基于搜索结果,我为你提供一个在Linux上实现最精简k3s部署环境使用本地构建镜像部署Go web应用的完整方案。k3s 是最轻量级的Kubernetes发行版,特别适合资源有限的环境。
第一步:Linux系统环境说明
选择一个轻量级Linux发行版(如Ubuntu、Debian Server等),确保满足基本要求:
- 64位Linux系统
- 至少512MB内存
- root或sudo权限
服务器系统版本:Debian 6.1.129-1 (2025-03-06) x86_64 GNU/Linux
轻量级Kubernetes实战:基于k3s搭建Go Web应用部署环境(无需外部Docker仓库)
1. 什么是k3s?
k3s是一个轻量级的Kubernetes发行版,专为资源受限环境设计。它保留了Kubernetes的核心功能,但去除了不必要的组件,使得安装更简单、资源占用更少。k3s非常适合边缘计算、IoT设备、开发测试环境以及小型生产环境。
2. 为什么选择k3s?
- 轻量级:单个二进制文件,内存占用少
- 简单部署:一条命令即可完成安装
- 完整的Kubernetes API:兼容标准Kubernetes
- 低资源需求:适合小型服务器和边缘设备
- 内置组件:包含containerd作为容器运行时,无需外部Docker
3. 环境准备
3.1 系统要求
- Debian 6.1.129-1 (2025-03-06) x86_64 GNU/Linux
- Docker、Golang 环境
- 最低配置:1核CPU,1GB内存
- 网络连接正常,能够访问阿里云镜像仓库
3.2 前置准备工作
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
sudo apt update && sudo apt upgrade -y
sudo yum update -y
sudo apt install -y curl wget jq vim git
sudo ufw disable
sudo systemctl stop firewalld && sudo systemctl disable firewalld
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
|
4. 安装k3s(中国镜像源,禁用Traefik)
根据提供的安装脚本信息,我们使用中国镜像源进行安装,并禁用默认的Traefik Ingress Controller。
1
2
3
4
5
6
7
8
9
|
mkdir -p ~/.kube
sudo curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -s - server \
--system-default-registry "registry.cn-hangzhou.aliyuncs.com" \
--write-kubeconfig ~/.kube/config \
--write-kubeconfig-mode 666 \
--disable traefik
|
参数说明:
INSTALL_K3S_MIRROR=cn:使用中国镜像源加速下载--system-default-registry "registry.cn-hangzhou.aliyuncs.com":设置默认镜像仓库为阿里云杭州区域,加速镜像拉取--write-kubeconfig ~/.kube/config:将kubeconfig文件写入用户目录--write-kubeconfig-mode 666:设置kubeconfig文件权限为666,方便多用户访问--disable traefik:禁用默认的Traefik Ingress Controller,我们将使用Nginx Ingress或其他方案
5. 验证k3s安装
1
2
3
4
5
6
7
8
9
10
11
|
sudo systemctl status k3s
k3s kubectl version
kubectl get nodes
kubectl get pods -n kube-system
|
正常情况下,你应该看到节点状态为Ready,并且kube-system命名空间下的Pod都处于运行状态。
6. 配置kubectl自动补全
1
2
3
4
5
6
7
8
9
10
|
sudo apt install -y bash-completion
sudo yum install -y bash-completion
echo 'source <(kubectl completion bash)' >> ~/.bashrc
echo 'alias k=kubectl' >> ~/.bashrc
echo 'complete -F __start_kubectl k' >> ~/.bashrc
source ~/.bashrc
|
7. 部署Nginx Ingress Controller(无需外部仓库)
由于我们禁用了Traefik,需要部署一个替代的Ingress Controller。这里我们选择Nginx Ingress Controller,并使用k3s内置的containerd。
7.1 创建部署文件
创建nginx-ingress.yaml文件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
| apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
rules:
- apiGroups: [""]
resources: ["configmaps", "endpoints", "nodes", "pods", "secrets"]
verbs: ["list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses/status"]
verbs: ["update"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx-ingress
template:
metadata:
labels:
app: nginx-ingress
spec:
serviceAccountName: nginx-ingress-serviceaccount
containers:
- name: nginx-ingress-controller
image: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.8.1
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
---
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
nodePort: 30080
- name: https
port: 443
targetPort: 443
nodePort: 30443
selector:
app: nginx-ingress
|
7.2 部署Nginx Ingress Controller
1
2
3
4
5
|
kubectl apply -f nginx-ingress.yaml
kubectl get pods -n ingress-nginx -w
|
等待所有Pod状态变为Running,通常需要2-3分钟。
8. 创建Go Web应用(无需外部Docker仓库)
8.1 示例Go Web应用
创建项目目录和文件:
1
| mkdir -p ~/go-web-app && cd ~/go-web-app
|
创建main.go文件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| package main
import (
"fmt"
"net/http"
"os"
"time"
)
func main() {
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
hostname, _ := os.Hostname()
fmt.Fprintf(w, "Hello from Go Web App! 🚀\n")
fmt.Fprintf(w, "Hostname: %s\n", hostname)
fmt.Fprintf(w, "Server Time: %s\n", time.Now().Format(time.RFC3339))
fmt.Fprintf(w, "Request URL: %s\n", r.URL.Path)
fmt.Fprintf(w, "User Agent: %s\n", r.Header.Get("User-Agent"))
})
http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "OK")
})
port := os.Getenv("PORT")
if port == "" {
port = "8080"
}
fmt.Printf("Server starting on port %s...\n", port)
if err := http.ListenAndServe(":"+port, nil); err != nil {
fmt.Printf("Server failed: %v\n", err)
os.Exit(1)
}
}
|
8.2 本地构建Docker镜像
创建Dockerfile:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| FROM registry.cn-hangzhou.aliyuncs.com/google_containers/golang:1.21-alpine AS builder
WORKDIR /app
COPY . .
RUN go build -o go-web-app .
FROM registry.cn-hangzhou.aliyuncs.com/google_containers/alpine:3.18
WORKDIR /root/
COPY --from=builder /app/go-web-app .
EXPOSE 8080
ENV PORT=8080
CMD ["./go-web-app"]
|
8.3 构建并导入到k3s的containerd
由于我们不需要外部Docker仓库,我们将使用k3s内置的containerd:
1
2
3
4
5
6
7
8
9
10
11
|
sudo docker build -t go-web-app:v1 .
sudo docker save -o go-web-app.tar go-web-app:v1
sudo ctr -n k8s.io images import go-web-app.tar
sudo ctr -n k8s.io images list | grep go-web-app
|
9. 部署Go Web应用到k3s
9.1 创建Kubernetes部署文件
创建deployment.yaml:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
| apiVersion: apps/v1
kind: Deployment
metadata:
name: go-web-app
labels:
app: go-web-app
spec:
replicas: 2
selector:
matchLabels:
app: go-web-app
template:
metadata:
labels:
app: go-web-app
spec:
containers:
- name: go-web-app
image: go-web-app:v1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
env:
- name: PORT
value: "8080"
readinessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 15
periodSeconds: 20
resources:
limits:
cpu: "100m"
memory: "128Mi"
requests:
cpu: "50m"
memory: "64Mi"
|
创建service.yaml:
1
2
3
4
5
6
7
8
9
10
11
12
| apiVersion: v1
kind: Service
metadata:
name: go-web-app-service
spec:
selector:
app: go-web-app
ports:
- port: 80
targetPort: 8080
protocol: TCP
type: ClusterIP
|
创建ingress.yaml:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: go-web-app-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: go-web-app-service
port:
number: 80
|
9.2 部署应用
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
kubectl apply -f deployment.yaml
kubectl apply -f service.yaml
kubectl apply -f ingress.yaml
kubectl get deployments
kubectl get pods
kubectl get services
kubectl get ingress
|
10. 验证应用访问
10.1 获取Ingress地址
输出应该类似于:
1
2
| NAME CLASS HOSTS ADDRESS PORTS AGE
go-web-app-ingress <none> * 192.168.1.100 80 5m
|
10.2 测试访问
1
2
|
curl http://<NODE_IP>:30080
|
或者直接在浏览器中访问 http://<NODE_IP>:30080,你应该看到:
1
2
3
4
5
| Hello from Go Web App! 🚀
Hostname: go-web-app-5d8b7b9f7d-2xkl7
Server Time: 2023-12-11T15:30:45Z
Request URL: /
User Agent: curl/7.68.0
|
11. 应用监控和日志
11.1 查看应用日志
1
2
3
4
5
|
kubectl logs -l app=go-web-app --tail=50
kubectl logs -f deployment/go-web-app
|
11.2 端口转发测试
1
2
3
4
5
|
kubectl port-forward service/go-web-app-service 8080:80
curl http://localhost:8080
|
12. 本地开发和部署流程优化
12.1 创建构建和部署脚本
创建build-and-deploy.sh脚本:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
| #!/bin/bash
set -e
PROJECT_DIR=$(pwd)
IMAGE_NAME="go-web-app"
IMAGE_TAG="v$(date +%Y%m%d%H%M%S)"
echo "构建Go应用..."
CGO_ENABLED=0 GOOS=linux go build -o app .
echo "构建Docker镜像..."
sudo docker build -t ${IMAGE_NAME}:${IMAGE_TAG} .
echo "将镜像导入到k3s containerd..."
sudo docker save -o ${IMAGE_NAME}.tar ${IMAGE_NAME}:${IMAGE_TAG}
sudo ctr -n k8s.io images import ${IMAGE_NAME}.tar
sudo rm ${IMAGE_NAME}.tar
echo "更新Kubernetes部署..."
kubectl set image deployment/${IMAGE_NAME} ${IMAGE_NAME}=${IMAGE_NAME}:${IMAGE_TAG} --record
echo "等待部署完成..."
kubectl rollout status deployment/${IMAGE_NAME}
echo "部署成功!"
kubectl get pods -l app=${IMAGE_NAME}
|
赋予执行权限:
1
| chmod +x build-and-deploy.sh
|
12.2 创建更新脚本
创建update-deployment.sh脚本:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| #!/bin/bash
set -e
if [ $# -lt 1 ]; then
echo "用法: $0 <new_image_tag>"
exit 1
fi
NEW_TAG=$1
IMAGE_NAME="go-web-app"
echo "更新部署到版本: ${NEW_TAG}..."
kubectl set image deployment/${IMAGE_NAME} ${IMAGE_NAME}=${IMAGE_NAME}:${NEW_TAG} --record
echo "等待部署完成..."
kubectl rollout status deployment/${IMAGE_NAME}
echo "部署成功!"
kubectl get pods -l app=${IMAGE_NAME}
|
赋予执行权限:
1
| chmod +x update-deployment.sh
|
13. 常用维护命令
13.1 k3s管理命令
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
sudo systemctl stop k3s
sudo systemctl start k3s
sudo systemctl restart k3s
sudo journalctl -u k3s -f
sudo ctr -n k8s.io images list
sudo ctr -n k8s.io images export go-web-app.tar go-web-app:v1
|
13.2 应用管理命令
1
2
3
4
5
6
7
8
9
10
11
|
kubectl get all
kubectl delete -f deployment.yaml -f service.yaml -f ingress.yaml
kubectl delete all -l app=go-web-app
kubectl rollout undo deployment/go-web-app
|
13.3 节点管理
1
2
3
4
5
6
7
8
|
kubectl describe node $(hostname)
kubectl cordon $(hostname)
kubectl uncordon $(hostname)
|
14. 卸载k3s
如果需要卸载k3s:
1
2
|
sudo /usr/local/bin/k3s-uninstall.sh
|
15. 总结
通过这篇教程,我们成功完成了:
✅ 轻量级Kubernetes环境搭建:使用k3s快速部署Kubernetes集群
✅ 中国镜像源优化:使用阿里云镜像加速下载和部署
✅ 禁用Traefik:根据需求禁用默认的Traefik Ingress Controller
✅ 无需外部Docker仓库:使用k3s内置的containerd管理镜像
✅ Go Web应用部署:从代码到Kubernetes部署的完整流程
✅ Nginx Ingress配置:实现外部访问应用
✅ 本地开发流程优化:创建自动化构建和部署脚本
k3s作为轻量级的Kubernetes解决方案,特别适合资源有限的环境和快速开发测试场景。通过这个部署流程,你可以快速搭建一个支持Go Web应用的Kubernetes环境,并且不需要依赖外部Docker仓库,所有操作都在本地完成。
16. 后续优化建议
- 持久化存储:配置PV/PVC用于数据持久化
- 配置管理:使用ConfigMap和Secret管理配置
- 监控告警:集成Prometheus和Grafana
- CI/CD流水线:配置自动化构建和部署
- 安全加固:配置RBAC、网络策略等安全措施
- 多节点集群:扩展为多节点高可用集群
这个最小化但功能完整的k3s环境,为你提供了快速部署Go Web应用的基础,后续可以根据实际需求进行扩展和优化。
