From f0077e2f0b0c894725001d1bba7b3b05ba5a9d01 Mon Sep 17 00:00:00 2001 From: Dominic Taylor Date: Tue, 12 Mar 2019 12:47:22 +0000 Subject: [PATCH] Update docker-compose for v0.2.0, add agent docker-compose, update readme for docker agent run command --- README.md | 47 +++++++++++++++++++++++----------------- docker-compose-agent.yml | 13 +++++++++++ docker-compose.yml | 6 +++-- 3 files changed, 44 insertions(+), 22 deletions(-) create mode 100644 docker-compose-agent.yml diff --git a/README.md b/README.md index fcdf28818a..eb8eab8b69 100644 --- a/README.md +++ b/README.md @@ -28,19 +28,19 @@ k3s is intended to be a fully compliant Kubernetes distribution with the followi * CoreDNS * CNI * Host utilities (iptables, socat, etc) - + Quick start ----------- 1. Download `k3s` from latest [release](https://github.com/rancher/k3s/releases/latest), x86_64, armhf, and arm64 are supported -2. Run server +2. Run server ```bash sudo k3s server & # Kubeconfig is written to /etc/rancher/k3s/k3s.yaml sudo k3s kubectl get node -# On a different node run the below. NODE_TOKEN comes from /var/lib/rancher/k3s/server/node-token +# On a different node run the below. NODE_TOKEN comes from /var/lib/rancher/k3s/server/node-token # on your server sudo k3s agent --server https://myserver:6443 --token ${NODE_TOKEN} @@ -57,15 +57,15 @@ You should get an output similar to ``` INFO[2019-01-22T15:16:19.908493986-07:00] Starting k3s dev -INFO[2019-01-22T15:16:19.908934479-07:00] Running kube-apiserver --allow-privileged=true --authorization-mode Node,RBAC --service-account-signing-key-file /var/lib/rancher/k3s/server/tls/service.key --service-cluster-ip-range 10.43.0.0/16 --advertise-port 6445 --advertise-address 127.0.0.1 --insecure-port 0 --secure-port 6444 --bind-address 127.0.0.1 --tls-cert-file /var/lib/rancher/k3s/server/tls/localhost.crt --tls-private-key-file /var/lib/rancher/k3s/server/tls/localhost.key --service-account-key-file /var/lib/rancher/k3s/server/tls/service.key --service-account-issuer k3s --api-audiences unknown --basic-auth-file /var/lib/rancher/k3s/server/cred/passwd --kubelet-client-certificate /var/lib/rancher/k3s/server/tls/token-node.crt --kubelet-client-key /var/lib/rancher/k3s/server/tls/token-node.key +INFO[2019-01-22T15:16:19.908934479-07:00] Running kube-apiserver --allow-privileged=true --authorization-mode Node,RBAC --service-account-signing-key-file /var/lib/rancher/k3s/server/tls/service.key --service-cluster-ip-range 10.43.0.0/16 --advertise-port 6445 --advertise-address 127.0.0.1 --insecure-port 0 --secure-port 6444 --bind-address 127.0.0.1 --tls-cert-file /var/lib/rancher/k3s/server/tls/localhost.crt --tls-private-key-file /var/lib/rancher/k3s/server/tls/localhost.key --service-account-key-file /var/lib/rancher/k3s/server/tls/service.key --service-account-issuer k3s --api-audiences unknown --basic-auth-file /var/lib/rancher/k3s/server/cred/passwd --kubelet-client-certificate /var/lib/rancher/k3s/server/tls/token-node.crt --kubelet-client-key /var/lib/rancher/k3s/server/tls/token-node.key Flag --insecure-port has been deprecated, This flag will be removed in a future version. -INFO[2019-01-22T15:16:20.196766005-07:00] Running kube-scheduler --kubeconfig /var/lib/rancher/k3s/server/cred/kubeconfig-system.yaml --port 0 --secure-port 0 --leader-elect=false -INFO[2019-01-22T15:16:20.196880841-07:00] Running kube-controller-manager --kubeconfig /var/lib/rancher/k3s/server/cred/kubeconfig-system.yaml --service-account-private-key-file /var/lib/rancher/k3s/server/tls/service.key --allocate-node-cidrs --cluster-cidr 10.42.0.0/16 --root-ca-file /var/lib/rancher/k3s/server/tls/token-ca.crt --port 0 --secure-port 0 --leader-elect=false +INFO[2019-01-22T15:16:20.196766005-07:00] Running kube-scheduler --kubeconfig /var/lib/rancher/k3s/server/cred/kubeconfig-system.yaml --port 0 --secure-port 0 --leader-elect=false +INFO[2019-01-22T15:16:20.196880841-07:00] Running kube-controller-manager --kubeconfig /var/lib/rancher/k3s/server/cred/kubeconfig-system.yaml --service-account-private-key-file /var/lib/rancher/k3s/server/tls/service.key --allocate-node-cidrs --cluster-cidr 10.42.0.0/16 --root-ca-file /var/lib/rancher/k3s/server/tls/token-ca.crt --port 0 --secure-port 0 --leader-elect=false Flag --port has been deprecated, see --secure-port instead. INFO[2019-01-22T15:16:20.273441984-07:00] Listening on :6443 -INFO[2019-01-22T15:16:20.278383446-07:00] Writing manifest: /var/lib/rancher/k3s/server/manifests/coredns.yaml -INFO[2019-01-22T15:16:20.474454524-07:00] Node token is available at /var/lib/rancher/k3s/server/node-token -INFO[2019-01-22T15:16:20.474471391-07:00] To join node to cluster: k3s agent -s https://10.20.0.3:6443 -t ${NODE_TOKEN} +INFO[2019-01-22T15:16:20.278383446-07:00] Writing manifest: /var/lib/rancher/k3s/server/manifests/coredns.yaml +INFO[2019-01-22T15:16:20.474454524-07:00] Node token is available at /var/lib/rancher/k3s/server/node-token +INFO[2019-01-22T15:16:20.474471391-07:00] To join node to cluster: k3s agent -s https://10.20.0.3:6443 -t ${NODE_TOKEN} INFO[2019-01-22T15:16:20.541027133-07:00] Wrote kubeconfig /etc/rancher/k3s/k3s.yaml INFO[2019-01-22T15:16:20.541049100-07:00] Run: k3s kubectl ``` @@ -76,7 +76,7 @@ that the control plane be part of the cluster. To not run the agent by default flag k3s server --disable-agent - + At this point, you can run the agent as a separate process or not run it on this node at all. Joining nodes @@ -86,7 +86,7 @@ When the server starts it creates a file `/var/lib/rancher/k3s/server/node-token of that file as `NODE_TOKEN` and then run the agent as follows k3s agent --server https://myserver:6443 --token ${NODE_TOKEN} - + That's it. Accessing cluster from outside @@ -122,7 +122,7 @@ Building from source The clone will be much faster on this repo if you do git clone --depth 1 https://github.com/rancher/k3s.git - + This repo includes all of Kubernetes history so `--depth 1` will avoid most of that. For development, you just need go 1.11 and a sane GOPATH. To compile the binaries run @@ -177,7 +177,7 @@ Server HA --------- Just don't right now :) It's currently broken. - + Running in Docker (and docker-compose) ----------------- @@ -188,13 +188,20 @@ serves as an example of how to run k3s from Docker. To run from `docker-compose docker-compose up --scale node=3 # kubeconfig is written to current dir kubectl --kubeconfig kubeconfig.yaml get node - + NAME STATUS ROLES AGE VERSION 497278a2d6a2 Ready 11s v1.13.2-k3s2 d54c8b17c055 Ready 11s v1.13.2-k3s2 db7a5a5a5bdd Ready 12s v1.13.2-k3s2 - +To run the agent only in Docker use the following `docker-compose-agent.yml` is in the root of this repo that +serves as an example of how to run k3s agent from Docker. Alternatively the Docker run command can also be used; + + sudo docker run -d --tmpfs /run --tmpfs /var/run -e K3S_URL=${SERVER_URL} -e K3S_TOKEN=${NODE_TOKEN} --privileged rancher/k3s:v0.2.0 + + sudo docker run -d --tmpfs /run --tmpfs /var/run -e K3S_URL=https://k3s.example.com:6443 -e K3S_TOKEN=K13849a67fc385fd3c0fa6133a8649d9e717b0258b3b09c87ffc33dae362c12d8c0::node:2e373dca319a0525745fd8b3d8120d9c --privileged rancher/k3s:v0.2.0 + + Hyperkube -------- @@ -202,7 +209,7 @@ k3s is bundled in a nice wrapper to remove the majority of the headache of runni you don't want that wrapper and just want a smaller k8s distro, the releases includes the `hyperkube` binary you can use. It's then up to you to know how to use `hyperkube`. If you want individual binaries you will need to compile them yourself from source - + containerd and Docker ---------- @@ -211,7 +218,7 @@ run with Docker first stop and think, "Really? Do I really want more headache?" yes then you just need to run the agent with the `--docker` flag k3s agent -u ${SERVER_URL} -t ${NODE_TOKEN} --docker & - + systemd ------- @@ -252,7 +259,7 @@ curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=vX.Y.Z-rc1 sh - ``` To install just the server without an agent we can add a `INSTALL_K3S_EXEC` -environment variable to the command: +environment variable to the command: ```sh curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable-agent" sh - ``` @@ -335,7 +342,7 @@ Flannel Flannel is included by default, if you don't want flannel then run the agent with `--no-flannel` as follows k3s agent -u ${SERVER_URL} -t ${NODE_TOKEN} --no-flannel & - + In this setup you will still be required to install your own CNI driver. More info [here](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#pod-network) CoreDNS @@ -344,7 +351,7 @@ CoreDNS CoreDNS is deployed on start of the agent, to disable add `--no-deploy coredns` to the server k3s server --no-deploy coredns - + If you don't install CoreDNS you will need to install a cluster DNS provider yourself. Traefik diff --git a/docker-compose-agent.yml b/docker-compose-agent.yml new file mode 100644 index 0000000000..bfcec2e04a --- /dev/null +++ b/docker-compose-agent.yml @@ -0,0 +1,13 @@ +version: '3' +services: + node: + image: rancher/k3s:v0.2.0 + tmpfs: + - /run + - /var/run + privileged: true + environment: + - K3S_URL=https://server:6443 + - K3S_CLUSTER_SECRET=somethingtotallyrandom + # Can also use K3S_TOKEN from /var/lib/rancher/k3s/server/node-token instead of K3S_CLUSTER_SECRET + #- K3S_TOKEN=K13849a67fc385fd3c0fa6133a8649d9e717b0258b3b09c87ffc33dae362c12d8c0::node:2e373dca319a0525745fd8b3d8120d9c diff --git a/docker-compose.yml b/docker-compose.yml index 3d4b70aa7f..72fb5f4fa6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ version: '3' services: server: - image: rancher/k3s:v0.1.0 + image: rancher/k3s:v0.2.0 command: server --disable-agent environment: - K3S_CLUSTER_SECRET=somethingtotallyrandom @@ -15,7 +15,7 @@ services: - 6443:6443 node: - image: rancher/k3s:v0.1.0 + image: rancher/k3s:v0.2.0 tmpfs: - /run - /var/run @@ -23,6 +23,8 @@ services: environment: - K3S_URL=https://server:6443 - K3S_CLUSTER_SECRET=somethingtotallyrandom + # Can also use K3S_TOKEN from /var/lib/rancher/k3s/server/node-token instead of K3S_CLUSTER_SECRET + #- K3S_TOKEN=K13849a67fc385fd3c0fa6133a8649d9e717b0258b3b09c87ffc33dae362c12d8c0::node:2e373dca319a0525745fd8b3d8120d9c volumes: k3s-server: {}