K3S
协议 | 端口 | 源 | 目的 | 描述 |
---|---|---|---|---|
TCP | 6443 | K3s agent 节点 | K3s server 节点 | Kubernetes API Server |
UDP | 8472 | K3s server 和 agent 节点 | K3s server 和 agent 节点 | 仅对 Flannel VXLAN 需要 |
TCP | 10250 | K3s server 和 agent 节点 | K3s server 和 agent 节点 | Kubelet metrics |
✅ 成功:
如果以上前期条件均已满足。
即可以通过「离线 - 有代理」方式进行安装。
ℹ️ 信息:
OS 配置 Proxy 过程略
ftp_proxy="http://192.168.0.1:8080"
http_proxy="http://192.168.0.1:8080"
https_proxy="http://192.168.0.1:8080"
proxy 需要 allow 的 doamin 如下:
域名 | 用途 |
---|---|
http://mirror.cnrancher.com | Rancher 国内组件源 |
https://registry.cn-hangzhou.aliyuncs.com | Rancher 国内镜像源 |
https://dockerauth.cn-hangzhou.aliyuncs.com | Rancher 国内镜像源 |
http://mirrors.aliyun.com | YUM 源 |
https://mirrors.aliyun.com | YUM 源 |
https://rpm.rancher.com | Rancher 源 |
🧠 评论:
以上的 allowed domain 可能不全,需要进一步补充。
🧠 评论:
本次环境为:离线,有代理。
通过代理安装部署。
- 假设 K3s 所在主机 IP 地址为:192.168.0.101
- 假设需要安装在
/data
目录下
(可选)创建私有仓库配置:
# mkdir -p /data/rancher/k3s
# vi /data/rancher/k3s/registries.yaml
mirrors:
docker.io:
endpoint:
- "https://registry.cn-hangzhou.aliyuncs.com"
- "https://docker.mirrors.ustc.edu.cn"
安装 K3S:
# curl -sfL http://rancher-mirror.cnrancher.com/k3s/k3s-install.sh | INSTALL_K3S_SKIP_DOWNLOAD=false INSTALL_K3S_VERSION=v1.21.7+k3s1 K3S_KUBECONFIG_MODE="644" INSTALL_K3S_MIRROR=cn K3S_CLUSTER_INIT INSTALL_K3S_EXEC="--tls-san 192.168.0.101 --pause-image registry.cn-hangzhou.aliyuncs.com/rancher/pause:3.6 --private-registry '/data/rancher/k3s/registries.yaml' --data-dir /data/rancher/k3s --default-local-storage-path /data/rancher/k3s/storage --disable-cloud-controller" sh -s -
输出如下:
[INFO] Using v1.21.7+k3s1 as release
[INFO] Downloading hash http://rancher-mirror.cnrancher.com/k3s/v1.21.7-k3s1/sha256sum-amd64.txt
[INFO] Downloading binary http://rancher-mirror.cnrancher.com/k3s/v1.21.7-k3s1/k3s
[INFO] Verifying binary download
[INFO] Installing k3s to /usr/local/bin/k3s
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/2): epel/x86_64/updateinfo | 1.0 MB 00:00:00
(2/2): epel/x86_64/primary_db | 7.0 MB 00:00:02
Resolving Dependencies
--> Running transaction check
---> Package yum-utils.noarch 0:1.1.31-54.el7_8 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================
Installing:
yum-utils noarch 1.1.31-54.el7_8 base 122 k
Transaction Summary
=============================================================================================================================================================
Install 1 Package
Total download size: 122 k
Installed size: 337 k
Downloading packages:
yum-utils-1.1.31-54.el7_8.noarch.rpm | 122 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : yum-utils-1.1.31-54.el7_8.noarch 1/1
Verifying : yum-utils-1.1.31-54.el7_8.noarch 1/1
Installed:
yum-utils.noarch 0:1.1.31-54.el7_8
Complete!
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
rancher-k3s-common-stable | 2.9 kB 00:00:00
rancher-k3s-common-stable/primary_db | 2.8 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package k3s-selinux.noarch 0:0.5-1.el7 will be installed
--> Processing Dependency: container-selinux < 2:2.164.2 for package: k3s-selinux-0.5-1.el7.noarch
--> Processing Dependency: container-selinux >= 2.107-3 for package: k3s-selinux-0.5-1.el7.noarch
--> Running transaction check
---> Package container-selinux.noarch 2:2.119.2-1.911c772.el7_8 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================
Installing:
k3s-selinux noarch 0.5-1.el7 rancher-k3s-common-stable 15 k
Installing for dependencies:
container-selinux noarch 2:2.119.2-1.911c772.el7_8 extras 40 k
Transaction Summary
=============================================================================================================================================================
Install 1 Package (+1 Dependent package)
Total download size: 55 k
Installed size: 124 k
Downloading packages:
(1/2): container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm | 40 kB 00:00:00
warning: /var/cache/yum/x86_64/$releasever/rancher-k3s-common-stable/packages/k3s-selinux-0.5-1.el7.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID e257814a: NOKEY
Public key for k3s-selinux-0.5-1.el7.noarch.rpm is not installed
(2/2): k3s-selinux-0.5-1.el7.noarch.rpm | 15 kB 00:00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 49 kB/s | 55 kB 00:00:01
Retrieving key from https://rpm.rancher.io/public.key
Importing GPG key 0xE257814A:
Userid : "Rancher (CI) <ci@rancher.com>"
Fingerprint: c8cf f216 4551 26e9 b9c9 18be 925e a29a e257 814a
From : https://rpm.rancher.io/public.key
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 2:container-selinux-2.119.2-1.911c772.el7_8.noarch 1/2
Installing : k3s-selinux-0.5-1.el7.noarch 2/2
Verifying : k3s-selinux-0.5-1.el7.noarch 1/2
Verifying : 2:container-selinux-2.119.2-1.911c772.el7_8.noarch 2/2
Installed:
k3s-selinux.noarch 0:0.5-1.el7
Dependency Installed:
container-selinux.noarch 2:2.119.2-1.911c772.el7_8
Complete!
[INFO] Creating /usr/local/bin/kubectl symlink to k3s
[INFO] Creating /usr/local/bin/crictl symlink to k3s
[INFO] Creating /usr/local/bin/ctr symlink to k3s
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s.service
[INFO] systemd: Enabling k3s unit
[INFO] systemd: Starting k3s
运行完成后,使用以下命令查看 K3S 运行状态:
# systemctl status k3s.service
● k3s.service - Lightweight Kubernetes
Loaded: loaded (/etc/systemd/system/k3s.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2022-01-29 17:05:45 CST; 18s ago
Docs: https://k3s.io
Process: 19436 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Process: 19433 ExecStartPre=/sbin/modprobe br_netfilter (code=exited, status=0/SUCCESS)
Main PID: 19442 (k3s-server)
Tasks: 119
Memory: 586.7M
CGroup: /system.slice/k3s.service
├─19442 /usr/local/bin/k3s server
└─19557 containerd
Jan 29 17:06:03 example01 k3s[19442]: I0129 17:06:03.138349 19442 iptables.go:228] Adding iptables rule: -s 10.42.0.0/16 -d 10.42.0.0/16 -j RETURN
Jan 29 17:06:03 example01 k3s[19442]: I0129 17:06:03.140940 19442 iptables.go:228] Adding iptables rule: -d 10.42.0.0/16 -j ACCEPT
Jan 29 17:06:03 example01 k3s[19442]: I0129 17:06:03.142355 19442 iptables.go:228] Adding iptables rule: -s 10.42.0.0/16 ! -d 224.0.0.0...ASQUERADE
Jan 29 17:06:03 example01 k3s[19442]: I0129 17:06:03.145752 19442 iptables.go:228] Adding iptables rule: ! -s 10.42.0.0/16 -d 10.42.0.0...-j RETURN
Jan 29 17:06:03 example01 k3s[19442]: I0129 17:06:03.148358 19442 iptables.go:228] Adding iptables rule: ! -s 10.42.0.0/16 -d 10.42.0.0...ASQUERADE
Jan 29 17:06:03 example01 k3s[19442]: W0129 17:06:03.297662 19442 handler_proxy.go:101] no RequestInfo found in the context
Jan 29 17:06:03 example01 k3s[19442]: E0129 17:06:03.297804 19442 controller.go:116] loading OpenAPI spec for "v1beta1.metrics.k8s.io" ...available
Jan 29 17:06:03 example01 k3s[19442]: , Header: map[Content-Type:[text/plain; charset=utf-8] X-Content-Type-Options:[nosniff]]
Jan 29 17:06:03 example01 k3s[19442]: I0129 17:06:03.297827 19442 controller.go:129] OpenAPI AggregationController: action for item v1b... Requeue.
Jan 29 17:06:03 example01 k3s[19442]: I0129 17:06:03.551453 19442 request.go:668] Waited for 1.08111535s due to client-side throttling,...unt/token
Hint: Some lines were ellipsized, use -l to show in full.
使用如下命令查看 k3s 节点:
# k3s kubectl get node
NAME STATUS ROLES AGE VERSION
example01 Ready control-plane,master 3m37s v1.21.7+k3s1
ℹ️ 信息:
调整 K3S 安装目录后,k3s token 位置在:
/data/rancher/k3s/server/token
至此,K3s 在离线-有代理条件下安装完成。🎉🎉🎉
192.168.0.101
/etc/rancher/k3s/k3s.yaml
/data/rancher/k3s
/data/rancher/k3s/storage