Orange Pi Oneでk3sを動かす

f:id:tar-xzvff:20190407221520j:plain

Kubernetes(k8s)の軽量版のk3sが話題になっているので、
家に大量にあるOrange Pi ONEで動作するかを試してみました。

準備

OSはarmbianを使います。
こちらからダウンロードすることができます、
https://www.armbian.com/orange-pi-one/
そして今回はArmbian Bionicを使用します。

k3s最低動作要件は以下です。

Minimum System Requirements
Linux 3.10+
512 MB of ram per server
75 MB of ram per node
200 MB of disk space
x86_64, ARMv7, ARM64

ハードウェアの要件はギリギリ満たしているので、動くはず。
http://www.orangepi.org/orangepione/

k3sではserverとnodeでそれぞれ要求されるメモリ容量が異なるようです。
serverとnodeの違いがよくわかりませんが、なんとなく
server = マスターノード(コントロールプレーン?)
node = ワーカーノード
のような気がします。

導入

この検証時では最新がv0.3.0でしたので、このバージョンを使用します。
k3sのリポジトリからバイナリをダウンロードし、
実行権限を与えることですぐに立ち上がります。

root@orangepione:~# wget https://github.com/rancher/k3s/releases/download/v0.3.0/k3s-armhf
root@orangepione:~# chmod 755 k3s-armhf
root@orangepione:~# ls -lh
total 36M
-rwxr-xr-x 1 root root 36M Mar 30 00:01 k3s-armhf
root@orangepione:~# ./k3s-armhf
NAME:
k3s-armhf - Kubernetes, but small and simple

USAGE:
k3s-armhf [global options] command [command options] [arguments...]

VERSION:
v0.3.0 (9a1a1ec)

COMMANDS:
server Run management server
agent Run node agent
kubectl Run kubectl
crictl Run crictl
help, h Shows a list of commands or help for one command

GLOBAL OPTIONS:
--debug Turn on debug logs
--help, -h show help
--version, -v print the version

実行してみます。

root@orangepione:~# ./k3s-armhf server &
[1] 626
root@orangepione:~# INFO[0000] Preparing data dir /var/lib/rancher/k3s/data/e737b8b70ac9d19bd61626eed5131ce159e2e04bb75af26df5235fafa4bed87e
INFO[2019-04-08T13:37:44.066242020Z] Starting k3s v0.3.0 (9a1a1ec)
INFO[2019-04-08T13:38:22.344674190Z] Running kube-apiserver --watch-cache=false --cert-dir /var/lib/rancher/k3s/server/tls/temporary-certs --allow-privileged=true --authorization-mode Node,RBAC --service-account-signing-key-file /var/lib/rancher/k3s/server/tls/service.key --service-cluster-ip-range 10.43.0.0/16 --advertise-port 6445 --advertise-address 127.0.0.1 --insecure-port 0 --secure-port 6444 --bind-address 127.0.0.1 --tls-cert-file /var/lib/rancher/k3s/server/tls/localhost.crt --tls-private-key-file /var/lib/rancher/k3s/server/tls/localhost.key --service-account-key-file /var/lib/rancher/k3s/server/tls/service.key --service-account-issuer k3s --api-audiences unknown --basic-auth-file /var/lib/rancher/k3s/server/cred/passwd --kubelet-client-certificate /var/lib/rancher/k3s/server/tls/token-node.crt --kubelet-client-key /var/lib/rancher/k3s/server/tls/token-node.key
INFO[2019-04-08T13:38:45.445949296Z] Running kube-scheduler --kubeconfig /var/lib/rancher/k3s/server/cred/kubeconfig-system.yaml --port 10251 --address 127.0.0.1 --secure-port 0 --leader-elect=false
INFO[2019-04-08T13:38:45.449646372Z] Running kube-controller-manager --kubeconfig /var/lib/rancher/k3s/server/cred/kubeconfig-system.yaml --service-account-private-key-file /var/lib/rancher/k3s/server/tls/service.key --allocate-node-cidrs --cluster-cidr 10.42.0.0/16 --root-ca-file /var/lib/rancher/k3s/server/tls/token-ca.crt --port 10252 --address 127.0.0.1 --secure-port 0 --leader-elect=false
Flag --address has been deprecated, see --bind-address instead.
INFO[2019-04-08T13:38:46.697995415Z] Creating CRD listenerconfigs.k3s.cattle.io
INFO[2019-04-08T13:38:46.865654510Z] Creating CRD addons.k3s.cattle.io
INFO[2019-04-08T13:38:46.881882362Z] Creating CRD helmcharts.k3s.cattle.io
INFO[2019-04-08T13:38:46.932586743Z] Waiting for CRD listenerconfigs.k3s.cattle.io to become available
INFO[2019-04-08T13:38:47.440446619Z] Done waiting for CRD listenerconfigs.k3s.cattle.io to become available
INFO[2019-04-08T13:38:47.440637572Z] Waiting for CRD addons.k3s.cattle.io to become available
INFO[2019-04-08T13:38:47.947754091Z] Done waiting for CRD addons.k3s.cattle.io to become available
INFO[2019-04-08T13:38:47.947952628Z] Waiting for CRD helmcharts.k3s.cattle.io to become available
INFO[2019-04-08T13:38:48.456816355Z] Done waiting for CRD helmcharts.k3s.cattle.io to become available
INFO[2019-04-08T13:38:48.476027342Z] Listening on :6443
INFO[2019-04-08T13:39:01.318269035Z] Node token is available at /var/lib/rancher/k3s/server/node-token
INFO[2019-04-08T13:39:01.318460322Z] To join node to cluster: k3s agent -s https://192.168.1.101:6443 -t ${NODE_TOKEN}
INFO[2019-04-08T13:39:01.326900449Z] Writing static file: /var/lib/rancher/k3s/server/static/charts/traefik-1.64.0.tgz
INFO[2019-04-08T13:39:01.328869276Z] Writing manifest: /var/lib/rancher/k3s/server/manifests/coredns.yaml
INFO[2019-04-08T13:39:01.329642757Z] Writing manifest: /var/lib/rancher/k3s/server/manifests/traefik.yaml
INFO[2019-04-08T13:39:03.059718738Z] Wrote kubeconfig /etc/rancher/k3s/k3s.yaml
INFO[2019-04-08T13:39:03.059897400Z] Run: k3s-armhf kubectl
INFO[2019-04-08T13:39:03.060310182Z] k3s is up and running
INFO[2019-04-08T13:39:04.205044676Z] Logging containerd to /var/lib/rancher/k3s/agent/containerd/containerd.log
INFO[2019-04-08T13:39:04.205424000Z] Running containerd -c /var/lib/rancher/k3s/agent/etc/containerd/config.toml -a /run/k3s/containerd/containerd.sock --state /run/k3s/containerd --root /var/lib/rancher/k3s/agent/containerd
INFO[2019-04-08T13:39:04.216863386Z] Waiting for containerd startup: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: Error while dialing dial unix /run/k3s/containerd/containerd.sock: connect: no such file or directory"
INFO[2019-04-08T13:39:05.274616513Z] Connecting to wss://localhost:6443/v1-k3s/connect
INFO[2019-04-08T13:39:05.274924339Z] Connecting to proxy                           url="wss://localhost:6443/v1-k3s/connect"
INFO[2019-04-08T13:39:05.399541203Z] Handling backend connection request [orangepione]
INFO[2019-04-08T13:39:05.408568315Z] Running kubelet --healthz-bind-address 127.0.0.1 --read-only-port 0 --allow-privileged=true --cluster-domain cluster.local --kubeconfig /var/lib/rancher/k3s/agent/kubeconfig.yaml --eviction-hard imagefs.available<5%,nodefs.available<5% --eviction-minimum-reclaim imagefs.available=10%,nodefs.available=10% --fail-swap-on=false --cgroup-driver cgroupfs --root-dir /var/lib/rancher/k3s/agent/kubelet --cert-dir /var/lib/rancher/k3s/agent/kubelet/pki --seccomp-profile-root /var/lib/rancher/k3s/agent/kubelet/seccomp --cni-conf-dir /var/lib/rancher/k3s/agent/etc/cni/net.d --cni-bin-dir /var/lib/rancher/k3s/data/e737b8b70ac9d19bd61626eed5131ce159e2e04bb75af26df5235fafa4bed87e/bin --cluster-dns 10.43.0.10 --resolv-conf /etc/resolv.conf --container-runtime remote --container-runtime-endpoint unix:///run/k3s/containerd/containerd.sock --address 127.0.0.1 --anonymous-auth=false --client-ca-file /var/lib/rancher/k3s/agent/client-ca.pem --hostname-override orangepione --runtime-cgroups /systemd/user.slice/user-0.slice --kubelet-cgroups /systemd/user.slice/user-0.slice
Flag --allow-privileged has been deprecated, will be removed in a future version
INFO[2019-04-08T13:39:05.747308850Z] waiting for node orangepione: nodes "orangepione" not found
INFO[2019-04-08T13:39:07.920739317Z] waiting for node orangepione: nodes "orangepione" not found
INFO[2019-04-08T13:39:09.928922048Z] waiting for node orangepione: nodes "orangepione" not found
INFO[2019-04-08T13:39:11.936294514Z] waiting for node orangepione: nodes "orangepione" not found
INFO[2019-04-08T13:39:13.943764901Z] waiting for node orangepione: nodes "orangepione" not found
INFO[2019-04-08T13:39:15.951041467Z] waiting for node orangepione: nodes "orangepione" not found
INFO[2019-04-08T13:39:17.958423453Z] waiting for node orangepione: nodes "orangepione" not found
INFO[2019-04-08T13:39:19.965548202Z] waiting for node orangepione: nodes "orangepione" not found
INFO[2019-04-08T13:39:21.989146263Z] waiting for node orangepione: nodes "orangepione" not found

いろいろエラーが出ていますが、起動してきました。

クラスタにノードを追加する方法も出力されているようです。

INFO[2019-04-08T13:39:01.318269035Z] Node token is available at /var/lib/rancher/k3s/server/node-token
INFO[2019-04-08T13:39:01.318460322Z] To join node to cluster: k3s agent -s https://192.168.1.101:6443 -t ${NODE_TOKEN}

./k3s-armhf server & したサーバで別のターミナルを開き、kubectl get nodes

root@orangepione:~# ./k3s-armhf kubectl get nodes
NAME          STATUS   ROLES    AGE   VERSION
orangepione   Ready    <none>   83s   v1.13.5-k3s.1

https://blog.tekspace.io/exposing-pod-as-a-nodeport-service/
こちらを参考にPodをNodePortで公開してみます。

root@orangepione:~# ./k3s-armhf kubectl run nginx-demo --image=nginx --port=80 --labels="name=nginx-demo"
root@orangepione:~# ./k3s-armhf kubectl get pods
NAME                          READY   STATUS    RESTARTS   AGE
nginx-demo-6bddf99596-m7f6w   1/1     Running   0          46s
root@orangepione:~# vi nginx-demo-nodeport-svc.yaml

apiVersion: v1
kind: Service
metadata:
  name: nginx-demo
  labels:
    name: nginx-demo-nodeport-svc
spec:
  type: NodePort
  ports:
    - port: 80
      nodePort: 30180
      name: http
    - port: 443
      nodePort: 31443
      name: https
  selector:
    name: nginx-demo

root@orangepione:~# ./k3s-armhf kubectl create -f nginx-demo-nodeport-svc.yaml
service/nginx-demo created

root@orangepione:~# ./k3s-armhf kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
kubernetes   ClusterIP   10.43.0.1       <none>        443/TCP                      13m
nginx-demo   NodePort    10.43.132.125   <none>        80:30180/TCP,443:31443/TCP   109s

ブラウザから192.168.1.101:30180にアクセスしてみます。
f:id:tar-xzvff:20190408225350p:plain

アクセスできました。
基本的なPodの作成とexposeができる事を確認できました。
次回はNodeを追加し、クラスタ化できるか挑戦してみます。