• 官方说明 https://docs.k0sproject.io/head/airgap-install/

初始化系统

• Debian 12.5 3台

apt-get update
#关闭swap
swapoff -a && sudo sed -i 's/^.*swap/#&/g' /etc/fstab
#挂载NFS

#生成ssh免登（复制id_rsa.pub的内容到其它机子的~/.ssh/authorized_keys）
ssh-keygen -t rsa
测试免密登录
ssh root@192.168.1.11
ssh -p 222 root@192.168.1.11

下载文件

• 下载 k0s-v1.29.6+k0s.0-amd64 https://github.com/k0sproject/k0s
• 下载 k0sctl-linux-x64 https://github.com/k0sproject/k0sctl

#主控机上复制文件，授权文件
cp  k0s-v1.29.6+k0s.0-amd64  /root/k0s
cp  k0s-v1.29.6+k0s.0-amd64  /usr/local/bin/k0s
cp k0sctl-linux-x64 /usr/local/bin/k0sctl
chmod +x /usr/local/bin/k0sctl
chmod 755 -- /usr/local/bin/k0s

1. 拉取镜像，打本地镜像分发包

• 需要安装docker

# 安装docker
apt install docker.io -y
# 拉取集群需要的镜像
k0s airgap list-images | xargs -I docker pull 
....
部分拉不到的包，使用阿里云镜像拉取
docker pull registry.aliyuncs.com/google_containers/metrics-server:v0.6.4
docker pull registry.aliyuncs.com/google_containers/pause:3.9
重打tag
docker tag registry.aliyuncs.com/google_containers/metrics-server:v0.6.4 registry.k8s.io/metrics-server/metrics-server:v0.6.4
docker tag registry.aliyuncs.com/google_containers/pause:3.9 registry.k8s.io/pause:3.9
#删除不需要
docker rmi registry.aliyuncs.com/google_containers/metrics-server:v0.6.4
docker rmi registry.aliyuncs.com/google_containers/pause:3.9

#生成镜像包
docker image save $(k0s airgap list-images | xargs) -o /root/bundle_file
`

2.生成yaml安装文件

k0sctl init > k0sctl.yaml
#配置yaml文件
apiVersion: k0sctl.k0sproject.io/v1beta1
kind: Cluster
metadata:
  name: k0s-cluster
spec:
  hosts:
  - ssh:
      address: 192.168.1.10
      user: root
      port: 22
      keyPath: /root/.ssh/id_rsa
    role: controller
    # 声明需要上传二进制文件
    uploadBinary: true
    # 指定二进制文件位置
    k0sBinaryPath: /root/k0s
    # files 配置将会在安装前将相关文件上传到目标主机
    files:
    - name: image-bundle
      src: /root/bundle_file
      # 在该目录下的 image 压缩包将会被自动导入到 containerd 中
      dstDir: /var/lib/k0s/images/
      perm: 0755
  - ssh:
      address: 192.168.1.11
      user: root
      port: 22
      keyPath: /root/.ssh/id_rsa
    role: worker
    uploadBinary: true
    k0sBinaryPath: /root/k0s
    files:
    - name: image-bundle
      src: /root/bundle_file
      dstDir: /var/lib/k0s/images/
      perm: 0755
  k0s:
    version: 1.29.6+k0s.0
    dynamicConfig: false

3. 安装集群

k0sctl apply --config k0sctl.yaml 
或者
k0sctl apply -c k0sctl.yaml

• 执行完成，即可完成K8s集群部署

4. 测试集群

#检测节点信息
k0s kubectl get node -o wide

#查看pods(没有错误的, 即完全正常)
k0s kubectl get pods  --all-namespaces

5. 添加node机器

• 编辑k0sctl.yaml，添加节点
• 重复第3步

6.删除node

k0s kubectl delete nodes node03

错误处理

machine id d746b8a808784166b8d3fd30d0013337 is not unique

• 错误机器码不唯一
• 解决办法，删除机器码，重置

#查看机器码
cat /etc/machine-id || cat /var/lib/dbus/machine-id

#重置机器码
rm /etc/machine-id
rm /var/lib/dbus/machine-id
systemd-machine-id-setup
reboot

7、证书过期时间

• k0s证书默认一年有效期，到期之前重启一下controller即可

查看证书过期时间：
openssl x509 -in /var/lib/k0s/pki/apiserver-kubelet-client.crt -noout -text | grep Not
openssl x509 -in /var/lib/k0s/pki/server.crt -noout -text | grep Not

#延长有效期的命令
systemctl restart k0scontroller