主节点 47.115.140.28
sudo ufw disable
sudo swapoff -a
sudo apt update
sudo apt upgrade -y
hostnamectl set-hostname master
echo "master" | sudo tee /etc/hostname
curl –sfL \
https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | \
INSTALL_K3S_MIRROR=cn \
sh -s - \
--disable traefik
# 查看token
cat /var/lib/rancher/k3s/server/node-token
# 显示的token
K10c629918050f9786fc6b4e1ef8caff
# 查看k3s服务状态
systemctl status k3s
# 查看节点
sudo k3s kubectl get nodes
# 卸载k3s
/usr/local/bin/k3s-uninstall.sh
# 重启k3s服务
systemctl restart k3s
# 配置 kubectl
mkdir -p ~/.kube
sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
sudo chown $(id -u):$(id -g) ~/.kube/config
# 重启 K3s 服务
sudo systemctl restart k3s
# 创建一个专门用于 Kuboard 的命名空间
kubectl create namespace kuboard
# 安装 Kuboard
kubectl apply -f https://addons.kuboard.cn/kuboard/kuboard-v3-swr.yaml
# 删除 Kuboard
kubectl delete -f https://addons.kuboard.cn/kuboard/kuboard-v3-swr.yaml
# 或者docker 安装
docker stop $(docker ps -a | grep "eipwork/kuboard" | awk '{print $1 }')
docker rm $(docker ps -a | grep "eipwork/kuboard" | awk '{print $1 }')
sudo docker run -d \
--restart=unless-stopped \
--name=kuboard \
-p 30080:80/tcp \
-p 10081:10081/udp \
-p 10081:10081/tcp \
-e KUBOARD_ENDPOINT="http://kuboard.my-company.com:80" \
-e KUBOARD_AGENT_SERVER_UDP_PORT="10081" \
-e KUBOARD_AGENT_SERVER_TCP_PORT="10081" \
-v /root/kuboard-data:/data \
eipwork/kuboard:v3.1.7.1
# 检查 Kuboard Pod
kubectl get pods -n kuboard -o wide --watch
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kuboard-v3-584d6f4cb9-966w9 0/1 ContainerCreating 0 3m21s <none> master <none> <none>
# 检查镜像拉取日志:
kubectl describe pod kuboard-v3-584d6f4cb9-966w9 -n kuboard
# 查看服务信息
kubectl get services -n kuboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kuboard-v3 NodePort 10.43.67.241 <none> 80:30080/TCP,10081:30081/TCP,10081:30081/UDP 20s
# 访问 kuboard 初始用户名 / 密码为:admin / Kuboard123
http://47.115.140.28:30080
工作节点 43.134.106.179
sudo ufw disable
sudo swapoff -a
sudo apt update
sudo apt upgrade -y
hostnamectl set-hostname node1
echo "node1" | sudo tee /etc/hostname
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=https://47.115.140.28:6443 K3S_TOKEN=K10c629918050f9786fc6b4e1ef8caff sh -
# 查看k3s服务状态
systemctl status k3s-agent
# 重启k3s服务
systemctl restart k3s-agent
# 卸载
/usr/local/bin/k3s-agent-uninstall.sh
# 若master Token 过期,重新生成新 Token
sudo k3s server --token-renewal
# node 删除配置重新加入master节点
sudo rm -rf /var/lib/rancher/k3s/
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn K3S_URL=https://47.115.140.28:6443 K3S_TOKEN=K10c629918050f9786fc6b4e1ef8caff sh -
# K3s 客户端和服务器证书自颁发日起 365 天内有效。每次启动 K3s 时,已过期或 90 天内过期的证书都会自动更新。
# 停止 K3s
systemctl stop k3s
# 轮换证书
k3s certificate rotate
# 启动 K3s
systemctl start k3s
# 删除 kuboard - etcd 的 DaemonSet
kubectl delete daemonset kuboard-etcd -n kuboard
# 查看 kuboard 命名空间下的 DaemonSet 资源是否已被删除
kubectl get daemonsets -n kuboard
# 删除 pod
kubectl delete pod kuboard-v3-584d6f4cb9-966w9 -n kuboard
# 删除 deployment
kubectl delete deployment kuboard-v3 -n kuboard
# 删除 service
kubectl delete service kuboard-v3 -n kuboard
# 删除旧资源
kubectl delete -f https://addons.kuboard.cn/kuboard/kuboard-v3.yaml
# 强制删除命名空间
kubectl delete namespace kuboard --grace-period=0 --force
# 验证命名空间状态
kubectl get namespace kuboard
# 编辑命名空间
kubectl edit namespace kuboard
# K3s `ctr` 常用命令与 Docker 对比
## 一、常用命令对比
| **功能** | **ctr 命令** | **Docker 命令** |
|-------------------|---------------------------------------|------------------------------|
| 运行容器 | `ctr run --rm --tty --name mycontainer docker.io/library/nginx:latest` | `docker run -it --rm --name mycontainer nginx` |
| 查看容器列表 | `ctr container ls` | `docker ps` |
| 进入容器 | `ctr task exec --exec-id 1 mycontainer /bin/sh` | `docker exec -it mycontainer /bin/sh` |
| 停止容器 | `ctr task kill mycontainer` | `docker stop mycontainer` |
| 删除容器 | `ctr container delete mycontainer` | `docker rm mycontainer` |
| 拉取镜像 | `ctr image pull docker.io/library/nginx:latest` | `docker pull nginx` |
| 查看镜像列表 | `ctr image ls` | `docker images` |
| 构建镜像 | `ctr build -t myimage .` | `docker build -t myimage .` |
| 推送镜像 | `ctr image push myimage:tag` | `docker push myimage:tag` |
## 二、关键差异
1. **底层运行时**
- Docker:使用自有运行时(`docker-containerd`),功能全面但相对较重。
- K3s/ctr:直接基于轻量级的`containerd`,资源占用更低,适合边缘计算或资源受限环境。
2. **命令结构**
- `ctr`需要明确指定命名空间(默认`k8s.io`),例如:
```bash
ctr -n k8s.io container run ...
# 镜像加速
cat > /etc/rancher/k3s/registries.yaml <<EOF
mirrors:
docker.io:
endpoint:
- "https://registry.cn-hangzhou.aliyuncs.com/"
quay.io:
endpoint:
- "https://quay.tencentcloudcr.com/"
registry.k8s.io:
endpoint:
- "https://registry.aliyuncs.com/v2/google_containers"
gcr.io:
endpoint:
- "https://gcr.m.daocloud.io/"
k8s.gcr.io:
endpoint:
- "https://registry.aliyuncs.com/google_containers"
ghcr.io:
endpoint:
- "https://ghcr.m.daocloud.io/"
EOF
systemctl restart k3s
# 配置后会在/var/lib/rancher/k3s/agent/etc/containerd下创建目录 certs.d 存放containerd mirror配置文件
# 检查镜像拉取是否使用了代理
kubectl run test --image=nginx --rm -it
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
# 国内安装helm
wget https://mirrors.huaweicloud.com/helm/v3.9.4/helm-v3.9.4-linux-amd64.tar.gz
tar -zxvf helm-v3.9.4-linux-amd64.tar.gz
cp ./linux-amd64/helm /usr/local/bin/
helm version
# docker 安装
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
curl -sfL https://get.rainbond.com/install_docker | bash
