1. Install the system
Install Ubuntu 22.04 LTS system to the server and change the source
2. Configure network connections and hosts
Make sure the machine has internet access and /etc/hosts
add the following content to the file:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
Make hosts configuration take effect:
sudo netplan apply
3. Set the root password, enable the ssh service, and allow remote login to root.
Set root password:
sudo passwd root
sudo su
Start ssh service:
apt install ssh
systemctl start ssh
systemctl enable ssh
systemctl is-enabled ssh
Allow remote root login:
apt install vim
vim /etc/ssh/sshd_config
Modify the PermitRootLogin
properties to yes
:
PermitRootLogin yes
Restart:
reboot
4. Check the IP and check whether you can log in remotely
apt install net-tools
ifconfig
5. Update package
apt update && apt upgrade
6. Install docker
Install docker:
sudo apt-get update
sudo apt-get install docker.io -y
sudo systemctl enable --now docker
Configure docker to use systemd:
Add /etc/docker/daemon.json
the following content:
{
"exec-opts":["native.cgroupdriver=systemd"]
}
7. Close swap
sudo swapoff -a
Comment the line /etc/fstab
in the file /swap
that starts with
ps: 22.04 LTS loads the br_netfilter module by default
8. Install cri-dockerd
github.com/Mirantis/cri-dockerd
Latest releases to check :
cd ~
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.4/cri-dockerd_0.3.4.3-0.ubuntu-jammy_amd64.deb
dpkg -i cri-dockerd_0.3.4.3-0.ubuntu-jammy_amd64.deb
ps: If you cannot connect, you can find the github acceleration station, such as:
wget http://ghproxy.com/github.com/Mirantis/cri-dockerd/releases/download/v0.3.4/cri-dockerd_0.3.4.3-0.ubuntu-jammy_amd64.deb
Start and configure startup:
sudo systemctl enable --now cri-docker.service
sudo systemctl enable --now cri-docker.socket
9. Install kubeadm, kubelet, and kubectl
Install required packages:
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl
Configuration key:
curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
Configuration source:
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] http://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
*ps: If the installation of kubeadm, kubelet, and kubectl is very slow, you can try another source, such as Tsinghua source:
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://mirrors.tuna.tsinghua.edu.cn/kubernetes/apt kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
Install kubeadm, kubelet, kubectl:
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
10. Preparations before initialization of Master node kubeadm (important)
Test docker image pull, the test will fail due to network problems:
sudo kubeadm config images pull --cri-socket unix:///run/cri-dockerd.sock
View required images:
sudo kubeadm config images list
(Example) Requires the following images:
registry.k8s.io/kube-apiserver:v1.27.4
registry.k8s.io/kube-controller-manager:v1.27.4
registry.k8s.io/kube-scheduler:v1.27.4
registry.k8s.io/kube-proxy:v1.27.4
registry.k8s.io/pause:3.9
registry.k8s.io/etcd:3.5.7-0
registry.k8s.io/coredns/coredns:v1.10.1
Manually pull it from the domestic mirror station:
sudo docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.27.4
sudo docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.27.4
sudo docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.27.4
sudo docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.27.4
sudo docker pull registry.aliyuncs.com/google_containers/pause:3.9
sudo docker pull registry.aliyuncs.com/google_containers/etcd:3.5.7-0
# coredns的url需要改变一下,具体随机应变吧
sudo docker pull registry.aliyuncs.com/google_containers/coredns:v1.10.1
Check the docker images list to confirm:
sudo docker images
Tag the pulled image with the tag required by kubeadm:
sudo docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.27.4 registry.k8s.io/kube-apiserver:v1.27.4
sudo docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.27.4 registry.k8s.io/kube-controller-manager:v1.27.4
sudo docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.27.4 registry.k8s.io/kube-scheduler:v1.27.4
sudo docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.27.4 registry.k8s.io/kube-proxy:v1.27.4
sudo docker tag registry.aliyuncs.com/google_containers/pause:3.9 registry.k8s.io/pause:3.9
sudo docker tag registry.aliyuncs.com/google_containers/etcd:3.5.7-0 registry.k8s.io/etcd:3.5.7-0
sudo docker tag registry.aliyuncs.com/google_containers/coredns:v1.10.1 registry.k8s.io/coredns/coredns:v1.10.1
Export kubeadm default configuration file:
cd ~
sudo kubeadm config print init-defaults > kubeadm-init-config.yaml
The content is as follows:
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 1.2.3.4
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: node
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {
}
dns: {
}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: 1.27.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {
}
Properties that need to be modified:advertiseAddress criSocket name imageRepository
advertiseAddress: 为master的ip
criSocket: unix:///run/cri-dockerd.sock
name: xa-C92-00 #这里使用host name
imageRepository: registry.aliyuncs.com/google_containers
Attributes that need to be added:
podSubnet: 10.244.0.0/16
After modification:
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.31.9
bindPort: 6443
nodeRegistration:
criSocket: unix:///run/cri-dockerd.sock
imagePullPolicy: IfNotPresent
name: C92-00-Master
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {
}
dns: {
}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.27.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
scheduler: {
}
11. Master node kubeadm initialization and troubleshooting
Try to initialize
# 替换为配置文件具体路径
sudo kubeadm init --config /root/kubeadm-init-config.yaml
Error 1: timed out waiting for condition
[init] Using Kubernetes version: v1.27.0
[preflight] Running pre-flight checks
[WARNING Hostname]: hostname "node" could not be reached
[WARNING Hostname]: hostname "node": lookup node on 127.0.0.53:53: server misbehaving
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
W0723 02:07:59.688150 9181 checks.go:835] detected that the sandbox image "registry.k8s.io/pause:3.6" of the container runtime is inconsistent with that used by kubeadm. It is recommended that using "registry.aliyuncs.com/google_containers/pause:3.9" as the CRI sandbox image.
······
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
Unfortunately, an error has occurred:
timed out waiting for the condition
This error is likely caused by:
- The kubelet is not running
- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)
If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
- 'systemctl status kubelet'
- 'journalctl -xeu kubelet'
Additionally, a control plane component may have crashed or exited when started by the container runtime.
To troubleshoot, list all containers using your preferred container runtimes CLI.
Here is one example how you may list all running Kubernetes containers by using crictl:
- 'crictl --runtime-endpoint unix:///run/cri-dockerd.sock ps -a | grep kube | grep -v pause'
Once you have found the failing container, you can inspect its logs with:
- 'crictl --runtime-endpoint unix:///run/cri-dockerd.sock logs CONTAINERID'
error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster
To see the stack trace of this error execute with --v=5 or higher
It is most likely caused by the timeout of the image required for pulling. Just manually pull the required image and tag it.
Troubleshooting 1:
First check the log:
sudo journalctl -xeu kubelet
The key contents are as follows:
7月 23 02:15:33 xa-C92-00 kubelet[9329]: E0723 02:15:33.493930 9329 kuberuntime_sandbox.go:72] "Failed to create sandbox for pod" err="rpc error: code = Unknown desc = failed pulling image \"registry.k8s.io/pause:3.6\": Error response from daemon: Head \"https://europe-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6\": dial tcp 142.250.157.82:443: i/o timeout" pod="kube-system/kube-apiserver-node"
7月 23 02:15:33 xa-C92-00 kubelet[9329]: E0723 02:15:33.493995 9329 kuberuntime_manager.go:1122] "CreatePodSandbox for pod failed" err="rpc error: code = Unknown desc = failed pulling image \"registry.k8s.io/pause:3.6\": Error response from daemon: Head \"https://europe-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6\": dial tcp 142.250.157.82:443: i/o timeout" pod="kube-system/kube-apiserver-node"
7月 23 02:15:33 xa-C92-00 kubelet[9329]: E0723 02:15:33.494130 9329 pod_workers.go:1294] "Error syncing pod, skipping" err="failed to \"CreatePodSandbox\" for \"kube-apiserver-node_kube-system(14e1efb20b920f675a7fa970063ebe82)\" with CreatePodSandboxError: \"Failed to create sandbox for pod \\\"kube-apiserver-node_kube-system(14e1efb20b920f675a7fa970063ebe82)\\\": rpc error: code = Unknown desc = failed pulling image \\\"registry.k8s.io/pause:3.6\\\": Error response from daemon: Head \\\"https://europe-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6\\\": dial tcp 142.250.157.82:443: i/o timeout\"" pod="kube-system/kube-apiserver-node" podUID=14e1efb20b920f675a7fa970063ebe82
7月 23 02:15:34 xa-C92-00 kubelet[9329]: W0723 02:15:34.624010 9329 reflector.go:533] vendor/k8s.io/client-go/informers/factory.go:150: failed to list *v1.RuntimeClass: Get "https://192.168.31.9:6443/apis/node.k8s.io/v1/runtimeclasses?limit=500&resourceVersion=0": dial tcp 192.168.31.9:6443: connect: connection refused
7月 23 02:15:34 xa-C92-00 kubelet[9329]: E0723 02:15:34.624195 9329 reflector.go:148] vendor/k8s.io/client-go/informers/factory.go:150: Failed to watch *v1.RuntimeClass: failed to list *v1.RuntimeClass: Get "https://192.168.31.9:6443/apis/node.k8s.io/v1/runtimeclasses?limit=500&resourceVersion=0": dial tcp 192.168.31.9:6443: connect: connection refused
7月 23 02:15:35 xa-C92-00 kubelet[9329]: W0723 02:15:35.027372 9329 reflector.go:533] vendor/k8s.io/client-go/informers/factory.go:150: failed to list *v1.CSIDriver: Get "https://192.168.31.9:6443/apis/storage.k8s.io/v1/csidrivers?limit=500&resourceVersion=0": dial tcp 192.168.31.9:6443: connect: connection refused
We can locate the problem failed pulling image \"registry.k8s.io/pause:3.6\"
, so we manually download the image again and tag:
sudo docker pull registry.aliyuncs.com/google_containers/pause:3.6
sudo docker tag registry.aliyuncs.com/google_containers/pause:3.6 registry.k8s.io/pause:3.6
Reset kubeadm:
sudo kubeadm reset -f --cri-socket unix:///run/cri-dockerd.sock
ps: This will leave CNI configuration, iptables configuration, IPVS configuration, etcd status. If there are still problems after reset, you can manually clean them up (reference):
# 清理iptables
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
# 清理CNI配置
rm -rf /etc/cni/*
# 清理iptables配置
rm -rf /var/lib/etcd/*
# 清理其他杂项
rm -rf /etc/ceph \
/etc/cni \
/opt/cni \
/run/secrets/kubernetes.io \
/run/calico \
/run/flannel \
/var/lib/calico \
/var/lib/cni \
/var/lib/kubelet \
/var/log/containers \
/var/log/kube-audit \
/var/log/pods \
/var/run/calico \
/usr/libexec/kubernetes
Continue to retry kubeadm initialization
# 替换为配置文件具体路径
sudo kubeadm init --config /root/kubeadm-init-config.yaml
It's successful if you see the following:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.31.9:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:d35887853c98044495f91251a878376333870dd7b622161d18b172ebb2284e8d
Finally, execute the command according to the above prompts (the example is the root user):
# 临时生效 如需永久生效可以修改/etc/environment文件添加环境变量
export KUBECONFIG=/etc/kubernetes/admin.conf
12. Check the running status of the Pod on the Master node
View all pods:
kubectl get pod -A
You can see that coredns
the component is always in pending
state:
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-7bdc4cb885-5jqgk 0/1 Pending 0 12m
kube-system coredns-7bdc4cb885-n6smf 0/1 Pending 0 12m
kube-system etcd-node 1/1 Running 0 12m
kube-system kube-apiserver-node 1/1 Running 0 12m
kube-system kube-controller-manager-node 1/1 Running 0 12m
kube-system kube-proxy-nbn2r 1/1 Running 0 12m
kube-system kube-scheduler-node 1/1 Running 0 12m
First check the kubelet log:
sudo journalctl -u kubelet -f
The kubelet log content is as follows:
7月 23 02:59:33 xa-C92-00 kubelet[10755]: E0723 02:59:33.780224 10755 kubelet.go:2760] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"
Check the Pod log again:
# 替换具体pod name; 记得指定namespace;
sudo kubectl logs coredns-7bdc4cb885-5jqgk --namespace=kube-system
The Pod log content is as follows:
E0723 02:57:34.887767 11558 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
It network plugin is not ready: cni config uninitialized
can be seen that the problem is that the network plug-in has not been installed (it will be solved after installing Calico according to step 14)
13. Node node joins the cluster
Follow the above steps to install the Node node. kubelet kubeadm kubectl
After that, the Master node executes the following command to view the command for the Node node to join the cluster:
sudo kubeadm token create --print-join-command
Execute the command shown above on the Node node (remember to specify cri-socket):
sudo kubeadm join 192.168.31.9:6443 --token pm4bmp.5qu7nqswvav4kd6s --discovery-token-ca-cert-hash sha256:d35887853c98044495f91251a878376333870dd7b622161d18b172ebb2284e8d --cri-socket unix:///run/cri-dockerd.sock
Seeing the following content means that the Node node successfully joined the cluster:
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
Then check the nodes joining the cluster on the Master node:
kubectl get nodes
ps: If it is reported couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
, it is most likely that the terminal is disconnected and the previous export
environment variables have become invalid. You can /etc/environment
add them to the file KUBECONFIG="/etc/kubernetes/admin.conf"
to make the environment variables permanent.
14. Install the Calico network plug-in on the Master node (there are many pitfalls, it is recommended to read it before starting)
Now follow the guidance of the Calico official website installation tutorial to install the Calico network plug-in for the cluster:
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/tigera-operator.yaml
Error 2:
The connection to the server raw.githubusercontent.com was refused - did you specify the right host or port?
Domain name resolution error due to network problems
Troubleshooting 2:
We directly download it manually tigera-operator.yaml
and ftp it to the directory of the Master node /root
and try again:
kubectl create -f /root/tigera-operator.yaml
Continuing, custom-resources.yaml
it will be https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/custom-resources.yaml
downloaded manually, as follows:
# This section includes base Calico installation configuration.
# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
spec:
# Configures Calico networking.
calicoNetwork:
# Note: The ipPools section cannot be modified post-install.
ipPools:
- blockSize: 26
cidr: 192.168.0.0/16
encapsulation: VXLANCrossSubnet
natOutgoing: Enabled
nodeSelector: all()
---
# This section configures the Calico API server.
# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer
apiVersion: operator.tigera.io/v1
kind: APIServer
metadata:
name: default
spec: {
}
cidr: 192.168.0.0/16
The attribute should be modified to the IP segment ( ) podSubnet: 10.244.0.0/16
specified by the attribute in the kubeadm configuration file and then continue to deploy the pod:10.244.0.0/16
kubectl create -f /root/custom-resources.yaml
View all Pods:
kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
calico-system calico-kube-controllers-67cb4686c7-dllhw 0/1 Pending 0 8m38s
calico-system calico-node-24zzc 0/1 Init:ImagePullBackOff 0 8m39s
calico-system calico-node-2s6gl 0/1 Init:0/2 0 8m39s
calico-system calico-typha-5d9d547f8-f4w48 0/1 ContainerCreating 0 8m40s
calico-system csi-node-driver-f8r58 0/2 ContainerCreating 0 8m38s
calico-system csi-node-driver-szt4w 0/2 ContainerCreating 0 8m39s
kube-system coredns-7bdc4cb885-mtpq4 0/1 Pending 0 64m
kube-system coredns-7bdc4cb885-pxwbc 0/1 Pending 0 64m
kube-system etcd-c92-00-master 1/1 Running 0 64m
kube-system kube-apiserver-c92-00-master 1/1 Running 0 64m
kube-system kube-controller-manager-c92-00-master 1/1 Running 0 64m
kube-system kube-proxy-6nzkm 1/1 Running 0 64m
kube-system kube-proxy-thdjg 1/1 Running 0 61m
kube-system kube-scheduler-c92-00-master 1/1 Running 0 64m
tigera-operator tigera-operator-5f4668786-pv8cw 1/1 Running 0 34m
Error 3: Init:ImagePullBackOff
Check the error report:
kubectl describe pod calico-node-24zzc --namespace calico-system
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 7m32s default-scheduler Successfully assigned calico-system/calico-node-24zzc to c92-00-master
Normal BackOff 3m52s kubelet Back-off pulling image "docker.io/calico/pod2daemon-flexvol:v3.26.1"
Warning Failed 3m52s kubelet Error: ImagePullBackOff
Normal Pulling 3m39s (x2 over 7m27s) kubelet Pulling image "docker.io/calico/pod2daemon-flexvol:v3.26.1"
Warning Failed 6s (x2 over 3m53s) kubelet Failed to pull image "docker.io/calico/pod2daemon-flexvol:v3.26.1": rpc error: code = Canceled desc = context canceled
Warning Failed 6s (x2 over 3m53s) kubelet Error: ErrImagePull
It can be seen that the pull image cannot be downloaded due to network problems. docker.io/calico/pod2daemon-flexvol:v3.26.1
After that, check the Pods in other calico-system namespaces as above, and it calico-typha-5d9d547f8-f4w48
prompts that it cannot be pulled.docker.io/calico/typha:v3.26.1
Troubleshooting 3:
You can see that the calico version is V3.26.1
, go to https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/calico.yaml
view image:
the content after all attributes; view the content after tigera-operator.yaml
the file attributes; from the above, we can know that the following image is required:image:
docker.io/calico/cni:v3.26.1
docker.io/calico/node:v3.26.1
docker.io/calico/kube-controllers:v3.26.1
docker.io/calico/pod2daemon-flexvol:v3.26.1
docker.io/calico/typha:v3.26.1
docker.io/calico/apiserver:v3.26.1
quay.io/tigera/operator:v1.30.4
Modify the docker configuration file /etc/docker/daemon.json
to configure the docker mirror station:
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://ynye4lmg.mirror.aliyuncs.com","https://hub-mirror.c.163.com","https://mirror.baidubce.com"]
}
systemctl restart docker
Manually pull the image on the Master and Node nodes respectively :
docker pull docker.io/calico/cni:v3.26.1
docker pull docker.io/calico/node:v3.26.1
docker pull docker.io/calico/kube-controllers:v3.26.1
docker pull docker.io/calico/pod2daemon-flexvol:v3.26.1
docker pull docker.io/calico/typha:v3.26.1
docker pull docker.io/calico/apiserver:v3.26.1
docker pull quay.io/tigera/operator:v1.30.4
Fallback deployment:
kubectl delete -f customer-resources.yaml --grace-period=0
kubectl delete -f tigera-operator.yaml --grace-period=0
Retry deployment:
kubectl create -f /root/tigera-operator.yaml
kubectl create -f /root/custom-resources.yaml
ps: If there is a problem with the rollback deployment, you can reset K8S and re-initialize it with kubeadm.
sudo kubeadm reset -f --cri-socket unix:///run/cri-dockerd.sock
# 记得根据之前重置k8s的内容清理残余项
Finally, check all pods and nodes:
kubectl get pods -A
kubectl get nodes
You can see that everything is running normally