BlueXIII's Blog

热爱技术,持续学习

0%

K3S离线部署

Posted on Edited on

参考

k3s离线部署

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# 拷贝文件
sudo mkdir -p /var/lib/rancher/k3s/agent/images/
gunzip k3s-airgap-images-amd64.tar.gz
sudo cp ./k3s-airgap-images-amd64.tar /var/lib/rancher/k3s/agent/images/
sudo chmod +x k3s
sudo cp ./k3s /usr/local/bin/
chmod +x install.sh

# server端安装
INSTALL_K3S_SKIP_DOWNLOAD=true ./install.sh

# 查看安装状态
kubectl get pods --all-namespaces

# 查看token
cat /var/lib/rancher/k3s/server/token

# client端安装
INSTALL_K3S_SKIP_DOWNLOAD=true K3S_URL=https://10.193.36.61:6443 \
K3S_TOKEN=K1010e7f60c6242eaa23cdbfc4ac1da1476c281fb740e871e8639b049aad3a8aa8d::server:467f87f6a531a63cd8a9cb74c1caa890 \
./install.sh

# 配置local-storage路径
vi /etc/systemd/system/k3s.service
ExecStart=/usr/local/bin/k3s server --default-local-storage-path /dubhe
systemctl daemon-reload && systemctl restart k3s
cat /var/lib/rancher/k3s/server/manifests/local-storage.yaml # 验证

常用运维操作

启停

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 启停
systemctl restart k3s
systemctl restart k3s-agent

# 强杀
/usr/local/bin/k3s-killall.sh

# 卸载
/usr/local/bin/k3s-uninstall.sh
/usr/local/bin/k3s-agent-uninstall.sh

# 查看日志
journalctl -u k3s -f -n100
journalctl -u containerd

server节点访问

1
2
3
4
5
6
7
8
9
# 配置.profile
alias ctr="ctr --address /run/k3s/containerd/containerd.sock --namespace k8s.io"
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml

# 测试
kubectl get pods --all-namespaces
helm ls --all-namespaces
ctr c ls
crictl ps

本机访问

/etc/rancher/k3s/k3s.yaml复制到本机的 ~/.kube/config,并将server字段的值替换为Server的IP
接下来可使用kubectlk9s进行远程管理

管理工具安装

nerdctl离线安装

https://github.com/containerd/nerdctl

1
2
3
4
5
# 安装
tar -zxvf nerdctl-1.3.1-linux-amd64.tar.gz -C /usr/local/bin

# 配置alias
alias nerdctl="nerdctl --host=/run/k3s/containerd/containerd.sock --namespace k8s.io --insecure-registry"

k9s离线安装

https://i.cloudnative.to/toolkits/kubernetes/k9s
https://k9scli.io/topics/install/

1
2
tar -zxvf k9s_Linux_amd64.tar.gz
cp ./k9s /usr/local/bin/

helm离线安装

https://github.com/helm/helm/releases

1
2
tar -zxvf helm-v3.11.3-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/helm

宿主机联网

本机开启HTTP代理端口

方式有多种,可以:
1、使用ClashX在本机开启一个7890的Socks5端口
2、使用Privoxy将其转为HTTP端口8118

SSH反向代理

1
2
3
4
5
6
7
8
9
10
# 开启GatewayPorts(使局域网中其它机器也可访问代理端口)
vi /etc/ssh/sshd_config
GatewayPorts yes
systemctl restart sshd
# SSH接入其中一台服务器
ssh -R 7890:127.0.0.1:8118 root@10.193.35.11
# 环境变量(每台机器)
export https_proxy=http://10.193.35.11:7890 http_proxy=http://10.193.35.11:7890 all_proxy=http://10.193.35.11:7890
# 测试
curl cip.cc

配置k3s

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# 编辑
vi /etc/systemd/system/k3s.service.env  # server节点
vi /etc/systemd/system/k3s-agent.service.env  # agent节点

# 添加
HTTP_PROXY=http://10.193.35.11:7890
HTTPS_PROXY=http://10.193.35.11:7890
NO_PROXY=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16

# 重启
systemctl restart k3s  # server节点
systemctl restart k3s-agent  # agent节点

# 测试
ctr i pull docker.io/library/nginx:alpine
crictl pull nginx:alpine