Ubuntu离线环境部署Kubernetes v1.31.3(ARM64)
<h1 id="离线arm64环境-kubernetes-v1313-部署过程记录">离线ARM64环境 Kubernetes v1.31.3 部署过程记录</h1><h2 id="前言">前言</h2>
<p>本文基于 <strong>Ubuntu 22.04/24.04 LTS ARM64</strong> 架构,提供<strong>完全离线、无外网、无私有仓库</strong>的 Kubernetes 集群部署方案,包含完整部署流程、离线物料制备、实战踩坑问题解决。</p>
<hr>
<h2 id="一部署环境要求">一、部署环境要求</h2>
<h3 id="11-硬件配置">1.1 硬件配置</h3>
<table>
<thead>
<tr>
<th>节点角色</th>
<th>数量</th>
<th>CPU</th>
<th>内存</th>
<th>磁盘</th>
<th>架构</th>
</tr>
</thead>
<tbody>
<tr>
<td>Master</td>
<td>1</td>
<td>≥4核</td>
<td>≥8G</td>
<td>≥40G SSD</td>
<td>ARM64</td>
</tr>
<tr>
<td>Node</td>
<td>≥1</td>
<td>≥4核</td>
<td>≥8G</td>
<td>≥40G SSD</td>
<td>ARM64</td>
</tr>
</tbody>
</table>
<p><img src="https://img2024.cnblogs.com/blog/1450920/202603/1450920-20260305133557215-142056262.png"></p>
<h3 id="12-基础约束">1.2 基础约束</h3>
<ul>
<li>操作系统:Ubuntu 22.04 / 24.04 LTS ARM64</li>
<li>所有节点<strong>关闭 Swap</strong></li>
<li>节点间网络互通,配置主机名解析</li>
<li><strong>完全无外网、无镜像源</strong></li>
</ul>
<h3 id="13-主机名与hosts配置所有节点执行">1.3 主机名与hosts配置(所有节点执行)</h3>
<pre><code class="language-bash"># 设置主机名(示例)
hostnamectl set-hostname k8s-master
hostnamectl set-hostname k8s-node01
# 配置hosts
cat >> /etc/hosts <<EOF
192.168.10.10k8s-master
192.168.10.11k8s-node01
EOF
</code></pre>
<h2 id="二离线物料准备">二、离线物料准备</h2>
<h3 id="21-必备物料清单">2.1 必备物料清单</h3>
<pre><code>1. K8s 官方二进制包(linux-arm64)
kubeadm v1.31.3
kubelet v1.31.3
kubectl v1.31.3
2. 离线依赖 deb 包(ARM64)
conntrack_1%3a1.4.8-1ubuntu1_arm64.deb(核心依赖,必装)
containerd.io_1.7.21-1_arm64.deb
runc_1.1.12-0ubuntu1~22.04_arm64.deb
cri-tools_1.26.0-00_arm64.deb
kubernetes-cni_1.26.0-00_arm64.deb
3. 离线镜像包
k8s-ixe-images-v1.31.3-arm64.tar(K8s 全套核心镜像)
pause-3.10-arm64-single.tar(单架构 pause 镜像,解决导入报错)
4. 配置文件
calico-v3.31.3-arm64.yaml(Calico 网络插件)
kubelet.service(kubelet 系统服务文件
</code></pre>
<h3 id="22-联网机制备物料仅执行一次">2.2 联网机制备物料(仅执行一次)</h3>
<pre><code># conntrack 官方ARM64包(清华镜像源)
https://mirrors.tuna.tsinghua.edu.cn/ubuntu-ports/pool/main/c/conntrack-tools/conntrack_1.4.8-1ubuntu1_arm64.deb
# containerd 官方包
https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/arm64/containerd.io_1.7.21-1_arm64.deb
# 1. 下载K8s官方ARM64二进制包
wget https://dl.k8s.io/v1.31.3/bin/linux/arm64/kubeadm
wget https://dl.k8s.io/v1.31.3/bin/linux/arm64/kubelet
wget https://dl.k8s.io/v1.31.3/bin/linux/arm64/kubectl
# 2. 下载离线依赖deb包(清华源+官方)
wget https://mirrors.tuna.tsinghua.edu.cn/ubuntu-ports/pool/main/c/conntrack-tools/conntrack_1.4.8-1ubuntu1_arm64.deb
wget https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/arm64/containerd.io_1.7.21-1_arm64.deb
wget https://mirrors.tuna.tsinghua.edu.cn/ubuntu-ports/pool/main/r/runc/runc_1.1.12-0ubuntu1~22.04_arm64.deb
# 3. 下载Calico配置
wget https://raw.githubusercontent.com/projectcalico/calico/v3.31.3/manifests/calico.yaml -O calico-v3.31.3-arm64.yaml
# 4. 导出单架构pause镜像(解决ctr导入报错)
ctr -n k8s.io i pull --platform linux/arm64 registry.k8s.io/pause:3.10
ctr -n k8s.io i export --platform linux/arm64 pause-3.10-arm64-single.tar registry.k8s.io/pause:3.10
# 5. 导出K8s全套离线镜像
ctr -n k8s.io i export k8s-ixe-images-v1.31.3-arm64.tar \
registry.k8s.io/kube-apiserver:v1.31.3 \
registry.k8s.io/kube-controller-manager:v1.31.3 \
registry.k8s.io/kube-scheduler:v1.31.3 \
registry.k8s.io/kube-proxy:v1.31.3 \
registry.k8s.io/pause:3.10 \
registry.k8s.io/etcd:3.5.15-0 \
registry.k8s.io/coredns/coredns:v1.11.3 \
docker.io/calico/cni:v3.31.3 \
docker.io/calico/node:v3.31.3 \
docker.io/calico/kube-controllers:v3.31.3
</code></pre>
<pre><code># 1. 下载K8s官方x86_64二进制包
wget https://dl.k8s.io/v1.31.3/bin/linux/amd64/kubeadm
wget https://dl.k8s.io/v1.31.3/bin/linux/amd64/kubelet
wget https://dl.k8s.io/v1.31.3/bin/linux/amd64/kubectl
# 2. 下载离线依赖deb包(清华源+官方)
wget https://mirrors.tuna.tsinghua.edu.cn/ubuntu/pool/main/c/conntrack-tools/conntrack_1.4.8-1ubuntu1_amd64.deb
wget https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/amd64/containerd.io_1.7.21-1_amd64.deb
wget https://mirrors.tuna.tsinghua.edu.cn/ubuntu/pool/main/r/runc/runc_1.1.12-0ubuntu1~22.04_amd64.deb
# 3. 下载Calico配置
wget https://raw.githubusercontent.com/projectcalico/calico/v3.31.3/manifests/calico.yaml -O calico-v3.31.3-amd64.yaml
# 4. 导出单架构pause镜像(解决ctr导入报错)
ctr -n k8s.io i pull --platform linux/amd64 registry.k8s.io/pause:3.10
ctr -n k8s.io i export --platform linux/amd64 pause-3.10-amd64-single.tar registry.k8s.io/pause:3.10
# 5. 导出K8s全套离线镜像
ctr -n k8s.io i export k8s-ixe-images-v1.31.3-amd64.tar \
registry.k8s.io/kube-apiserver:v1.31.3 \
registry.k8s.io/kube-controller-manager:v1.31.3 \
registry.k8s.io/kube-scheduler:v1.31.3 \
registry.k8s.io/kube-proxy:v1.31.3 \
registry.k8s.io/pause:3.10 \
registry.k8s.io/etcd:3.5.15-0 \
registry.k8s.io/coredns/coredns:v1.11.3 \
docker.io/calico/cni:v3.31.3 \
docker.io/calico/node:v3.31.3 \
docker.io/calico/kube-controllers:v3.31.3
</code></pre>
<h3 id="23-物料传输">2.3 物料传输</h3>
<p>将所有物料拷贝至离线节点 /opt/k8s-offline/ 目录。</p>
<h2 id="三所有节点统一初始化masternode">三、所有节点统一初始化(Master+Node)</h2>
<h3 id="31-关闭-swap">3.1 关闭 Swap</h3>
<pre><code>swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab
</code></pre>
<h3 id="35-配置-containerd">3.5 配置 containerd</h3>
<h3 id="32-加载内核模块">3.2 加载内核模块</h3>
<pre><code>cat > /etc/modules-load.d/containerd.conf <<EOF
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
</code></pre>
<h3 id="33-配置内核参数">3.3 配置内核参数</h3>
<pre><code>cat > /etc/sysctl.d/99-k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables= 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sysctl --system
</code></pre>
<h3 id="34-安装离线依赖-deb-包">3.4 安装离线依赖 deb 包</h3>
<pre><code>cd /opt/k8s-offline
dpkg -i *.deb
apt -f install -y
</code></pre>
<h3 id="35-部署-k8s-二进制文件">3.5 部署 K8s 二进制文件</h3>
<pre><code>cd /opt/k8s-offline
chmod +x kubeadm kubelet kubectl
mv kubeadm kubelet kubectl /usr/local/bin/
</code></pre>
<h3 id="36-配置-containerd">3.6 配置 containerd</h3>
<pre><code>containerd config default > /etc/containerd/config.toml
sed -i 's#sandbox_image = "registry.k8s.io/pause:3.8"#sandbox_image = "registry.k8s.io/pause:3.10"#' /etc/containerd/config.toml
systemctl enable containerd
systemctl restart containerd
</code></pre>
<h3 id="37-配置-kubelet">3.7 配置 kubelet</h3>
<pre><code># 创建kubelet配置文件
cat > /var/lib/kubelet/config.yaml <<EOF
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
podInfraContainerImage: "registry.k8s.io/pause:3.10"
EOF
# 创建kubelet服务文件
cat > /etc/systemd/system/kubelet.service <<EOF
Description=kubelet: The Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/
ExecStart=/usr/local/bin/kubelet
Restart=always
StartLimitInterval=0
RestartSec=10
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kubelet
systemctl restart kubelet
</code></pre>
<h2 id="四master-节点部署">四、Master 节点部署</h2>
<h3 id="41-导入离线镜像">4.1 导入离线镜像</h3>
<pre><code>cd /opt/k8s-offline
ctr -n k8s.io images import k8s-ixe-images-v1.31.3-arm64.tar
ctr -n k8s.io images import pause-3.10-arm64-single.tar
</code></pre>
<h3 id="42-kubeadm-初始化集群">4.2 kubeadm 初始化集群</h3>
<pre><code>kubeadm init \
--kubernetes-version=v1.31.3 \
--apiserver-advertise-address=192.168.10.10 \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--image-repository=registry.k8s.io \
--ignore-preflight-errors=swap
</code></pre>
<p>保存输出的 kubeadm join 命令,用于 Node 节点加入集群</p>
<h3 id="43-配置-kubectl">4.3 配置 kubectl</h3>
<pre><code>mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
</code></pre>
<h3 id="44-部署-calico-网络">4.4 部署 Calico 网络</h3>
<pre><code>kubectl apply -f calico-v3.31.3-arm64.yaml
</code></pre>
<h2 id="五node-节点部署">五、Node 节点部署</h2>
<h3 id="51-导入镜像">5.1 导入镜像</h3>
<pre><code>cd /opt/k8s-offline
ctr -n k8s.io images import k8s-ixe-images-v1.31.3-arm64.tar
ctr -n k8s.io images import pause-3.10-arm64-single.tar
</code></pre>
<h3 id="52-加入集群">5.2 加入集群</h3>
<pre><code># 使用Master初始化输出的join命令
kubeadm join 192.168.10.10:6443 --token xxx \
--discovery-token-ca-cert-hash sha256:xxx
</code></pre>
<h2 id="六实战踩坑核心问题及解决方案">六、实战踩坑:核心问题及解决方案</h2>
<h3 id="问题-1node-节点-notreadycalico-node-报错failed-to-get-sandbox-image-registryk8siopause38">问题 1:Node 节点 NotReady,calico-node 报错Failed to get sandbox image "registry.k8s.io/pause:3.8"</h3>
<p>原因:kubelet 默认使用 pause:3.8,离线环境无法拉取,覆盖 containerd 配置。</p>
<pre><code>sed -i 's#podInfraContainerImage:.*#podInfraContainerImage: "registry.k8s.io/pause:3.10"#' /var/lib/kubelet/config.yaml
systemctl restart containerd kubelet
kubectl delete pod -n kube-system calico-node-xxx
</code></pre>
<h3 id="问题-2ctr-导入镜像报错content-digest-not-found">问题 2:ctr 导入镜像报错content digest not found</h3>
<p>原因:ctr 不支持多架构镜像导入。<br>
解决方案:必须使用--platform linux/arm64导出单架构镜像。</p>
<pre><code>例如
ctr -n k8s.io images export--platform linux/arm64kube-proxy.tar.gzregistry.k8s.io/kube-proxy:v1.31.3
</code></pre>
<h3 id="问题-3coredns-一直-pending">问题 3:coredns 一直 Pending</h3>
<p>原因:未部署 CNI 网络插件。<br>
解决方案:执行 Calico 部署命令,等待 1-2 分钟自动恢复。</p>
<h2 id="七部署验证">七、部署验证</h2>
<h3 id="71-节点状态检查">7.1 节点状态检查</h3>
<pre><code>kubectl get nodes
</code></pre>
<p><img src="https://img2024.cnblogs.com/blog/1450920/202603/1450920-20260305133258365-1876794297.png"></p>
<h3 id="72-系统-pod-检查">7.2 系统 Pod 检查</h3>
<pre><code>kubectl get pods -n kube-system
</code></pre>
<p><img src="https://img2024.cnblogs.com/blog/1450920/202603/1450920-20260305133333981-1007850498.png"></p>
</div>
<div id="MySignature" role="contentinfo">
- 但行好事,
莫问前程 -<br><br>
来源:https://www.cnblogs.com/Dfengshuo/p/19672412
頁:
[1]