安装网络插件安装网络插件，安装网络插件，安装网络插件，安装网络插件，安装网络插件，安装网络插件，安装网络插件，安装网络插

安装步骤

我们 kubeadm init 初始化好集群后，获取节点信息看一下，STATUS 值为 NotReady，是因为没有安装网络插件导致

root@server-01:~# kubectl get nodes
NAME        STATUS     ROLES           AGE   VERSION
server-01   NotReady   control-plane   28m   v1.34.1

可以提前使用 crictl 拉镜像备用，会快点，具体镜像参考文件 github.com/flannel-io/… 中的 image

root@server-03:~# crictl pull ghcr.io/flannel-io/flannel-cni-plugin:v1.8.0-flannel1
WARN[0000] Config "/etc/crictl.yaml" does not exist, trying next: "/usr/bin/crictl.yaml"
WARN[0000] Image connect using default endpoints: [unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]. As the default settings are now deprecated, you should set the endpoint instead.
Image is up to date for sha256:bb28ded63816ef094b17e6d91e875e41e239c6b1eedfbdbbf07048b799af63e0

root@server-03:~# crictl pull ghcr.io/flannel-io/flannel:v0.27.4
WARN[0000] Config "/etc/crictl.yaml" does not exist, trying next: "/usr/bin/crictl.yaml"
WARN[0000] Image connect using default endpoints: [unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]. As the default settings are now deprecated, you should set the endpoint instead.
Image is up to date for sha256:e83704a1773124a27dda6471ae26962cd6fac4fa8df3dac15034f8729a9ed3ab

安装插件

root@server-01:~# kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
namespace/kube-flannel created
serviceaccount/flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created

报错

root@server-01:~# kubectl get pods -A
NAMESPACE      NAME                                READY   STATUS              RESTARTS      AGE
kube-flannel   kube-flannel-ds-njtqv               0/1     Error               2 (25s ago)   29s
kube-system    coredns-66bc5c9577-kr6n7            0/1     ContainerCreating   0             50m
kube-system    coredns-66bc5c9577-rhgnh            0/1     ContainerCreating   0             50m
kube-system    etcd-server-01                      1/1     Running             0             50m
kube-system    kube-apiserver-server-01            1/1     Running             0             50m
kube-system    kube-controller-manager-server-01   1/1     Running             0             50m
kube-system    kube-proxy-fm9cz                    1/1     Running             0             50m
kube-system    kube-scheduler-server-01            1/1     Running             0             50m
root@server-01:~# kubectl logs -n kube-flannel kube-flannel-ds-njtqv
Defaulted container "kube-flannel" out of: kube-flannel, install-cni-plugin (init), install-cni (init)
I1030 09:36:50.334879       1 main.go:215] CLI flags config: {etcdEndpoints:http://127.0.0.1:4001,http://127.0.0.1:2379 etcdPrefix:/coreos.com/network etcdKeyfile: etcdCertfile: etcdCAFile: etcdUsername: etcdPassword: version:false kubeSubnetMgr:true kubeApiUrl: kubeAnnotationPrefix:flannel.alpha.coreos.com kubeConfigFile: iface:[] ifaceRegex:[] ipMasq:true ipMasqRandomFullyDisable:false ifaceCanReach: subnetFile:/run/flannel/subnet.env publicIP: publicIPv6: subnetLeaseRenewMargin:60 healthzIP:0.0.0.0 healthzPort:0 iptablesResyncSeconds:5 iptablesForwardRules:true blackholeRoute:false netConfPath:/etc/kube-flannel/net-conf.json setNodeNetworkUnavailable:true}
W1030 09:36:50.334999       1 client_config.go:659] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I1030 09:36:50.346561       1 kube.go:139] Waiting 10m0s for node controller to sync
I1030 09:36:50.346605       1 kube.go:537] Starting kube subnet manager
I1030 09:36:51.346887       1 kube.go:163] Node controller sync successful
I1030 09:36:51.346966       1 main.go:241] Created subnet manager: Kubernetes Subnet Manager - server-01
I1030 09:36:51.346972       1 main.go:244] Installing signal handlers
I1030 09:36:51.347653       1 main.go:523] Found network config - Backend type: vxlan
E1030 09:36:51.347807       1 main.go:278] Failed to check br_netfilter: stat /proc/sys/net/bridge/bridge-nf-call-iptables: no such file or director

br_netfilter 内核模块未加载，这是 Flannel 运行的必要条件。

# 1. 加载 br_netfilter 模块
sudo modprobe br_netfilter

# 2. 确认模块已加载
lsmod | grep br_netfilter

# 3. 设置开机自动加载
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

# 4. 配置必要的系统参数
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

# 5. 应用系统参数
sudo sysctl --system

# 6. 验证参数已生效
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables
sysctl net.ipv4.ip_forward

删除错误的 Pod，让它自动重建

kubectl delete pod -n kube-flannel kube-flannel-ds-njtqv

重建完成后查看 pod 和 node 信息

root@server-01:~# kubectl get pods -A
NAMESPACE      NAME                                READY   STATUS    RESTARTS   AGE
kube-flannel   kube-flannel-ds-g84gc               1/1     Running   0          18s
kube-system    coredns-66bc5c9577-kr6n7            1/1     Running   0          57m
kube-system    coredns-66bc5c9577-rhgnh            1/1     Running   0          57m
kube-system    etcd-server-01                      1/1     Running   0          57m
kube-system    kube-apiserver-server-01            1/1     Running   0          57m
kube-system    kube-controller-manager-server-01   1/1     Running   0          57m
kube-system    kube-proxy-fm9cz                    1/1     Running   0          57m
kube-system    kube-scheduler-server-01            1/1     Running   0          57m
root@server-01:~# kubectl get nodes -A
NAME        STATUS   ROLES           AGE   VERSION
server-01   Ready    control-plane   57m   v1.34.1

pod 成功运行，node 状态 ready

安装网络插件

相关资料

安装步骤