离线安装-RockyLinux10/AlmaLinux10离线安装k8s

问题/需求场景:

  某些特殊无法联网环境,想要安装k8s,可参考如下方法。

思路:

  安装k8s主要需要k8s镜像、calico镜像、containerd.io、kubectl、kubelet、kubeadm及必要配置文件calico.yaml等,如果把这些提前下载,可以实现离线部署。

 

实际操作:

1、提前准备

  离线环境操作与在线环境不同,如下几个操作步骤应根据不同需求谨慎选择,如果不确定,可以全不做。

  yum install -y  wget net-tools zip   #安装一些常用工具

  yum upgrade -y    #更新系统组件

2、安装准备

  2.1.修改IP地址、主机名,配置/etc/hosts

nmtui

vi /etc/NetworkManager/system-connections/ens160.nmconnection

[ipv4]
address1=192.168.15.121/24
dns=192.168.15.2;
gateway=192.168.15.2

vi /etc/hostname
k8s-worker01

vi /etc/hosts
192.168.15.120 k8s-master01
192.168.15.121 k8s-worker01
192.168.15.122 k8s-worker02
192.168.15.123 k8s-worker03

echo "192.168.15.120 k8s-master01
192.168.15.121 k8s-worker01" >> /etc/hosts
192.168.15.122 k8s-worker02
192.168.15.123 k8s-worker03" >> /etc/hosts

  2.2.关闭防火墙、selinux、swap

systemctl stop firewalld && systemctl disable firewalld
sed -i 's/enforcing/disabled/' /etc/selinux/config && setenforce 0
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab

  2.3.加载必要的核心模块

lsmod |grep -E "overlay|br_netfilter"

modprobe overlay && modprobe br_netfilter

echo "overlay
br_netfilter" >/etc/modules-load.d/k8s.conf

cat /etc/modules-load.d/k8s.conf

  2.4.修改主机内核参数

echo "net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1" > /etc/sysctl.d/k8s.conf

sysctl --system

  2.5.配置yum源  #反正不能联网,做不做都可以

echo "[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/10/x86_64/stable
enabled=1
gpgcheck=0
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg" > /etc/yum.repos.d/containerd.repo

echo "[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.34/rpm
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.34/rpm/repodata/repomd.xml.key" > /etc/yum.repos.d/kubernetes.repo

  2.6.重启一下主机/虚机

3、安装k8s

  3.1.上传并安装 

  rpm -ivh container-selinux-2.241.0-1.el10.noarch.rpm containerd.io-1.7.29-1.el10.x86_64.rpm

  提前下载地址参考:

  https://rpmfind.net/linux/centos-stream/10-stream/AppStream/x86_64/os/Packages/container-selinux-2.241.0-1.el10.noarch.rpm

  https://mirrors.aliyun.com/docker-ce/linux/centos/10/x86_64/stable/Packages/containerd.io-1.7.29-1.el10.x86_64.rpm

  3.2.安装kubectl、kubelet、kubeadm
  rpm -ivh kube*.rpm
  提前下载地址参考:
  https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.34/rpm/x86_64

  3.3.生成并配置containerd配置文件

  containerd config default |sudo tee /etc/containerd/config.toml

  vi /etc/containerd/config.toml

  ...

---------------------------------------------------------

64     max_container_log_line_size = 16384

     65     netns_mounts_under_state_dir = false

     66     restrict_oom_score_adj = false

     67     sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.10.1"

     68     selinux_category_range = 1024

     69     stats_collect_period = 10

     70     stream_idle_timeout = "4h0m0s"

  ...

----------------------------------------------------------
  128           [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
    129             BinaryName = ""
    130             CriuImagePath = ""
    131             CriuPath = ""
    132             CriuWorkPath = ""
    133             IoGid = 0
    134             IoUid = 0
    135             NoNewKeyring = false
    136             NoPivotRoot = false
    137             Root = ""
    138             ShimCgroup = ""
    139             SystemdCgroup = true

  ...

----------------------------------------------------------
  3.4.设置containerd、kubelet开机自启动并立即启动
  systemctl enable --now  containerd
  systemctl enable --now  kubelet
  3.5.初始化crictl配置文件
  echo "runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint:unix:///run/containerd/containerd.sock
timeout: 10
debug: false" > /etc/crictl.yaml
 
  systemctl restart containerd
  3.6.将提前下载好的k8s、calico镜像上传到服务器,默认为k8s
  打包好的镜像一般为tar或tar.gz,又或者是gtz,其实都一样。
  获取镜像有两种方式:
  从官网下载镜像文件,如calico镜像,下载release-v3.31.2.tgz文件(地址是:wget https://github.com/projectcalico/calico/releases/download/v3.31.2/release-v3.31.2.tgz),解压缩后会看到image文件夹,里面就是镜像文件;
  另一种是从已部署环境导出镜像文件,参考: 

  ctr -n k8s image export --all-platforms kube-proxy.tar.gz registry.aliyuncs.com/google_containers/kube-proxy:v1.34.2

  3.7.初始化k8s
  kubeadm init --ignore-preflight-errors=Swap      --apiserver-advertise-address=192.168.15.120    --image-repository registry.aliyuncs.com/google_containers
  3.8.master节点配置环境变量,worker节点添加到集群,参考:
  mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
  kubeadm join 192.168.15.120:6443 --token cj29ev.u0tt8ozlj49ebw44         --discovery-token-ca-cert-hash sha256:ecc95013a4369ee33fcf1c48f3aa27e6af5b3f3001fc9e7a17d308d642000aa2
  3.9.上传calico.yaml文件并安装calico插件
  kubectl apply -f calico.yaml 
  kubectl get pods -A #查看pod状态
 
4、非常重要的一点:
  笔者在部署中发现一个问题,经常出现一个场景:
  本地库中已包含所需镜像文件,且版本号匹配,但是部署的时候仍坚持从网上下载镜像,导致部署失败。原因可能有两种:
  (1)配置文件中版本号不对
  (2)配置文件版本不对
  如安装calico时,前者是指配置文件中定义的版本,如指定的源是v3.31.21,但是本地镜像库中版本是 quay.io/calico/cni v3.31.2;后者指calico.yaml文件本身的版本不对,或者来源不同。
  
posted @ 2025-11-27 10:05  smallfishy  阅读(3)  评论(0)    收藏  举报