hiifong

Rock 5B 部署k3s集群

hiifong 收录于 K8s Kubernetes K3s
  约 900 字 预计阅读 2 分钟  - 次阅读   - 条评论  
注意
本文最后更新于 2025-06-30,文中内容可能已过时。

k3s 集群安装

安装server节点

1
2
3
4
5
6
7

curl -sfL https://get.k3s.io | sh -s - server \
--cluster-init \
--disable=traefik

root@rock5b-1:~# kubectl get no
NAME       STATUS   ROLES                       AGE     VERSION
rock5b-1   Ready    control-plane,etcd,master   8m22s   v1.31.6+k3s1

img

安装agent节点

获取token

1
2

root@rock5b-1:~# cat /var/lib/rancher/k3s/server/node-token
K10aa6b3d75e6848ee1d29c104436dbf35be2dc8b07fea4ec858a29c8fc02129a9d::server:ebf3c9f070227a0da53687737f628846

在rock5b-2,rock5b-3下执行下面的安装agent节点命令

1

curl -sfL https://get.k3s.io | K3S_TOKEN=K10aa6b3d75e6848ee1d29c104436dbf35be2dc8b07fea4ec858a29c8fc02129a9d::server:ebf3c9f070227a0da53687737f628846 sh -s - agent --server https://192.168.5.104:6443

配置命令行补全

1
2
3
4
5

source /usr/share/bash-completion/bash_completion

echo 'source <(kubectl completion bash)' >>~/.bashrc

source .bashrc

helm 安装

1
2
3
4
5
6

curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

Downloading https://get.helm.sh/helm-v3.17.2-linux-arm64.tar.gz
Verifying checksum... Done.
Preparing to install helm into /usr/local/bin
helm installed into /usr/local/bin/helm

helm 命令补全

1
2

helm completion bash > /etc/bash_completion.d/helm
source .bashrc

Ingress-Nginx 安装

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

helm upgrade --install ingress-nginx ingress-nginx \
  --repo https://kubernetes.github.io/ingress-nginx \
  --namespace ingress-nginx --create-namespace

Release "ingress-nginx" does not exist. Installing it now.
NAME: ingress-nginx
LAST DEPLOYED: Sat Mar 22 22:04:56 2025
NAMESPACE: ingress-nginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the load balancer IP to be available.
You can watch the status by running 'kubectl get service --namespace ingress-nginx ingress-nginx-controller --output wide --watch'

An example Ingress that makes use of the controller:
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: example
    namespace: foo
  spec:
    ingressClassName: nginx
    rules:
      - host: www.example.com
        http:
          paths:
            - pathType: Prefix
              backend:
                service:
                  name: exampleService
                  port:
                    number: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
      - hosts:
        - www.example.com
        secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls

k8s dashboard 安装

添加k8s dashboard仓库

1

helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/

更新k8s dashboard 仓库

1
2
3
4
5

helm repo update

Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "kubernetes-dashboard" chart repository
Update Complete. ⎈Happy Helming!⎈

安装k8s dashboard

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard

Release "kubernetes-dashboard" does not exist. Installing it now.
NAME: kubernetes-dashboard
LAST DEPLOYED: Sat Mar 22 22:18:12 2025
NAMESPACE: kubernetes-dashboard
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
*************************************************************************************************
*** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready ***
*************************************************************************************************

Congratulations! You have just installed Kubernetes Dashboard in your cluster.

To access Dashboard run:
  kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443

NOTE: In case port-forward command does not work, make sure that kong service name is correct.
      Check the services in Kubernetes Dashboard namespace using:
        kubectl -n kubernetes-dashboard get svc

Dashboard will be available at:
  https://localhost:8443

ingress, service account, cluster role binding

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

# ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dashboard-ingress
  namespace: kubernetes-dashboard
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-dns01 # 配置自动生成 https 证书
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    nginx.ingress.kubernetes.io/ssl-redirect: 'true' # 强制跳转 https
    nginx.ingress.kubernetes.io/secure-backends: 'true'
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - 'k8s.pkg.best'
      secretName: dashboard-letsencrypt-tls
  rules:
    - host: k8s.pkg.best
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard-kong-proxy
                port:
                  number: 443
---
# service account
apiVersion: v1
kind: ServiceAccount
metadata:
  name: hiifong
  namespace: kubernetes-dashboard
---
# cluster role binding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: hiifong
  namespace: kubernetes-dashboard

apply

1

kubectl apply -f k8s-dashboard.yml

create token

1
2
3

kubectl -n kubernetes-dashboard create token hiifong

eyJhbGciOiJSUzI1NiIsImtpZCI6Im1vM2tkcEE2MHBCMnFtSlVROUM1V2NjbE4xcVMwUUdSN2RWTHdSUzQ1X3MifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiLCJrM3MiXSwiZXhwIjoxNzQyNjU5MTE0LCJpYXQiOjE3NDI2NTU1MTQsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwianRpIjoiN2U4ZmFhZjAtMzhmMC00NTM5LThkOWQtZjc2MGU1ZTg2Zjg4Iiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJoaWlmb25nIiwidWlkIjoiNjNmYTlkNmItNjVjMS00N2NlLTgxYzMtMGNiYTk1YzM1NTAzIn19LCJuYmYiOjE3NDI2NTU1MTQsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDpoaWlmb25nIn0.P-VIdlNebYlze6hAqrATf8NDJgee0AIRX5iqyC-5ZFaTmP58CBqD0sx9ZnOxyL24ALXjQ0g6k_-2hbsOhj0DFvlzYUn3lZwqRNuIIbQhcSpC0uheOm7E_DoJaZ_19Cwml7EwzZs0VnzxZzWQY2qGj8S8uLgvR24jIM49ja6i0oYs71Qu-Ydj8Mo1QAMY9ldweSwAWeWk0rlAcbdlvoh-OMwYcpJF4KbIVA-Ue5jquyxsJW56tyvMyiECpc1RQqTBtdRopSLC9TPYbAMTzn0HqkVSonDUgpF2lY5p93EX7aIm1EdP7mjUonUcmzUCVuUJbmHu80fDl6jC8JDxmfU2Ew

host 映射

cert manager 安装

1
2
3
4
5
6
7
8

helm repo add jetstack https://charts.jetstack.io --force-update

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.17.0 \
  --set crds.enabled=true
更新于 2025-06-30 
CC BY-NC 4.0
阅读原始文档
K8sKubernetesK3s
返回 | 主页
Buy Me a Coffee ~~
hiifong 支付宝支付宝
hiifong 微信微信
0%