缺省安装的k3s使用的是containerd作为容器运行环境,如果希望使用Docker作为容器运行环境,只需要在安装时通过环境变量INSTALL_K3S_EXEC指定--docker即可。这篇文章具体介绍一下具体的安装与部署方法。
现在Docker官方已经提供了一键脚本,可以直接使用进行安装,安装命令如下所示:
curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh
安装日志如下所示:
[root@liumiaocn ~]# curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh
# Executing docker install script, commit: f45d7c11389849ff46a6b4d94e0dd1ffebca32c1
+ sh -c 'yum install -y -q yum-utils'
warning: /var/cache/yum/x86_64/7/base/packages/python-chardet-2.2.1-3.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for python-chardet-2.2.1-3.el7.noarch.rpm is not installed
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) "
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-6.1810.2.el7.centos.x86_64 (@anaconda)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+ sh -c 'yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo'
Loaded plugins: fastestmirror
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
+ '[' stable '!=' stable ']'
+ sh -c 'yum makecache'
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.bit.edu.cn
* extras: mirrors.neusoft.edu.cn
* updates: mirror.bit.edu.cn
base | 3.6 kB 00:00:00
docker-ce-stable | 3.5 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/10): docker-ce-stable/x86_64/filelists_db | 18 kB 00:00:01
(2/10): docker-ce-stable/x86_64/updateinfo | 55 B 00:00:01
(3/10): base/7/x86_64/other_db | 2.6 MB 00:00:01
(4/10): docker-ce-stable/x86_64/primary_db | 37 kB 00:00:00
(5/10): docker-ce-stable/x86_64/other_db | 111 kB 00:00:00
(6/10): extras/7/x86_64/other_db | 100 kB 00:00:00
(7/10): base/7/x86_64/filelists_db | 7.3 MB 00:00:02
(8/10): extras/7/x86_64/filelists_db | 207 kB 00:00:00
(9/10): updates/7/x86_64/other_db | 267 kB 00:00:00
(10/10): updates/7/x86_64/filelists_db | 2.7 MB 00:00:03
Metadata Cache Created
+ '[' -n '' ']'
+ sh -c 'yum install -y -q docker-ce'
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-ce-19.03.5-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Public key for docker-ce-19.03.5-3.el7.x86_64.rpm is not installed
Importing GPG key 0x621E9F35:
Userid : "Docker Release (CE rpm) "
Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35
From : https://download.docker.com/linux/centos/gpg
If you would like to use Docker as a non-root user, you should now consider
adding your user to the "docker" group with something like:
sudo usermod -aG docker your-user
Remember that you will have to log out and back in for this to take effect!
WARNING: Adding a user to the "docker" group will grant the ability to run
containers which can be used to obtain root privileges on the
docker host.
Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
for more information.
[root@liumiaocn ~]#
由于官方脚本中很贴心的加的有set -x,执行时的调试信息也进行了显示,可以看到就是yum仓库的设定然后进行安装的方式。另外由于此处是root用户,提示如果希望使用普通用户,然后将将此用户添加到docker组中,但是同时会将此用户赋予对宿主机进行一部分特权的风险(其实就是sbit的权限),这里就不再关注。上述安装完成之后,通过docker version即可确认到版本信息。
[root@liumiaocn ~]# docker version Client: Docker Engine - Community Version: 19.03.5 API version: 1.40 Go version: go1.12.12 Git commit: 633a0ea Built: Wed Nov 13 07:25:41 2019 OS/Arch: linux/amd64 Experimental: false Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? [root@liumiaocn ~]#
启动Docker服务
[root@liumiaocn ~]# systemctl start docker [root@liumiaocn ~]#
可以看到containerd和runc的版本信息
[root@liumiaocn ~]# docker version Client: Docker Engine - Community Version: 19.03.5 API version: 1.40 Go version: go1.12.12 Git commit: 633a0ea Built: Wed Nov 13 07:25:41 2019 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community Engine: Version: 19.03.5 API version: 1.40 (minimum version 1.12) Go version: go1.12.12 Git commit: 633a0ea Built: Wed Nov 13 07:24:18 2019 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.2.10 GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339 runc: Version: 1.0.0-rc8+dev GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 docker-init: Version: 0.18.0 GitCommit: fec3683 [root@liumiaocn ~]#
虽然贴了这么多日志,但实际上到目前只有一个一键安装脚本的执行和一条systemctl语句的服务启动Docker的安装就完成了。
步骤2: 安装k3s可以使用如下命令进行安装:
环境变量方式:curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC=“server --docker” sh -s -
或者
直接传参方式:curl -sfL https://get.k3s.io | sh -s - server --docker
这里使用直接传参方式,安装日志如下所示
[root@liumiaocn ~]# curl -sfL https://get.k3s.io | sh -s - server --docker [INFO] Finding latest release [INFO] Using v1.0.0 as release [INFO] Downloading hash https://github.com/rancher/k3s/releases/download/v1.0.0/sha256sum-amd64.txt [INFO] Downloading binary https://github.com/rancher/k3s/releases/download/v1.0.0/k3s [INFO] Verifying binary download [INFO] Installing k3s to /usr/local/bin/k3s [INFO] SELinux is enabled, setting permissions which: no kubectl in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin) [INFO] Creating /usr/local/bin/kubectl symlink to k3s which: no crictl in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin) [INFO] Creating /usr/local/bin/crictl symlink to k3s [INFO] Skipping /usr/local/bin/ctr symlink to k3s, command exists in PATH at /usr/bin/ctr [INFO] Creating killall script /usr/local/bin/k3s-killall.sh [INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh [INFO] env: Creating environment file /etc/systemd/system/k3s.service.env [INFO] systemd: Creating service file /etc/systemd/system/k3s.service [INFO] systemd: Enabling k3s unit Created symlink from /etc/systemd/system/multi-user.target.wants/k3s.service to /etc/systemd/system/k3s.service. [INFO] systemd: Starting k3s [root@liumiaocn ~]#
确认容器运行环境
[root@liumiaocn ~]# kubectl get node -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME liumiaocn Ready master 99s v1.16.3-k3s.2 192.168.163.143CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://19.3.5 [root@liumiaocn ~]#
可以看到此处提示的DONTAINER-RUNTIME(容器运行环境也称为容器运行时)为docker的19.3.5版本,正是前面刚刚安装的Docker版本。比较一下缺省安装方式下的k3s,可以看到缺省方式下k3s是直接使用containerd。
[root@liumiaocn ~]# kubectl get node -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME liumiaocn Ready master 3m38s v1.16.3-k3s.2 192.168.163.143CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 containerd://1.3.0-k3s.4 [root@liumiaocn ~]#
详细可参看:https://liumiaocn.blog.csdn.net/article/details/103234225
总结相较于kubernetes的每次release note中提到的简单的部署方式,k3s宣称的简单,在使用起来确实简单。使用docker作为容器运行环境,是否多余放在一边,实际中已经有很多在Docker基础上运行的系统,这种方式会减少对既存系统的影响。
