k3s文档 中文文档:https://docs.rancher.cn/docs/k3s/_index
准备离线文件 从https://github.com/k3s-io/k3s/releases
下载以下文件: * k3s-airgap-images-amd64.tar.zst * k3s
从https://rancher-mirror.rancher.cn/k3s/k3s-install.sh
下载k3s-install.sh文件。
离线安装(Ubuntu 22.04)
将k3s-airgap-images-amd64.tar.zst文件上传到服务器的/var/lib/rancher/k3s/agent/images/
目录下
1 2 sudo mkdir -p /var/lib/rancher/k3s/agent/images/ sudo cp k3s-airgap-images-amd64.tar.zst /var/lib/rancher/k3s/agent/images/
将k3s文件上传到服务器的/usr/local/bin/
目录下
1 2 sudo cp k3s /usr/local/bin/ sudo chmod +x /usr/local/bin/k3s
将k3s-install.sh文件上传到服务器
执行安装脚本
server1 1 2 3 4 5 chmod +x k3s-install.shsudo INSTALL_K3S_SKIP_DOWNLOAD=true \ INSTALL_K3S_EXEC='server --token=23f0fba79fc84fd5962279908c86d05e --cluster-init' \ ./k3s-install.sh
servern 1 2 3 4 chmod +x k3s-install.shsudo INSTALL_K3S_SKIP_DOWNLOAD=true \ INSTALL_K3S_EXEC='server --token=23f0fba79fc84fd5962279908c86d05e --server https://server1:6443' \ ./k3s-install.sh
让k3s使用私有镜像仓库 放一个registries.yaml文件进行配置
/etc/rancher/k3s/registries.yaml 1 2 3 4 mirrors: docker.io: endpoint: - "http://registry.example.com:5000"
重启k3s
1 sudo systemctl restart k3s
挂载NAS 在阿里云控制台查看具体操作
helm安装(ubuntu 22.04) 1 2 3 4 5 6 7 cp /etc/rancher/k3s/k3s.yaml ~/.kube/configsudo snap install helm --classic helm repo add bitnami https://charts.bitnami.com/bitnami helm repo list
helm3不再需要Tiller和helm init
了
使用Lens访问 在https://k8slens.dev/
下载Lens安装包,支持windows,需要通过XShell的隧道来打通网络。 在Lens的Clusters界面增加(右下角的大加号),选择菜单Add from kubeconfig
,复制粘贴K3s的kubeconfig(/etc/rancher/k3s/k3s.yaml
)即可。
使用Docker下载镜像再导入到k8s Docker下载
1 docker save registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.9.2 -o kube-state-metrics-v2.9.2.tar
Docker导入
1 docker image load -i kube-state-metrics-v2.9.2.tar
k3s导入
1 2 k3s ctr image import kube-state-metrics-v2.9.2.tar k3s ctr image ls |grep kube-state-metrics
注意:如果镜像的下载策略(imagePullPolicy
)是Always
,则始终会重新下载镜像,所以要使用导入的镜像,需要将镜像下载策略改为IfNotPresent
kube-prometheus
参考:https://github.com/prometheus-operator/kube-prometheus
1 2 3 4 5 6 7 8 9 kubectl apply --server-side -f manifests/setup kubectl wait \ --for condition=Established \ --all CustomResourceDefinition \ --namespace=monitoring kubectl apply -f manifests/ kubectl port-forward pod/grafana-748964b847-vtnk8 3000 3000 -n monitoring 默认账号密码: admin/admin
安装Docker(Ubuntu) 1 sudo apt install docker.io
配置镜像加速(阿里云) 1 2 3 4 5 6 7 8 sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors" : ["https://??????.mirror.aliyuncs.com" ] } EOF sudo systemctl daemon-reload sudo systemctl restart docker
rancher(弃用)
Rancher安装后默认开启了一个内置的k3s集群,但是无法增加自建的k8s集群?或许只用k3s才是最简单的方式?毕竟Rancher带来了更多的复杂性和不可控性。
持久化存储(longhorn) 安装 1 2 3 wget https://raw.githubusercontent.com/longhorn/longhorn/v1.5.1/deploy/longhorn.yaml kubectl apply -f longhorn.yaml kubectl get sc
Dashboard
官方文档: accessing-the-ui
1 kubectl port-forward svc/longhorn-frontend 30080:80 -n longhorn-system
部署私有镜像仓库 启动私有镜像仓库 1 2 3 4 5 6 docker run -d\ -p 5000:5000\ --restart unless-stopped\ --name registry\ -v /mnt/registry-data:/var/lib/registry\ registry:latest
UI界面访问(joxit/docker-registry-ui) 大致找了一下,joxit/docker-registry-ui
可以用(至少还在更新),github
docker-compose.yaml 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 version: '3.8' services: registry-ui: image: joxit/docker-registry-ui:2.5.7 restart: unless-stopped ports: - 18080 :80 environment: - SINGLE_REGISTRY=true - REGISTRY_TITLE=Docker Registry UI - DELETE_IMAGES=true - SHOW_CONTENT_DIGEST=true - REGISTRY_URL=http://localhost:5000 - SHOW_CATALOG_NB_TAGS=true - CATALOG_MIN_BRANCHES=1 - CATALOG_MAX_BRANCHES=1 - TAGLIST_PAGE_SIZE=100 - REGISTRY_SECURED=false - CATALOG_ELEMENTS_LIMIT=1000 container_name: registry-ui networks: - registry-net registry-server: image: registry:2.8.2 restart: unless-stopped ports: - 5000 :5000 environment: REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '[http://localhost:18080]' REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD,GET,OPTIONS,DELETE]' REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]' REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization,Accept,Cache-Control]' REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]' REGISTRY_STORAGE_DELETE_ENABLED: 'true' volumes: - /your-path/registry-data:/var/lib/registry container_name: registry-server networks: - registry-net networks: registry-net:
1 2 3 4 docker-compose up -d docker-compose down
避坑指南:如果是使用XShell这样的终端,可以通过XShell的隧道来从工作终端访问内网,但是需要把registry-server的5000端口,以及registry-ui的18080端口都映射到本地。
标记镜像并推送到私有仓库 1 2 docker tag registry:latest 127.0.0.1:5000/registry:v2.7.1 docker push 127.0.0.1:5000/registry:v2.7.1
用curl查看仓库中的镜像 1 2 3 4 5 curl -X GET 127.0.0.1:5000/v2/_catalog curl -X GET 127.0.0.1:5000/v2/image_name/tags/list
如果出现异常可以加-v或–verbose参数以详细模式运行curl,方便排查
从私有仓库拉取镜像 其他主机使用私有仓库镜像,则需要修改daemon.json文件,并使之生效:
1 2 3 4 5 6 7 8 9 sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors" : ["https://your_id.mirror.aliyuncs.com" ], "insecure-registries" : ["192.168.1.1:5000" ] } EOF sudo systemctl daemon-reload sudo systemctl restart docker
解决Docker镜像无法pull的问题 国外平台的Docker镜像无法下载时,可以通过DaoCloud的公开镜像加速来下载,即增加m.daocloud.io前缀。
参考: DaoCloud公开镜像加速
用helm安装zookeeper 搜索需要的版本:
1 helm search repo bitnami/zookeeper -l|grep 3.8
下载指定的版本(这个版本是helm的chart版本,不是zookeeper的版本):
1 helm fetch bitnami/zookeeper --version 11.4.11
解压下载的tgz文件,修改values.yaml进行定制化配置:
1 2 3 tar -zxvf zookeeper-11.4.11.tgz cd zookeeper-11.4.11vi values.yaml
修改values.yaml文件:
1 2 3 4 5 6 7 8 9 10 11 replicaCount: 3 ... persistence: storageClass: longhorn size: 2Gi ... resources: limits: {} requests: memory: 128Mi cpu: 50m
安装及输出:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 helm install zookeeper . NAME: zookeeper LAST DEPLOYED: Tue Jul 30 13:17:31 2024 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: CHART NAME: zookeeper CHART VERSION: 11.4.11 APP VERSION: 3.8.2 ** Please be patient while the chart is being deployed ** ZooKeeper can be accessed via port 2181 on the following DNS name from within your cluster: zookeeper.default.svc.cluster.local To connect to your ZooKeeper server run the following commands: export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=zookeeper,app.kubernetes.io/instance=zookeeper,app.kubernetes.io/component=zookeeper" -o jsonpath="{.items[0].metadata.name}" ) kubectl exec -it $POD_NAME -- zkCli.sh To connect to your ZooKeeper server from outside the cluster execute the following commands: kubectl port-forward --namespace default svc/zookeeper 2181:2181 & zkCli.sh 127.0.0.1:2181
查看zookeeper集群状态:
1 kubectl exec -it zookeeper-0 -- zkServer.sh status
安装dubbo-admin
参考:https://github.com/apache/dubbo-admin
Admin 控制台的最新稳定版本是0.5.0,貌似很久没更新了。 在kubernetes中安装,需要先调整一下dubbo-admin\kubernetes\dubbo-admin.yaml
里的配置:
1 2 3 4 5 6 7 8 ... data: application.properties: |- admin.root.user.name: root admin.root.user.password: root ... admin.check.signSecret: adkfkdkd13413 ...
注意:admin.check.signSecret默认是空,如果不填写,则无法登录。
部署:
1 kubectl apply -f dubbo-admin.yaml
端口转发:
1 kubectl port-forward -n default deployment/dubbo-admin 38080:8080
用浏览器访问:http://localhost:38080
将文件或者文件夹转换为ConfigMap https://blog.csdn.net/m0_51964671/article/details/135480707 https://blog.csdn.net/lewyu521/article/details/139546315
1 2 3 $ kubectl create configmap testfile --from-file pods/ $ kubectl get configmaps testfile -oyaml
注意:从文件创建configmap时,建议把Windows(CR LF)格式的配置文件转换为Unix(LF)格式,这样输出为yaml文件时,才不会出现CR LF的转义符。
利用echo进行base64编码和解码 1 2 3 echo -n "admin:admin" | base64 echo -n "YWRtaW46YWRtaW4=" | base64 -d
Argo CD 安装:
1 2 kubectl create namespace argocd kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
访问:
1 2 3 4 5 6 kubectl get secret argocd-initial-admin-secret -n argocd -oyaml echo -n "..." | base64 -dkubectl port-forward svc/argocd-server -n argocd 8443:443
argocd的UI上配置仓库连接时,采用https和账号、密码的方式比较简单
安装CLI(需先从github下载argocd-linux-amd64):
1 2 sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd rm argocd-linux-amd64
使用CLI:
1 2 3 4 argocd login https://localhost:8443 --username admin --password ... argocd cluster list
HPA(Horizontal Pod Autoscaler) 先调整deployment的配置,主要是将replicas设置为1,并增加资源的请求和限制:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 apiVersion: apps/v1 kind: Deployment metadata: name: your-deployment-name spec: replicas: 1 selector: matchLabels: app: your-deployment-name template: metadata: labels: app: your-deployment-name spec: terminationGracePeriodSeconds: 60 containers: - name: your-deployment-name image: youre-image-name:v1.0.0 imagePullPolicy: IfNotPresent resources: requests: memory: "2Gi" cpu: "0.5" limits: memory: "3Gi" cpu: "0.8"
之所以增加资源的requests和limits,是因为HPA的资源占用百分比计算,是以资源请求的值来计算的。如果不设置资源请求,则HPA就无法计算资源的占比,从而无法进行扩缩容。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: your-deployment-name spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: your-deployment-name minReplicas: 1 maxReplicas: 3 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 50 - type: Resource resource: name: memory target: type: Utilization averageUtilization: 100 behavior: scaleDown: stabilizationWindowSeconds: 300 policies: - type: Pods value: 1 periodSeconds: 15 scaleUp: stabilizationWindowSeconds: 300 policies: - type: Pods value: 1 periodSeconds: 15
查看HPA的状态:
1 2 kubectl get hpa kubectl describe hpa