阿才的博客 首页时间线标签分类站点地图百度站点地图
sealos离线部署k8s集群
字数总计: 1.4k|阅读时长: 7 分钟

官网链接:https://sealos.run/docs/k8s/quick-start/deploy-kubernetes

环境信息

名称 版本
操作系统 BigCloud Enterprise Linux For Euler 22.10
内核版本 5.10.0-60.70.0.94.oe2203.bclinux.x86_64
sealos v5.1.0
kubernetes v1.25.16
helm v3.10.3
calico v3.26.5

节点信息

名称 描述
node01 192.168.19.142
node02 192.168.19.141

部署SealOS

在部署节点node01安装sealos工具

wget https://github.com/labring/sealos/releases/download/v5.1.0/sealos_5.1.0_linux_amd64.tar.gz
tar xf sealos_5.1.0_linux_amd64.tar.gz -C /tmp/
cp /tmp/image-cri-shim /tmp/lvscare /tmp/sealctl /tmp/sealos /usr/local/bin/

查看版本

sealos version
SealosVersion:
  buildDate: "2025-11-03T09:39:33Z"
  compiler: gc
  gitCommit: c71c8d766
  gitVersion: 5.1.0
  goVersion: go1.23.12
  platform: linux/amd64

如果虚拟机网卡驱动为e1000禁用 TSO/GSO/GRO,sealos部署k8s时会导致linux 5.0内核触发 Tx 超时和 DMA 环路错误

ethtool -K ens33 tso off gso off gro off

部署k8s

确认部署k8s版本

创建工作目录

mkdir /opt/sealos-deploy

下载crane工具

wget https://github.com/google/go-containerregistry/releases/download/v0.20.6/go-containerregistry_Linux_x86_64.tar.gz
tar xf go-containerregistry_Linux_x86_64.tar.gz -C /tmp/
cp /tmp/crane /tmp/gcrane /usr/local/bin/

查看k8s版本

crane ls registry.cn-shanghai.aliyuncs.com/labring/kubernetes

确认helm版本,参考链接:https://helm.sh/zh/docs/topics/version_skew/

确认calico版本,参考链接:https://archive-os-3-28.netlify.app/calico/3.28/getting-started/kubernetes/requirements/

节点初始化

修改主机名

hostnamectl set-hostname node01
bash

配置节点ssh互信

ssh-keygen -t rsa
ssh-copy-id 192.168.19.140
ssh-copy-id 192.168.19.141

添加hosts解析

192.168.19.140 node01
192.168.19.141 node02
192.168.19.140 registry.local

修改ssh配置文件支持sftp

Subsystem       sftp    /usr/libexec/openssh/sftp-server

在线部署

生成Clusterfile

sealos gen registry.cn-shanghai.aliyuncs.com/labring/kubernetes:v1.25.16 \
registry.cn-shanghai.aliyuncs.com/labring/helm:v3.10.3 \
registry.cn-shanghai.aliyuncs.com/labring/calico:v3.26.5 \
--masters 192.168.19.140 --nodes 192.168.19.141 --pk='/root/.ssh/id_rsa'
--output /opt/sealos-deploy/Clusterfile

编辑/opt/sealos-deploy/Clusterfile修改Clusterfile中:podSubnet网段为10.42.0.0/16

networking:
  podSubnet: 10.42.0.0/16

部署k8s

sealos --debug --root /opt/sealos-deploy/sealos --env criData=/data/containerd --env registryDomain=registry.paas --env registryData=/opt/sealos-deploy/registry apply -f /opt/sealos-deploy/Clusterfile

离线部署

启动registry

cat > /etc/systemd/system/sealos-registry.service << EOF
[Unit]
Description=Sealos Registry Server (Port 81)
After=network.target
Wants=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/sealos registry serve filesystem -p 81 registry
Restart=on-failure
RestartSec=5s
# 建议为服务创建一个专用系统用户,并在此处指定,以提升安全性[5,7](@ref)
# User=sealos
# Group=sealos

[Install]
WantedBy=multi-user.target
EOF
systemctl start sealos-registry

安装Skopeo,用来将多架构镜像上传到registry

git clone https://github.com/containers/skopeo.git
git checkout v1.20.0
make BUILDTAGS=containers_image_openpgp bin/skopeo

准备离线镜像

# 下载多架构镜像到 OCI 格式压缩包(推荐用于多架构)
skopeo copy --all \
  docker://registry.cn-shanghai.aliyuncs.com/labring/kubernetes:v1.25.16 \
  oci-archive:/tmp/kubernetes-v1.25.16.tar
skopeo copy --all \
  docker://registry.cn-shanghai.aliyuncs.com/labring/helm:v3.10.3 \
  oci-archive:/tmp/helm-v3.10.3.tar
skopeo copy --all \
  docker://registry.cn-shanghai.aliyuncs.com/labring/calico:v3.26.5 \
  oci-archive:/tmp/calico-v3.26.5.tar
skopeo copy --all   docker://registry.k8s.io/pause:3.8   oci-archive:/tmp/labring-pause-3.8.tar

上传镜像到registry

skopeo copy --all \
  oci-archive:/tmp/kubernetes-v1.25.16.tar \
  docker://registry.local:81/kubernetes:v1.25.16 \
  --dest-tls-verify=false
skopeo copy --all \
  oci-archive:/tmp/helm-v3.10.3.tar \
  docker://registry.local:81/helm-v3.10.3 \
  --dest-tls-verify=false
skopeo copy --all \
  oci-archive:/tmp/calico-v3.26.5.tar \
  docker://registry.local:81/calico-v3.26.5 \
  --dest-tls-verify=false

检查多架构镜像

crane manifest registry.local:81/labring/kubernetes:v1.25.16 | jq .
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.index.v1+json",
  "manifests": [
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:20f0562423cf65543f943d5448ccbbe065c23a71151dfe2d196f09db64e1b12d",
      "size": 1105,
      "platform": {
        "architecture": "amd64",
        "os": "linux"
      }
    },
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:aacdcba2c3e4290d17fa053bb488a229560c94549c47845ae94a489b3ba85e28",
      "size": 1105,
      "platform": {
        "architecture": "arm64",
        "os": "linux"
      }
    }
  ]
}

创建Clusterfile

sealos gen registry.local:81/labring/kubernetes:v1.25.16 \
registry.local:81/labring/helm:v3.10.3 \
registry.local:81/labring/calico:v3.26.5 \
--masters 192.168.19.142 --nodes 192.168.19.141 --pk='/root/.ssh/id_rsa' \
--output /opt/sealos-deploy/Clusterfile

编辑/opt/sealos-deploy/Clusterfile修改Clusterfile中:podSubnet网段为10.42.0.0/16

networking:
  podSubnet: 10.42.0.0/16

部署k8s集群

sealos --debug --root /opt/sealos-deploy/sealos --env criData=/data/containerd --env registryDomain=registry.paas --env registryData=/opt/sealos-deploy/registry apply -f /opt/sealos-deploy/Clusterfile

部署报错查看日志:/root/.sealos/logs/sealos.log

查看集群状态

kubectl get nodes
NAME     STATUS   ROLES           AGE   VERSION
node01   Ready    control-plane   49s   v1.25.16
node02   Ready    <none>          32s   v1.25.16

混合架构部署

适用于master或worker节点x86+arm64 CPU混合部署

编辑arm64节点containerd配置文件,修改sandboxImage镜像地址

sandboxImage: pause-arm64:3.8

上传镜像

skopeo copy --all   oci-archive:/tmp/registry.k8s.io-pause-arm64-3.8.tar   docker://registry.paas:5000/pause:3.8   --dest-tls-verify=false

ghcr.io/labring/lvscare:v5.0.1

registry.k8s.io/kube-proxy:v1.25.16

calico/node:v3.26.5

calico/pod2daemon-flexvol:v3.26.5

calico/cni:v3.26.5

calico/node-driver-registrar:v3.26.5

calico/csi:v3.26.5

calico-node报错:

2025-11-24 01:41:28.638 [WARNING][98] felix/int_dataplane.go 1704: failed to wipe the XDP state error=failed to load BPF program (/usr/lib/calico/bpf/filter.o): stat /sys/fs/bpf/calico/xdp/prefilter_v1_calico_tmp_A: no such file or directory
libbpf: Error loading ELF section .BTF: -22. Ignored and continue.
libbpf: Program ‘xdp’ contains non-map related relo data pointing to section 5
Error: failed to open object file

原因: bclinux 默认内核不支持 BTF 和 Calico eBPF/XDP 所需的内核特性

解决方式:关闭 Calico eBPF/XDP

删除

    - name: CALICO_NETWORKING_BACKEND
      value: bird

添加env配置

FELIX_XDPENABLED="false"

清理kube-sealos-lvscare重启次数

mv /etc/kubernetes/manifests/kube-sealos-lvscare.yaml /tmp/

mv /tmp/kube-sealos-lvscare.yaml /etc/kubernetes/manifests/kube-sealos-lvscare.yaml

配置nerdctl客户端

wget https://github.com/containerd/nerdctl/releases/download/v2.1.2/nerdctl-2.1.2-linux-amd64.tar.gz
tar xf nerdctl-2.1.2-linux-amd64.tar.gz -C /tmp/
cp /tmp/nerdctl /usr/local/bin/

清理k8s环境

sealos reset --pk /root/.ssh/id_rsa --pk-passwd yourpassword
文章作者: 慕容峻才
文章链接: https://www.acaiblog.top/sealos离线部署k8s集群/
版权声明: 本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 阿才的博客
微信打赏
支付宝打赏