離線ARM64環境 Kubernetes v1.31.3 部署過程記錄
前言
本文基於 Ubuntu 22.04/24.04 LTS ARM64 架構,提供完全離線、無外網、無私有倉庫的 Kubernetes 集羣部署方案,包含完整部署流程、離線物料製備、實戰踩坑問題解決。
一、部署環境要求
1.1 硬件配置
| 節點角色 | 數量 | CPU | 內存 | 磁盤 | 架構 |
|---|---|---|---|---|---|
| Master | 1 | ≥4核 | ≥8G | ≥40G SSD | ARM64 |
| Node | ≥1 | ≥4核 | ≥8G | ≥40G SSD | ARM64 |
1.2 基礎約束
- 操作系統:Ubuntu 22.04 / 24.04 LTS ARM64
- 所有節點關閉 Swap
- 節點間網絡互通,配置主機名解析
- 完全無外網、無鏡像源
1.3 主機名與hosts配置(所有節點執行)
# 設置主機名(示例)
hostnamectl set-hostname k8s-master
hostnamectl set-hostname k8s-node01
# 配置hosts
cat >> /etc/hosts <<EOF
192.168.10.10 k8s-master
192.168.10.11 k8s-node01
EOF
二、離線物料準備
2.1 必備物料清單
1. K8s 官方二進制包(linux-arm64)
kubeadm v1.31.3
kubelet v1.31.3
kubectl v1.31.3
2. 離線依賴 deb 包(ARM64)
conntrack_1%3a1.4.8-1ubuntu1_arm64.deb(核心依賴,必裝)
containerd.io_1.7.21-1_arm64.deb
runc_1.1.12-0ubuntu1~22.04_arm64.deb
cri-tools_1.26.0-00_arm64.deb
kubernetes-cni_1.26.0-00_arm64.deb
3. 離線鏡像包
k8s-ixe-images-v1.31.3-arm64.tar(K8s 全套核心鏡像)
pause-3.10-arm64-single.tar(單架構 pause 鏡像,解決導入報錯)
4. 配置文件
calico-v3.31.3-arm64.yaml(Calico 網絡插件)
kubelet.service(kubelet 系統服務文件
2.2 聯網機制備物料(僅執行一次)
# conntrack 官方ARM64包(清華鏡像源)
https://mirrors.tuna.tsinghua.edu.cn/ubuntu-ports/pool/main/c/conntrack-tools/conntrack_1.4.8-1ubuntu1_arm64.deb
# containerd 官方包
https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/arm64/containerd.io_1.7.21-1_arm64.deb
# 1. 下載K8s官方ARM64二進制包
wget https://dl.k8s.io/v1.31.3/bin/linux/arm64/kubeadm
wget https://dl.k8s.io/v1.31.3/bin/linux/arm64/kubelet
wget https://dl.k8s.io/v1.31.3/bin/linux/arm64/kubectl
# 2. 下載離線依賴deb包(清華源+官方)
wget https://mirrors.tuna.tsinghua.edu.cn/ubuntu-ports/pool/main/c/conntrack-tools/conntrack_1.4.8-1ubuntu1_arm64.deb
wget https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/arm64/containerd.io_1.7.21-1_arm64.deb
wget https://mirrors.tuna.tsinghua.edu.cn/ubuntu-ports/pool/main/r/runc/runc_1.1.12-0ubuntu1~22.04_arm64.deb
# 3. 下載Calico配置
wget https://raw.githubusercontent.com/projectcalico/calico/v3.31.3/manifests/calico.yaml -O calico-v3.31.3-arm64.yaml
# 4. 導出單架構pause鏡像(解決ctr導入報錯)
ctr -n k8s.io i pull --platform linux/arm64 registry.k8s.io/pause:3.10
ctr -n k8s.io i export --platform linux/arm64 pause-3.10-arm64-single.tar registry.k8s.io/pause:3.10
# 5. 導出K8s全套離線鏡像
ctr -n k8s.io i export k8s-ixe-images-v1.31.3-arm64.tar \
registry.k8s.io/kube-apiserver:v1.31.3 \
registry.k8s.io/kube-controller-manager:v1.31.3 \
registry.k8s.io/kube-scheduler:v1.31.3 \
registry.k8s.io/kube-proxy:v1.31.3 \
registry.k8s.io/pause:3.10 \
registry.k8s.io/etcd:3.5.15-0 \
registry.k8s.io/coredns/coredns:v1.11.3 \
docker.io/calico/cni:v3.31.3 \
docker.io/calico/node:v3.31.3 \
docker.io/calico/kube-controllers:v3.31.3
# 1. 下載K8s官方x86_64二進制包
wget https://dl.k8s.io/v1.31.3/bin/linux/amd64/kubeadm
wget https://dl.k8s.io/v1.31.3/bin/linux/amd64/kubelet
wget https://dl.k8s.io/v1.31.3/bin/linux/amd64/kubectl
# 2. 下載離線依賴deb包(清華源+官方)
wget https://mirrors.tuna.tsinghua.edu.cn/ubuntu/pool/main/c/conntrack-tools/conntrack_1.4.8-1ubuntu1_amd64.deb
wget https://download.docker.com/linux/ubuntu/dists/jammy/pool/stable/amd64/containerd.io_1.7.21-1_amd64.deb
wget https://mirrors.tuna.tsinghua.edu.cn/ubuntu/pool/main/r/runc/runc_1.1.12-0ubuntu1~22.04_amd64.deb
# 3. 下載Calico配置
wget https://raw.githubusercontent.com/projectcalico/calico/v3.31.3/manifests/calico.yaml -O calico-v3.31.3-amd64.yaml
# 4. 導出單架構pause鏡像(解決ctr導入報錯)
ctr -n k8s.io i pull --platform linux/amd64 registry.k8s.io/pause:3.10
ctr -n k8s.io i export --platform linux/amd64 pause-3.10-amd64-single.tar registry.k8s.io/pause:3.10
# 5. 導出K8s全套離線鏡像
ctr -n k8s.io i export k8s-ixe-images-v1.31.3-amd64.tar \
registry.k8s.io/kube-apiserver:v1.31.3 \
registry.k8s.io/kube-controller-manager:v1.31.3 \
registry.k8s.io/kube-scheduler:v1.31.3 \
registry.k8s.io/kube-proxy:v1.31.3 \
registry.k8s.io/pause:3.10 \
registry.k8s.io/etcd:3.5.15-0 \
registry.k8s.io/coredns/coredns:v1.11.3 \
docker.io/calico/cni:v3.31.3 \
docker.io/calico/node:v3.31.3 \
docker.io/calico/kube-controllers:v3.31.3
2.3 物料傳輸
將所有物料拷貝至離線節點 /opt/k8s-offline/ 目錄。
三、所有節點統一初始化(Master+Node)
3.1 關閉 Swap
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab
3.5 配置 containerd
3.2 加載內核模塊
cat > /etc/modules-load.d/containerd.conf <<EOF
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
3.3 配置內核參數
cat > /etc/sysctl.d/99-k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sysctl --system
3.4 安裝離線依賴 deb 包
cd /opt/k8s-offline
dpkg -i *.deb
apt -f install -y
3.5 部署 K8s 二進制文件
cd /opt/k8s-offline
chmod +x kubeadm kubelet kubectl
mv kubeadm kubelet kubectl /usr/local/bin/
3.6 配置 containerd
containerd config default > /etc/containerd/config.toml
sed -i 's#sandbox_image = "registry.k8s.io/pause:3.8"#sandbox_image = "registry.k8s.io/pause:3.10"#' /etc/containerd/config.toml
systemctl enable containerd
systemctl restart containerd
3.7 配置 kubelet
# 創建kubelet配置文件
cat > /var/lib/kubelet/config.yaml <<EOF
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
podInfraContainerImage: "registry.k8s.io/pause:3.10"
EOF
# 創建kubelet服務文件
cat > /etc/systemd/system/kubelet.service <<EOF
[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/
[Service]
ExecStart=/usr/local/bin/kubelet
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kubelet
systemctl restart kubelet
四、Master 節點部署
4.1 導入離線鏡像
cd /opt/k8s-offline
ctr -n k8s.io images import k8s-ixe-images-v1.31.3-arm64.tar
ctr -n k8s.io images import pause-3.10-arm64-single.tar
4.2 kubeadm 初始化集羣
kubeadm init \
--kubernetes-version=v1.31.3 \
--apiserver-advertise-address=192.168.10.10 \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--image-repository=registry.k8s.io \
--ignore-preflight-errors=swap
保存輸出的 kubeadm join 命令,用於 Node 節點加入集羣
4.3 配置 kubectl
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
4.4 部署 Calico 網絡
kubectl apply -f calico-v3.31.3-arm64.yaml
五、Node 節點部署
5.1 導入鏡像
cd /opt/k8s-offline
ctr -n k8s.io images import k8s-ixe-images-v1.31.3-arm64.tar
ctr -n k8s.io images import pause-3.10-arm64-single.tar
5.2 加入集羣
# 使用Master初始化輸出的join命令
kubeadm join 192.168.10.10:6443 --token xxx \
--discovery-token-ca-cert-hash sha256:xxx
六、實戰踩坑:核心問題及解決方案
問題 1:Node 節點 NotReady,calico-node 報錯Failed to get sandbox image "registry.k8s.io/pause:3.8"
原因:kubelet 默認使用 pause:3.8,離線環境無法拉取,覆蓋 containerd 配置。
sed -i 's#podInfraContainerImage:.*#podInfraContainerImage: "registry.k8s.io/pause:3.10"#' /var/lib/kubelet/config.yaml
systemctl restart containerd kubelet
kubectl delete pod -n kube-system calico-node-xxx
問題 2:ctr 導入鏡像報錯content digest not found
原因:ctr 不支持多架構鏡像導入。
解決方案:必須使用--platform linux/arm64導出單架構鏡像。
例如
ctr -n k8s.io images export --platform linux/arm64 kube-proxy.tar.gz registry.k8s.io/kube-proxy:v1.31.3
問題 3:coredns 一直 Pending
原因:未部署 CNI 網絡插件。
解決方案:執行 Calico 部署命令,等待 1-2 分鐘自動恢復。
七、部署驗證
7.1 節點狀態檢查
kubectl get nodes
7.2 系統 Pod 檢查
kubectl get pods -n kube-system
