudo vim /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
######## 文件末尾添加如下内容, 192.168.0.210等地址分别是NFS Client的IP地址:#########
/media/pi/HP/ 192.168.0.210(rw,sync,no_root_squash) 192.168.0.213(rw,sync,no_root_squash) 192.168.0.214(rw,sync,no_root_squash)
sudo systemctl restart nfs-server.service
3.3 K3S Master/Worker Node安装NFS Client
这里用了autofs,只有在你访问NFS目录时才会挂载NFS Server。
sudo apt-get install autofs -y
sudo vim /etc/auto.master
-----------------------------
#
# Sample auto.master file
# This is a 'master' automounter map and it has the following format:
# mount-point [map-type[,format]:]map [options]
# For details of the format look at auto.master(5).
#
#/misc /etc/auto.misc
###########新增这行配置, hp.misc 可以换成<你想要的名字>.misc###################
/media /etc/hp.misc
# NOTE: mounts done from a hosts map will be mounted with the
# "nosuid" and "nodev" options unless the "suid" and "dev"
# options are explicitly given.
#
#/net -hosts
#
# Include /etc/auto.master.d/*.autofs
# The included files must conform to the format of this file.
#
+dir:/etc/auto.master.d
#
# Include central master map if it can be found using
# nsswitch sources.
#
# Note that if there are entries for /net or /misc (as
# above) in the included master map any keys that are the
# same will not be seen as the first read key seen takes
# precedence.
#
+auto.master
###########新建文件hp.misc, 当然也可以是<你想要的名字>.misc####################
sudo vim /etc/hp.misc
------------------------
#####这里"hp"和hp.misc文件名保持一致, 192.168.0.130是NFS Server(Volume Node)的IP地址,
#####"/media/pi/HP"是NFS共享目录。
hp -fstype=nfs 192.168.0.130:/media/pi/HP
sudo systemctl restart autofs
测试NFS目录:”cd /media/HP“,并尝试新建或编辑一个文件。
如果目录访问失败,需要检查上面的”<你想要的名字>.misc“文件是否配置正确;
如果新建或编辑文件失败,请检查NFS Server的/media/pi/HP目录权限问题,检查上文2.1节第4点提到的chown命令有没有执行过。最简单粗暴的做法是"chmod 777 -R /media/pi/HP", 这种办法能否解决问题,但有安全隐患不推荐。
系统设置
这一章的内容和树莓派自身系统Raspbian-Buster有关,你在其他硬件或三方系统上可能不会遇到这些问题。以下的配置来自K3S官方文档,K3S Master Node和K3S Worker Node都需要配置:
1)Raspbian-Buster启用cgroup
安装K3S时可能遇到cgroup的错误信息:"Failed to find memory cgroup",可以用这个办法解决:
/boot/cmdline.txt追加配置cgroup_memory=1 cgroup_enable=memory,如:
sudo vim /boot/cmdline.txt
------------------------------
console=serial0,115200 console=tty1 root=PARTUUID=2c25a6a1-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait quiet splash plymouth.ignore-serial-consoles cgroup_memory=1 cgroup_enable=memory
2)Raspbian-Buster启用旧版的iptables
sudo iptables -F
sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
sudo reboot
安装Docker
Master Node和Worker Node都需要安装docker,参考“树莓派实验室”的Docker安装教程:
sudo curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
安装K3S集群
到这里我们才真正开始K3S集群本身的安装工作,前面都是系统预置条件。
1)部署K3S Master Node
curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -
#获取node-token,安装K3S Worker Node时用得到。
sudo cat /var/lib/rancher/k3s/server/node-token
------------------------------------------------------
K1078f3843502c8ba11e6a9691833653d0c9257a76fa6813be430436699ad7e5ab4::server:3673c9a60dd7949bf00a45ba51722527
约等待30秒,用下列命令查看Master节点是否安装完成:
pi@k3s-master-1:~ $ sudo kubectl get node
NAME STATUS ROLES AGE VERSION
k3s-master-1 Ready control-plane,master 37h v1.20.6+k3s1
#安装kubectl命令补齐工具
sudo apt-get install bash-completion -y
sudo source <(kubectl completion bash)
sudo echo "source <(kubectl completion bash)" >> ~/.bashrc
#从此用kubectl工具可以使用tab键补齐命令
K3S的部署要做到轻量,因此它把K8S所有Master节点组件(api-server,controller-manager,kubelet...)打包到/usr/local/bin/k3s binary里面:
pi@k3s-master-1:~ $ sudo systemctl status k3s.service
● k3s.service - Lightweight Kubernetes
Loaded: loaded (/etc/systemd/system/k3s.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-04-22 20:40:54 CST; 1 day 13h ago
Docs: https://k3s.io
Process: 9647 ExecStartPre=/sbin/modprobe br_netfilter (code=exited, status=0/SUCCESS)
Process: 9648 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 9649 (k3s-server)
2)部署K3S Worker Node
#替换"K3S_URL=https://192.168.0.210:6443", 192.168.0.210换成你的Master节点地址。
#替换"K3S_TOKEN=K1078f3843502c8ba11e6a9691833653d0c9257a76fa6813be430436699ad7e5ab4::server:3673c9a60dd7949bf00a45ba51722527",换成上面获取到的key。
curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=https://192.168.0.210:6443 K3S_TOKEN=K1078f3843502c8ba11e6a9691833653d0c9257a76fa6813be430436699ad7e5ab4::server:3673c9a60dd7949bf00a45ba51722527 sh -
K8S的Worker节点的组件也同样被压缩到k3s-agent binary里面:
pi@k3s-worker-1:~ $ sudo systemctl status k3s-agent.service
● k3s-agent.service - Lightweight Kubernetes
Loaded: loaded (/etc/systemd/system/k3s-agent.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-04-22 21:14:58 CST; 1 day 13h ago
Docs: https://k3s.io
Process: 431 ExecStartPre=/sbin/modprobe br_netfilter (code=exited, status=0/SUCCESS)
Process: 432 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 434 (k3s-agent)
Tasks: 32
Memory: 206.6M
CGroup: /system.slice/k3s-agent.service
├─434 /usr/local/bin/k3s agent
└─467 containerd
3)卸载K3S命令
这里记录卸载命令,安装过程不需要执行:
#卸载master节点
k3s-uninstall.sh
#卸载worker节点
k3s-agent-uninstall.sh
测试
只有master节点能使用kubectl工具管理集群,用下列命令查看node状态:
pi@k3s-master-1:~ $ sudo kubectl get nodes
NAME STATUS ROLES AGE VERSION
k3s-worker-1 Ready <none> 37h v1.20.6+k3s1
k3s-master-1 Ready control-plane,master 37h v1.20.6+k3s1
用下列命令查看系统pod状态:
pi@k3s-master-1:~ $ sudo kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
metrics-server-86cbb8457f-67wdh 1/1 Running 0 37h
coredns-854c77959c-7b8jd 1/1 Running 0 37h
helm-install-traefik-662pb 0/1 Completed 0 37h
local-path-provisioner-5ff76fc89d-986th 1/1 Running 1 37h
走到这一步K3S集群安装已完成,尽情在自己的集群上部署你的应用吧!