缺省安装的k3s使用的是containerd作为容器运行环境，如果希望使用Docker作为容器运行环境，只需要在安装时通过环境变量INSTALL_K3S_EXEC指定--docker即可。这篇文章具体介绍一下具体的安装与部署方法。

步骤1: 安装Docker

现在Docker官方已经提供了一键脚本，可以直接使用进行安装，安装命令如下所示：

curl -fsSL -o get-docker.sh && sh get-docker.sh

安装日志如下所示：

[root@liumiaocn ~]# curl -fsSL -o get-docker.sh && sh get-docker.sh # Executing docker install script, commit: f45d7c11389849ff46a6b4d94e0dd1ffebca32c1+ sh -c 'yum install -y -q yum-utils'warning: /var/cache/yum/x86_64/7/base/packages/python-chardet-2.2.1-3.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEYPublic key for python-chardet-2.2.1-3.el7.noarch.rpm is not installedImporting GPG key 0xF4A80EB5:Userid: "CentOS-7 Key (CentOS 7 Official Signing Key) <security@>"Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5Package : centos-release-7-6.1810.2.el7.centos.x86_64 (@anaconda)From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7+ sh -c 'yum-config-manager --add-repo /linux/centos/docker-ce.repo'Loaded plugins: fastestmirroradding repo from: /linux/centos/docker-ce.repograbbing file /linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.reporepo saved to /etc/yum.repos.d/docker-ce.repo+ '[' stable '!=' stable ']'+ sh -c 'yum makecache'Loaded plugins: fastestmirrorLoading mirror speeds from cached hostfile* base: mirror.* extras: mirrors.* updates: mirror.base | 3.6 kB 00:00:00docker-ce-stable | 3.5 kB 00:00:00extras | 2.9 kB 00:00:00updates| 2.9 kB 00:00:00(1/10): docker-ce-stable/x86_64/filelists_db | 18 kB 00:00:01(2/10): docker-ce-stable/x86_64/updateinfo | 55 B 00:00:01(3/10): base/7/x86_64/other_db | 2.6 MB 00:00:01(4/10): docker-ce-stable/x86_64/primary_db | 37 kB 00:00:00(5/10): docker-ce-stable/x86_64/other_db | 111 kB 00:00:00(6/10): extras/7/x86_64/other_db | 100 kB 00:00:00(7/10): base/7/x86_64/filelists_db | 7.3 MB 00:00:02(8/10): extras/7/x86_64/filelists_db | 207 kB 00:00:00(9/10): updates/7/x86_64/other_db| 267 kB 00:00:00(10/10): updates/7/x86_64/filelists_db| 2.7 MB 00:00:03Metadata Cache Created+ '[' -n '' ']'+ sh -c 'yum install -y -q docker-ce'Delta RPMs disabled because /usr/bin/applydeltarpm not installed.warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-ce-19.03.5-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEYPublic key for docker-ce-19.03.5-3.el7.x86_64.rpm is not installedImporting GPG key 0x621E9F35:Userid: "Docker Release (CE rpm) <docker@>"Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35From : /linux/centos/gpgIf you would like to use Docker as a non-root user, you should now consideradding your user to the "docker" group with something like:sudo usermod -aG docker your-userRemember that you will have to log out and back in for this to take effect!WARNING: Adding a user to the "docker" group will grant the ability to runcontainers which can be used to obtain root privileges on thedocker host.Refer to /engine/security/security/#docker-daemon-attack-surfacefor more information.[root@liumiaocn ~]#

由于官方脚本中很贴心的加的有set -x，执行时的调试信息也进行了显示，可以看到就是yum仓库的设定然后进行安装的方式。另外由于此处是root用户，提示如果希望使用普通用户，然后将将此用户添加到docker组中，但是同时会将此用户赋予对宿主机进行一部分特权的风险（其实就是sbit的权限），这里就不再关注。上述安装完成之后，通过docker version即可确认到版本信息。

[root@liumiaocn ~]# docker versionClient: Docker Engine - CommunityVersion: 19.03.5API version: 1.40Go version: go1.12.12Git commit: 633a0eaBuilt: Wed Nov 13 07:25:41 OS/Arch: linux/amd64Experimental:falseCannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?[root@liumiaocn ~]#

启动Docker服务

[root@liumiaocn ~]# systemctl start docker[root@liumiaocn ~]#

可以看到containerd和runc的版本信息

[root@liumiaocn ~]# docker versionClient: Docker Engine - CommunityVersion: 19.03.5API version: 1.40Go version: go1.12.12Git commit: 633a0eaBuilt: Wed Nov 13 07:25:41 OS/Arch: linux/amd64Experimental:falseServer: Docker Engine - CommunityEngine:Version:19.03.5API version:1.40 (minimum version 1.12)Go version: go1.12.12Git commit: 633a0eaBuilt: Wed Nov 13 07:24:18 OS/Arch:linux/amd64Experimental:falsecontainerd:Version:1.2.10GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339runc:Version:1.0.0-rc8+devGitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657docker-init:Version:0.18.0GitCommit: fec3683[root@liumiaocn ~]#

虽然贴了这么多日志，但实际上到目前只有一个一键安装脚本的执行和一条systemctl语句的服务启动Docker的安装就完成了。

步骤2: 安装k3s

可以使用如下命令进行安装：

环境变量方式：curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC=“server --docker” sh -s -

或者

直接传参方式：curl -sfL https://get.k3s.io | sh -s - server --docker

这里使用直接传参方式，安装日志如下所示

[root@liumiaocn ~]# curl -sfL https://get.k3s.io | sh -s - server --docker[INFO] Finding latest release[INFO] Using v1.0.0 as release[INFO] Downloading hash /rancher/k3s/releases/download/v1.0.0/sha256sum-amd64.txt[INFO] Downloading binary /rancher/k3s/releases/download/v1.0.0/k3s[INFO] Verifying binary download[INFO] Installing k3s to /usr/local/bin/k3s[INFO] SELinux is enabled, setting permissionswhich: no kubectl in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)[INFO] Creating /usr/local/bin/kubectl symlink to k3swhich: no crictl in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)[INFO] Creating /usr/local/bin/crictl symlink to k3s[INFO] Skipping /usr/local/bin/ctr symlink to k3s, command exists in PATH at /usr/bin/ctr[INFO] Creating killall script /usr/local/bin/k3s-killall.sh[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env[INFO] systemd: Creating service file /etc/systemd/system/k3s.service[INFO] systemd: Enabling k3s unitCreated symlink from /etc/systemd/system/multi-user.target.wants/k3s.service to /etc/systemd/system/k3s.service.[INFO] systemd: Starting k3s[root@liumiaocn ~]#

确认容器运行环境

[root@liumiaocn ~]# kubectl get node -o wideNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGEKERNEL-VERSIONCONTAINER-RUNTIMEliumiaocn Ready master 99s v1.16.3-k3s.2 192.168.163.143 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://19.3.5[root@liumiaocn ~]#

可以看到此处提示的DONTAINER-RUNTIME（容器运行环境也称为容器运行时）为docker的19.3.5版本，正是前面刚刚安装的Docker版本。比较一下缺省安装方式下的k3s，可以看到缺省方式下k3s是直接使用containerd。

[root@liumiaocn ~]# kubectl get node -o wideNAME STATUS ROLES AGEVERSION INTERNAL-IP EXTERNAL-IP OS-IMAGEKERNEL-VERSIONCONTAINER-RUNTIMEliumiaocn Ready master 3m38s v1.16.3-k3s.2 192.168.163.143 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 containerd://1.3.0-k3s.4[root@liumiaocn ~]#

详细可参看：https://liumiaocn./article/details/103234225

总结

相较于kubernetes的每次release note中提到的简单的部署方式，k3s宣称的简单，在使用起来确实简单。使用docker作为容器运行环境，是否多余放在一边，实际中已经有很多在Docker基础上运行的系统，这种方式会减少对既存系统的影响。