K3s教程#
技术介绍#
K3s是一个轻量级的Kubernetes发行版,专为边缘计算、IoT设备和资源受限环境设计。它由Rancher Labs开发,提供了Kubernetes的核心功能,同时大幅减少了资源需求。K3s的二进制文件小于50MB,只需512MB内存即可运行,是构建轻量级Kubernetes集群的理想选择。
K3s核心概念#
- Server节点:运行Kubernetes控制平面的节点
- Agent节点:运行工作负载的节点
- SQLite:默认的轻量级数据库,也支持外部数据库如MySQL、PostgreSQL
- 嵌入式容器运行时:使用containerd作为默认容器运行时
- Service Load Balancer:内置的服务负载均衡器
- Ingress Controller:内置的Ingress控制器
K3s架构#
- K3s Server:包含API服务器、调度器、控制器管理器等控制平面组件
- K3s Agent:包含kubelet和容器运行时,负责运行Pod
- 嵌入式数据库:默认使用SQLite,也支持外部数据库
- 内置组件:CoreDNS、Metrics Server、Traefik Ingress Controller
入门级使用#
安装K3s#
在不同操作系统上安装K3s:
# 安装K3s Server
curl -sfL https://get.k3s.io | sh -
# 安装K3s Agent并加入集群
# 获取节点令牌
NODE_TOKEN=$(cat /var/lib/rancher/k3s/server/node-token)
# 在Agent节点上安装
curl -sfL https://get.k3s.io | K3S_URL=https://server-ip:6443 K3S_TOKEN=${NODE_TOKEN} sh -
# 验证安装
kubectl get nodes
# 检查K3s状态
systemctl status k3s基本K3s命令#
使用K3s的基本命令:
# 查看集群状态
kubectl cluster-info
# 查看节点
kubectl get nodes
# 查看Pod
kubectl get pods --all-namespaces
# 查看服务
kubectl get services --all-namespaces
# 查看部署
kubectl get deployments --all-namespaces
# 重启K3s服务
systemctl restart k3s
# 停止K3s服务
systemctl stop k3s部署第一个应用#
部署一个简单的应用到K3s:
# 部署nginx
kubectl create deployment nginx --image=nginx
# 暴露服务
kubectl expose deployment nginx --type=NodePort --port=80
# 查看服务
kubectl get services
# 访问应用
curl http://$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}'):$(kubectl get service nginx -o jsonpath='{.spec.ports[0].nodePort}')初级使用#
K3s配置#
配置K3s:
# 修改K3s Server配置
# 编辑配置文件
vi /etc/rancher/k3s/config.yaml
# 示例配置
write-kubeconfig-mode: "0644"
cluster-cidr: "10.42.0.0/16"
service-cidr: "10.43.0.0/16"
cluster-dns: "10.43.0.10"
disable: traefik
# 重启K3s服务
systemctl restart k3s
# 查看K3s配置
kubectl config viewK3s存储配置#
配置K3s存储:
# 安装Longhorn
kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.4.2/deploy/longhorn.yaml
# 查看Longhorn Pod
kubectl get pods -n longhorn-system
# 创建存储类
kubectl apply -f storage-class.yaml
# storage-class.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: longhorn
provisioner: driver.longhorn.io
parameters:
numberOfReplicas: "3"
staleReplicaTimeout: "2880"
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
# 创建PVC
kubectl apply -f pvc.yaml
# pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 1GiK3s网络配置#
配置K3s网络:
# 查看网络插件
kubectl get pods -n kube-system | grep flannel
# 配置Flannel
# 修改K3s Server配置
vi /etc/rancher/k3s/config.yaml
# 添加Flannel配置
flannel-backend: "vxlan"
flannel-external-ip: "true"
# 重启K3s服务
systemctl restart k3s
# 查看网络配置
kubectl get nodes -o yaml | grep -A 10 podCIDR中级使用#
K3s高可用性#
配置K3s高可用性:
# 使用外部数据库(MySQL)
# 安装MySQL
apt install mysql-server
# 创建数据库和用户
mysql -u root -p
CREATE DATABASE k3s DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'k3s'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON k3s.* TO 'k3s'@'%';
FLUSH PRIVILEGES;
# 安装第一个Server节点
curl -sfL https://get.k3s.io | sh -s - server --datastore-endpoint="mysql://k3s:password@tcp(192.168.1.100:3306)/k3s"
# 安装第二个Server节点
curl -sfL https://get.k3s.io | sh -s - server --datastore-endpoint="mysql://k3s:password@tcp(192.168.1.100:3306)/k3s"
# 查看Server节点
kubectl get nodesK3s应用部署#
部署应用到K3s:
# 部署WordPress
kubectl apply -f wordpress.yaml
# wordpress.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysql-pass
type: Opaque
data:
password: d29yZHByZXNz
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pv-claim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wordpress-pv-claim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress
labels:
app: wordpress
spec:
selector:
matchLabels:
app: wordpress
tier: frontend
strategy:
type: Recreate
template:
metadata:
labels:
app: wordpress
tier: frontend
spec:
containers:
- image: wordpress:4.8-apache
name: wordpress
env:
- name: WORDPRESS_DB_HOST
value: wordpress-mysql
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: password
ports:
- containerPort: 80
name: wordpress
volumeMounts:
- name: wordpress-persistent-storage
mountPath: /var/www/html
volumes:
- name: wordpress-persistent-storage
persistentVolumeClaim:
claimName: wordpress-pv-claim
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress-mysql
labels:
app: wordpress
spec:
selector:
matchLabels:
app: wordpress
tier: mysql
strategy:
type: Recreate
template:
metadata:
labels:
app: wordpress
tier: mysql
spec:
containers:
- image: mysql:5.6
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: password
- name: MYSQL_DATABASE
value: wordpress
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: mysql-pv-claim
---
apiVersion: v1
kind: Service
metadata:
name: wordpress-mysql
labels:
app: wordpress
spec:
ports:
- port: 3306
selector:
app: wordpress
tier: mysql
clusterIP: None
---
apiVersion: v1
kind: Service
metadata:
name: wordpress
labels:
app: wordpress
spec:
ports:
- port: 80
selector:
app: wordpress
tier: frontend
type: LoadBalancer
# 查看部署状态
kubectl get allK3s监控#
配置K3s监控:
# 安装Prometheus和Grafana
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/setup/prometheus-operator-0servicemonitorCustomResourceDefinition.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/setup/prometheus-operator-0probesCustomResourceDefinition.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/setup/prometheus-operator-0prometheusRuleCustomResourceDefinition.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml
# 安装Prometheus和Grafana
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-operator-deployment.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-deployment.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-deployment.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/alertmanager-deployment.yaml
# 查看监控组件
kubectl get pods -n monitoring
# 访问Grafana
kubectl port-forward deployment/grafana 3000:3000 -n monitoring中上级使用#
K3s与GitOps#
使用K3s实现GitOps:
# 安装Flux CD
curl -s https://fluxcd.io/install.sh | bash
# 初始化Flux
flux bootstrap github \
--owner=my-github-username \
--repository=my-repo \
--branch=main \
--path=./clusters/my-cluster \
--personal
# 创建应用配置
mkdir -p ./clusters/my-cluster/apps
# 部署应用
flux create source git my-app \
--url=https://github.com/my-github-username/my-app \
--branch=main \
--interval=1m
flux create kustomization my-app \
--source=my-app \
--path=./kustomize \
--prune=true \
--interval=5m \
--validation=client
# 查看Flux状态
flux get allK3s边缘计算#
使用K3s进行边缘计算:
# 安装K3s Agent到边缘设备
curl -sfL https://get.k3s.io | K3S_URL=https://server-ip:6443 K3S_TOKEN=${NODE_TOKEN} sh -
# 配置边缘设备资源限制
vi /etc/rancher/k3s/config.yaml
# 添加资源限制
node-label: "edge=true,role=worker"
node-taint: "edge=true:NoSchedule"
# 重启K3s Agent
systemctl restart k3s-agent
# 部署边缘应用
kubectl apply -f edge-app.yaml
# edge-app.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: edge-app
labels:
app: edge-app
spec:
selector:
matchLabels:
app: edge-app
template:
metadata:
labels:
app: edge-app
spec:
nodeSelector:
edge: "true"
containers:
- name: edge-app
image: my-edge-app:latest
resources:
limits:
cpu: "1"
memory: "512Mi"
requests:
cpu: "500m"
memory: "256Mi"K3s安全加固#
加固K3s安全:
# 配置TLS
# 生成自签名证书
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
# 配置K3s使用自定义证书
vi /etc/rancher/k3s/config.yaml
# 添加证书配置
tls-san:
- "k3s-server"
- "k3s-server.example.com"
# 配置RBAC
kubectl apply -f rbac.yaml
# rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: developer
rules:
- apiGroups: [""]
resources: ["pods", "services"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: developer-binding
subjects:
- kind: User
name: developer
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: developer
apiGroup: rbac.authorization.k8s.io
# 配置网络策略
kubectl apply -f network-policy.yaml
# network-policy.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny
namespace: default
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress高级使用#
K3s多集群管理#
管理多个K3s集群:
# 安装Rancher
kubectl apply -f https://raw.githubusercontent.com/rancher/rancher/v2.7.0/packaged/rancher.yaml
# 查看Rancher部署状态
kubectl get pods -n cattle-system
# 访问Rancher
kubectl port-forward deployment/rancher 8080:80 -n cattle-system
# 添加K3s集群到Rancher
# 在Rancher UI中添加集群,选择"Import Existing Cluster"
# 查看集群状态
kubectl get clusters -n cattle-systemK3s与IoT集成#
将K3s与IoT设备集成:
# 安装MQTT服务器
kubectl apply -f mqtt.yaml
# mqtt.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: mosquitto
labels:
app: mosquitto
spec:
selector:
matchLabels:
app: mosquitto
template:
metadata:
labels:
app: mosquitto
spec:
containers:
- name: mosquitto
image: eclipse-mosquitto:latest
ports:
- containerPort: 1883
- containerPort: 9001
volumeMounts:
- name: mosquitto-config
mountPath: /mosquitto/config
- name: mosquitto-data
mountPath: /mosquitto/data
volumes:
- name: mosquitto-config
configMap:
name: mosquitto-config
- name: mosquitto-data
emptyDir: {}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mosquitto-config
data:
mosquitto.conf: |
listener 1883
listener 9001
protocol websockets
---
apiVersion: v1
kind: Service
metadata:
name: mosquitto
spec:
ports:
- port: 1883
name: mqtt
- port: 9001
name: websockets
selector:
app: mosquitto
type: LoadBalancer
# 部署IoT数据处理应用
kubectl apply -f iot-processing.yaml
# iot-processing.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: iot-processing
labels:
app: iot-processing
spec:
selector:
matchLabels:
app: iot-processing
template:
metadata:
labels:
app: iot-processing
spec:
containers:
- name: iot-processing
image: my-iot-processing:latest
env:
- name: MQTT_BROKER
value: mosquitto:1883
- name: MQTT_TOPIC
value: iot/dataK3s性能优化#
优化K3s性能:
# 修改K3s Server配置
vi /etc/rancher/k3s/config.yaml
# 添加性能优化配置
# 减少日志级别
log-level: info
# 配置API服务器参数
kube-apiserver-arg:
- "max-requests-inflight=400"
- "max-mutating-requests-inflight=200"
# 配置控制器管理器参数
kube-controller-manager-arg:
- "concurrent-deployment-syncs=10"
- "concurrent-replicaset-syncs=10"
# 配置调度器参数
kube-scheduler-arg:
- "kube-api-qps=100"
- "kube-api-burst=200"
# 配置kubelet参数
kubelet-arg:
- "kube-api-qps=100"
- "kube-api-burst=200"
- "max-pods=110"
# 重启K3s服务
systemctl restart k3s
# 查看节点状态
kubectl get nodes大师级使用#
K3s混合云部署#
部署K3s混合云环境:
# 在本地环境安装K3s Server
curl -sfL https://get.k3s.io | sh -
# 在云环境安装K3s Agent
# 确保云环境与本地环境网络连通
curl -sfL https://get.k3s.io | K3S_URL=https://local-server-ip:6443 K3S_TOKEN=${NODE_TOKEN} sh -
# 部署混合云应用
kubectl apply -f hybrid-cloud-app.yaml
# hybrid-cloud-app.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: hybrid-cloud-app
labels:
app: hybrid-cloud-app
spec:
selector:
matchLabels:
app: hybrid-cloud-app
template:
metadata:
labels:
app: hybrid-cloud-app
spec:
containers:
- name: hybrid-cloud-app
image: my-hybrid-cloud-app:latest
env:
- name: CLOUD_ENV
value: "hybrid"
nodeSelector:
cloud: "true"K3s边缘AI#
部署边缘AI应用到K3s:
# 安装K3s到边缘设备
curl -sfL https://get.k3s.io | K3S_URL=https://server-ip:6443 K3S_TOKEN=${NODE_TOKEN} sh -
# 部署边缘AI应用
kubectl apply -f edge-ai.yaml
# edge-ai.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: edge-ai
labels:
app: edge-ai
spec:
selector:
matchLabels:
app: edge-ai
template:
metadata:
labels:
app: edge-ai
spec:
containers:
- name: edge-ai
image: my-edge-ai:latest
resources:
limits:
cpu: "4"
memory: "8Gi"
requests:
cpu: "2"
memory: "4Gi"
nodeSelector:
edge: "true"
gpu: "true"K3s灾难恢复#
配置K3s灾难恢复:
# 备份K3s数据
cp -r /var/lib/rancher/k3s /backup/k3s-$(date +%Y%m%d)
# 备份Kubernetes配置
kubectl config view --raw > /backup/kubeconfig-$(date +%Y%m%d)
# 备份etcd(如果使用外部etcd)
etcdctl snapshot save /backup/etcd-snapshot-$(date +%Y%m%d).db
# 恢复K3s数据
# 停止K3s服务
systemctl stop k3s
# 恢复数据
rm -rf /var/lib/rancher/k3s
cp -r /backup/k3s-20230101 /var/lib/rancher/k3s
# 重启K3s服务
systemctl start k3s
# 验证恢复
kubectl get nodes实战案例#
案例一:边缘计算部署#
场景:在边缘设备上部署K3s集群,运行IoT应用。
解决方案:使用K3s轻量级特性,在资源受限的边缘设备上部署集群。
实施步骤:
准备边缘设备:
- 设备:Raspberry Pi 4 (4GB RAM)
- 操作系统:Ubuntu Server 20.04 LTS
安装K3s Server:
curl -sfL https://get.k3s.io | sh -部署IoT应用:
kubectl apply -f iot-app.yaml配置监控:
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetesControlPlane-prometheusRule.yaml
结果:
- 成功在边缘设备上部署了K3s集群
- 运行了IoT应用,实现了数据采集和处理
- 配置了监控系统,实时监控设备状态
案例二:多集群管理#
场景:管理多个K3s集群,分布在不同地理位置。
解决方案:使用Rancher管理多个K3s集群。
实施步骤:
部署Rancher:
kubectl apply -f https://raw.githubusercontent.com/rancher/rancher/v2.7.0/packaged/rancher.yaml添加K3s集群:
- 在Rancher UI中添加多个K3s集群
部署全局应用:
# 在Rancher UI中部署应用到多个集群
结果:
- 成功管理了多个K3s集群
- 实现了集群的集中监控和管理
- 简化了多集群应用部署流程
案例三:边缘AI推理#
场景:在边缘设备上部署AI推理服务,实现实时图像处理。
解决方案:使用K3s部署边缘AI应用,利用GPU加速。
实施步骤:
准备边缘设备:
- 设备:NVIDIA Jetson Xavier NX
- 操作系统:JetPack 4.6
安装K3s Agent:
curl -sfL https://get.k3s.io | K3S_URL=https://server-ip:6443 K3S_TOKEN=${NODE_TOKEN} sh -部署AI推理服务:
kubectl apply -f edge-ai-inference.yaml
结果:
- 成功在边缘设备上部署了AI推理服务
- 实现了实时图像处理,延迟低于100ms
- 利用了GPU加速,提高了处理性能
总结#
K3s是一种轻量级的Kubernetes发行版,通过本教程的学习,您已经掌握了从入门到大师级的K3s使用技术。
主要技术回顾#
- 基础操作:K3s的基本安装和配置
- 集群管理:创建和管理K3s集群
- 应用部署:部署应用到K3s集群
- 高级功能:高可用性、监控、安全加固
- 企业级应用:多集群管理、边缘计算、混合云部署
最佳实践#
- 资源规划:根据边缘设备的资源情况,合理规划K3s集群规模
- 网络配置:确保集群网络连通性,特别是在边缘环境中
- 存储选择:选择合适的存储方案,如Longhorn或本地存储
- 安全加固:配置RBAC、网络策略和TLS,提高集群安全性
- 监控系统:部署Prometheus和Grafana,实时监控集群状态
- 备份策略:定期备份K3s数据,确保灾难恢复能力
- 自动扩缩容:根据应用负载,配置自动扩缩容策略
- CI/CD集成:与GitOps工具集成,实现自动化部署
注意事项#
- 版本兼容性:确保使用兼容的K3s版本
- 资源限制:为应用设置合理的资源限制,避免资源争用
- 网络延迟:在边缘环境中,考虑网络延迟对应用的影响
- 存储性能:选择性能合适的存储方案,特别是对于数据库应用
- 安全审计:定期进行安全审计,发现和修复安全问题
- 升级策略:制定合理的K3s升级策略,避免升级过程中的服务中断
- 文档化:为集群配置和部署过程创建详细文档,便于维护和故障排查
通过合理学习和使用K3s,您可以构建轻量级、高效的Kubernetes集群,为边缘计算、IoT设备和资源受限环境提供可靠的容器编排解决方案。K3s的轻量级特性使其成为边缘计算的理想选择,同时保留了Kubernetes的核心功能,为您的应用提供企业级的可靠性和可扩展性。