事前須知Operating Systems 的額外需求網路的額外需求開始安裝!安裝 k3s 的腳本optional : install additional agent nodesrun k3s without sudo
事前須知
Two nodes cannot have the same hostname.
不然在通訊的時候會撞名字!相信你不會想要這種事發生…
Operating Systems 的額外需求
Some OSs have specific requirements:
- If you are using (Red Hat/CentOS) Enterprise Linux, follow these steps for additional setup.
- If you are using Raspberry Pi OS, follow these steps to switch to legacy iptables.
其他的應該就沒什麼好注意的了,直接下一步!
網路的額外需求
1. The K3s server needs port 6443 to be accessible by all nodes.
2. to utilize the metrics server, all nodes must be accessible to each other on port 10250.
3. If you plan on achieving high availability with embedded etcd, server nodes must be accessible to each other on ports 2379 and 2380.
Protocol | Port | Source | Destination | Description |
TCP | 2379-2380 | Servers | Servers | Required only for HA with embedded etcd |
TCP | 6443 | Agents | Servers | K3s supervisor and Kubernetes API Server |
UDP | 8472 | All nodes | All nodes | Required only for Flannel VXLAN |
TCP | 10250 | All nodes | All nodes | Kubelet metrics |
UDP | 51820 | All nodes | All nodes | Required only for Flannel Wireguard with IPv4 |
UDP | 51821 | All nodes | All nodes | Required only for Flannel Wireguard with IPv6 |
開始安裝!
安裝 k3s 的腳本
curl -sfL https://get.k3s.io | sh -
跑了之後,會:
- The K3s service will be configured to automatically restart after node reboots or if the process crashes or is killed
- Additional utilities will be installed, including
kubectl,crictl,ctr,k3s-killall.sh, andk3s-uninstall.sh
- A kubeconfig file will be written to
/etc/rancher/k3s/k3s.yamland the kubectl installed by K3s will automatically use it
optional : install additional agent nodes
curl -sfL https://get.k3s.io | K3S_URL={https://MASTER_IP:6443} K3S_TOKEN={mynodetoken} sh -
- Setting the
K3S_URLparameter causes the installer to configure K3s as an agent, instead of a server. The K3s agent will register with the K3s server listening at the supplied URL.
- The value to use for
K3S_TOKENis stored at/var/lib/rancher/k3s/server/node-tokenon your server node.
curl -sfL https://get.k3s.io/ | K3S_URL=https://140.119.163.226:6443 K3S_TOKEN=K10b5791241526faddfb44c0aa2e50894fbd7c82e385cce23ab85b46a4fd5ce6034::server:cab2f9f65b81ac75a36afff7083568dc sh -
run k3s without sudo
sudo chmod 644 /etc/rancher/k3s/k3s.yaml
Should you be doing this?
If you use the k3s setup for anything professional, such as an IOT solution, edge or anything else in an environment where you do not want unwanted access to this machine: keep using the
sudo command. With above steps you are removing a layer of security from your setup.
If you use the k3s environment for a quick test lab to prepare for certification, tests, playground etc. Then it is probably fine to use above commands. But please stay aware of the role and the use-case of the machine. If it leaves your supervision, wipe it and set it up again.