k8s 测试环境搭建（k3s）

目录

• k8s 测试环境搭建（k3s）
  • 环境说明
  • 安装 docker
  • 安装 k3s
  • 安装 nfs server
  • 安装 nfs-provisioner

k8s 测试环境搭建（k3s）

环境说明

系统 centos 7.9，基于 k3s + docker，并安装 nfs-provisioner 提供 nfs 的 StorageClass 支持

安装 docker

echo "
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf
sysctl -p

curl https://releases.rancher.com/install-docker/19.03.sh | sh
systemctl enable docker

• 20.10.sh 可用

设置国内源

vi /etc/docker/daemon.json
{
    "registry-mirrors": ["https://hccwwfjl.mirror.aliyuncs.com"]
}

systemctl restart docker

• 其他源 http://hub-mirror.c.163.com

安装 k3s

curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -s - --docker

• 默认安装最新版本
• INSTALL_K3S_VERSION 可以指定版本，可用版本：https://github.com/k3s-io/k3s/releases

安装 nfs server

https://www.cnblogs.com/leffss/p/14826992.html

安装 nfs-provisioner

yaml 文件：

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-client-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-client-provisioner
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: nfs-client-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: kube-system
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: kube-system
subjects:
  - kind: ServiceAccount
    name: nfs-client-provisioner
    # replace with namespace where provisioner is deployed
    namespace: kube-system
roleRef:
  kind: Role
  name: leader-locking-nfs-client-provisioner
  apiGroup: rbac.authorization.k8s.io

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nfs-client-provisioner
  labels:
    app: nfs-client-provisioner
  # replace with namespace where provisioner is deployed
  namespace: kube-system
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: nfs-client-provisioner
  template:
    metadata:
      labels:
        app: nfs-client-provisioner
    spec:
      serviceAccountName: nfs-client-provisioner
      containers:
        - name: nfs-client-provisioner
          #image: gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner:v4.0.1
          image: easzlab/nfs-subdir-external-provisioner:v4.0.1
          volumeMounts:
            - name: nfs-client-root
              mountPath: /persistentvolumes
          env:
            - name: PROVISIONER_NAME
              value: k8s-sigs.io/nfs-subdir-external-provisioner
            - name: NFS_SERVER
              value: 192.168.223.111
            - name: NFS_PATH
              value: /nfs
      volumes:
        - name: nfs-client-root
          nfs:
            server: 192.168.223.111
            path: /nfs

---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: nfs-leffss
provisioner: k8s-sigs.io/nfs-subdir-external-provisioner
parameters:
  archiveOnDelete: "false"

• StorageClass 名称：nfs-leffss
• k8s 版本高于 v1.19 时，必须使用 nfs-subdir-external-provisioner 版本 v4.0.0 以上镜像，否则会出现 unexpected error getting claim reference: selfLink was empty, can't make reference 的报错，无法分配 pv，详情见 https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/issues/25

设置为默认的sc

$ kubectl get sc
NAME                   PROVISIONER                                   RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
local-path (default)   rancher.io/local-path                         Delete          WaitForFirstConsumer   false                  32m
nfs-leffss             k8s-sigs.io/nfs-subdir-external-provisioner   Delete          Immediate              false                  15m

$ kubectl patch storageclass nfs-leffss -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'   
$ kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'

$ kubectl get sc
NAME                   PROVISIONER                                   RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
nfs-leffss (default)   k8s-sigs.io/nfs-subdir-external-provisioner   Delete          Immediate              false                  15m
local-path             rancher.io/local-path                         Delete          WaitForFirstConsumer   false                  32m