Category: K8S

K8S

Traefik Controller

Post author By Robin
Post date November 16, 2024

K3S 默认安装 Traefik 作为ingress 控制器

默认没有开启dashboard 且占用了各个node的80 和 443 端口

traefix配置在kube-system 命名空间内

一个例子暴露8081 的nexus-service

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: nexus-ingress
  namespace: nexus
spec:
  entryPoints:
  - web
  routes:
  - match: Host(`nexus.local`) # 域名
    kind: Rule
    services:
      - name: nexus-service  
        port: 8081

Tags ingress, K3S, traefik

K8S

APISIX

Post author By Robin
Post date October 30, 2024

apisix 作为流量网关

其本身数据通讯以来etcd

页面配置以来apisix-dashboard

以后是三个docker镜像的启动配置

containerd 脚本

apisix

#!/bin/sh
ctr run --detach --net-host --mount type=bind,src=/home/pi/apisix/apisix/config/conf.yaml,dst=/usr/local/apisix/conf/config.yaml,options=rbind:rw 192.168.0.30:30003/apache/apisix:latest apisix

dashboard

#!/bin/sh
ctr run -d --net-host --env DASHBOARD_LISTEN_IP=0.0.0.0 --env DASHBOARD_LISTEN_PORT=9000 --mount type=bind,src=/home/pi/apisix/apisix-dashboard/config/conf.yaml,dst=/usr/local/apisix-dashboard/conf/conf.yaml,options=rbind:rw 192.168.0.30:30003/apache/apisix-dashboard:latest apisix-dashboard

etcd

#!/bin/sh
ctr run --detach --net-host --env ALLOW_NONE_AUTHENTICATION=yes --env ETCD_ADVERTISE_CLIENT_URLS=http://0.0.0.0:2379 --env ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379 192.168.0.30:30003/bitnami/etcd:latest my-etcd

apisix 和 dashboard都指定了配置文件（十分重要对接promethus + grafana 也是在这里暴露一个metric作为endpoint）

在promethus.yml添加一个job

scrape_configs:
- job_name: 'apisix'
  static_configs:
    - targets: ['apisix:9091/metric'] 更改为指定apisix 的endpoint

Tags apisix, gateway

K8S

K3S PVC local drive SD卡扩容

Post author By Robin
Post date October 28, 2024

默认node 实体机器 PVC文件夹

/var/lib/kubelet/pods/<pod-uid>/volumes/kubernetes.io~csi/<pvc-name>/mount

可以通过 yaml 改变路径

apiVersion: v1
kind: PersistentVolume
metadata:
  name: example-pv
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage
  local:
    path: /mnt/data
  nodeAffinity:
    required:
      nodeSelectorTerms:
        - matchExpressions:
            - key: kubernetes.io/hostname
              operator: In
              values:
                - your-node-name

通过 spec.local.path 设置指定路径

Tags local-drive, PVC

K8S

K3s 初始化

Post author By Robin
Post date October 26, 2024

curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=https://myserver:6443 K3S_TOKEN=mynodetoken sh

或者用我的脚本install-agent 来安装

http://gitea.robinluo.top/robin/robin-k8s-yaml-script/src/branch/master/192.168.0.34

Tags K3S

K8S

安装Nexus3 后部署docker仓库

Post author By Robin
Post date October 9, 2024

导航到“仓库”部分。
点击“创建仓库”按钮，选择“docker (proxy)”或“docker (hosted)”类型。
根据你选择的类型配置仓库。
选择“docker (hosted)”，则可以管理本地Docker镜像。

具体配置页面截图

开启http服务多开通8082 作为docker 仓库服务端口(only http) 内置的https 会有证书问题

nexus 添加 docker 账号密码校验 Realms （可以允许docker login）

Tags nexus

K8S

K3S 安装 nexus3

Post author By Robin
Post date October 9, 2024

amd64 拉取 sonatype/nexus

arm64 拉取 klo2k/nexus3

镜像默认开放8081 挂载目录/nexus-data

默认 admin密码在容器内部 cat nexus-data/admin.password

Tags K3S, K8S, nexus

K8S

K3S 常用命令

Post author By Robin
Post date October 5, 2024

K3S token

NAME:
   k3s token - Manage bootstrap tokens

USAGE:
   k3s token command [command options] [arguments...]

COMMANDS:
   create    Create bootstrap tokens on the server
   delete    Delete bootstrap tokens on the server
   generate  Generate and print a bootstrap token, but do not create it on the server
   list      List bootstrap tokens on the server

OPTIONS:
   --help, -h  show help

Tags K3S, K8S

docker K8S

K3S kubectl 常用命令

Post author By Robin
Post date October 5, 2024

查看log    sudo k3s kubectl logs -f -n kubernetes-dashboard kubernetes-dashboard-758765f476-x8rc7

应用 yaml  sudo k3s kubectl apply -f XXX.yaml

查看所有资源 sudo k3s kubectl get all --all-name-spaces

删除命名空间 sudo k3s kubectl delete ns  XXXXX

进入容器命令行 sudo k3s kubectl exec -it nexus-deployment-87b59d446-ht7p4 -n nexus - /bin/bash

创建命名空间 sudo k3s kubectl create namespace logging

Tags K3S, K8S, kubectl

docker K8S

K3S containerd mirror 设置与常用命令

Post author By Robin
Post date October 5, 2024

列出镜像 sudo k3s ctr i list

删除本地镜像 sudo k3s ctr i rm registry.cn-hangzhou.aliyuncs.com/robinluo/robinluo:v2.0.4

拉取镜像 sudo k3s ctr i pull registry.cn-hangzhou.aliyuncs.com/robinluo/robinluo:v2.0.4 –plain-http

–plain-http 可指定使用 http拉取镜像

ctr -n k8s.io images pull –platform linux/amd64 my-image:my-tag

镜像打tag sudo k3s ctr i tag registry.cn-hangzhou.aliyuncs.com/robinluo/robinluo:v2.0.4 new tag

导入docker 导出的镜像 ctr i import image.tar

设置mirror

/etc/rancher/k3s/registries.yaml

mirrors:
  "docker.io":
    endpoint:
      - "https://registry.cn-hangzhou.aliyuncs.com"

mirrors:
  "my-registry.com":
    endpoint:
      - "https://my-registry.com"
configs:
  "my-registry.com":
    auth:
      username: user
      password: password

另一种设置containerd mirror方法

K3s 将会在/var/lib/rancher/k3s/agent/etc/containerd/config.toml中为 containerd 生成 config.toml。[ 建议不要直接对 containerd 的配置文件进行修改，格式十分的严格 ]

如果要对这个文件进行高级设置，你可以在同一目录中创建另一个名为 config.toml.tmpl 的文件，此文件将会代替默认设置。

config.toml.tmpl将被视为 Go 模板文件，并且config.Node结构被传递给模板。此模板示例介绍了如何使用结构来自定义配置文件

   [plugins."io.containerd.grpc.v1.cri".registry]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
          [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://------.mirror.aliyuncs.com", "https://registry-1.docker.io"]

补充ctr 命令分为 i image 镜像 c container 容器 t task 任务（进程）

我们可以分别用 task 命令和 container 命令取停止和启动一个容器实例

Tags containerd, docker, K3S, K8S