K3S 使用介绍

发表于 上层目录 阅读次数:

K3S 是 Kubernetes(K8S)的简化部署版本,日常使用几乎一模一样,差别主要在 安装、资源占用、默认组件 。适合

  • 小服务器(2C2G)
  • 边缘计算
  • 开发 / 测试
  • 单节点集群
  • homelab

K3S 安装部署

安装部署非常简单

# curl -sfL https://get.k3s.io | sh -s
[INFO]  Finding release for channel stable
[INFO]  Using v1.34.5+k3s1 as release
[INFO]  Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.34.5%2Bk3s1/sha256sum-amd64.txt
[INFO]  Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.34.5%2Bk3s1/k3s
[INFO]  Verifying binary download
[INFO]  Installing k3s to /usr/local/bin/k3s
[INFO]  Skipping installation of SELinux RPM
[INFO]  Creating /usr/local/bin/kubectl symlink to k3s
[INFO]  Skipping /usr/local/bin/crictl symlink to k3s, command exists in PATH at /usr/bin/crictl
[INFO]  Skipping /usr/local/bin/ctr symlink to k3s, command exists in PATH at /usr/bin/ctr
[INFO]  Creating killall script /usr/local/bin/k3s-killall.sh
[INFO]  Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO]  env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO]  systemd: Creating service file /etc/systemd/system/k3s.service
[INFO]  systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO]  systemd: Starting k3s
  • 网络插件(CNI)默认用 Flannel
  • Ingress Controller 默认用 Traefik
  • 存储默认用 local-path

安装之后会启动 k3s (systemd service) ,查看服务状态

systemctl status k3s

K3s 自带的 kubeconfig 一般在 export KUBECONFIG=/etc/kubernetes/admin.conf ,要注意此变量值,否则 kubectl 可能连接到错误的集群或无法连接

# kubectl get nodes
E0325 15:37:50.808781 3442105 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: the server could not find the requested resource"
E0325 15:37:50.814831 3442105 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: the server could not find the requested resource"

K3S 依赖宿主机的 /etc/resolv.conf ,如果其中配置了 nameserver 127.0.0.53 会导致容器无法解析外部域名而不可用,需要修改为容器可以访问的 DNS 地址,如 8.8.8.8

nftables 防火墙示例规则参考:

table inet filter {
	chain input {
		type filter hook input priority filter + 10; policy drop;
		ct state established,related counter packets 2702 bytes 272968 accept
		iifname "lo" counter packets 12 bytes 876 accept
		icmp type echo-request counter packets 3 bytes 204 accept
		icmp type echo-reply counter packets 0 bytes 0 accept
		
		tcp dport 22 counter packets 0 bytes 0 accept comment "for sshd"
		ip saddr 10.0.0.0/8 accept comment "for k3s"
		udp dport 8472 accept comment "for k3s"
		tcp dport 10250 accept comment "for k3s"
		tcp dport { 80, 443 } counter packets 0 bytes 0 accept comment "for k3s"
		counter packets 595 bytes 36023 drop
	}

	chain forward {
		type filter hook forward priority filter; policy accept;
	}

	chain output {
		type filter hook output priority filter; policy accept;
	}

	chain DOCKER {
	}
}