k3s 部署
官方文档:https://docs.k3s.io/zh/quick-start
安装
安装 docker
# 添加docker官方yum源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 安装 docker
yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# 启动+自启动
systemctl enable --now docker
# 查看状态
systemctl status docker
# 验证安装
docker run hello-world
# Docker设置国内镜像加速
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": [
"https://docker.mirrors.ustc.edu.cn",
"http://hub-mirror.c.163.com"
],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
# 重启Docker组件
systemctl daemon-reload && systemctl restart docker
# 检查Docker组件状态
systemctl status docker
安装 k3s
# 安装
curl -sfL https://get.k3s.io | sh -s - --docker
#添加KUBECONFIG环境变量
vi ~/.bash_profile
# 添加内容
# export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
#生效
source ~/.bash_profile
安装 dashboard
# 下载yaml
wget -O k8s-dashboard-v2.7.0.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
# 修改yaml
vi k8s-dashboard-v2.7.0.yaml
# 在以下内容中增加一行 type: NodePort,结果如下:
# kind: Service
# apiVersion: v1
# metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard
# namespace: kubernetes-dashboard
# spec:
# type: NodePort # 增加NodePort
# ports:
# - port: 443
# targetPort: 8443
# nodePort: 30001 # 指定端口号
# selector:
# k8s-app: kubernetes-dashboard
# 部署 dashboard
kubectl apply -f k8s-dashboard-v2.7.0.yaml
# 查看 dashboard 访问端口,如以下结果中的 30001
kubectl -n kubernetes-dashboard get service kubernetes-dashboard
# NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
# kubernetes-dashboard NodePort 10.107.209.165 <none> 443:30001/TCP 110m
# 创建文件 k8s-dashboard-account.yaml
touch k8s-dashboard-account.yaml
vi k8s-dashboard-account.yaml
# 修改为后面 yaml 内容
# 创建账户和绑定角色
kubectl apply -f k8s-dashboard-account.yaml
# 查看登录 token
kubectl -n kubernetes-dashboard describe secret dashboard-admin
# 或直接提取 token
kubectl -n kubernetes-dashboard get secrets dashboard-admin -o go-template --template '{{index .data "token"}}' | base64 --decode
# 将输出的 token 复制到 https://192.168.3.80:30001 登录使用
# 修改 Dashboard token失效时间
# 登录dashboard,在Deployments 下找到 kubernetes-dashboard,编辑 Yaml
# 查找“--auto-generate-certificates”,定位到修改位置
# 增加参数 '--token-ttl=0' 表示永不过期,修改后如下:
# containers:
# - name: kubernetes-dashboard
# image: kubernetesui/dashboard:v2.7.0
# args:
# - '--auto-generate-certificates'
# - '--namespace=kubernetes-dashboard'
# - '--token-ttl=0'
k8s-dashboard-account.yaml内容:
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kubernetes-dashboard
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dashboard-admin-binding
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
name: dashboard-admin
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: "dashboard-admin"
type: kubernetes.io/service-account-token