apt install -y conntrack ethtool socat apt-transport-https ca-certificates curl gnupg

Eventuell Anzahl der Nameserver reduzieren, falls folgende Meldungen im Syslog/Journal kommen:

... kubelet[2132] dns.go:154] "Nameserver limits exceeded" err="Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 8.8.8.8 8.8.4.4 192.168.15.1"

Wenn DNS über systemd → systemd-networkd und systemd-resolved eingerichtet ist:

sed -i 's/DNS=8.8.8.8 8.8.4.4 192.168.15.1/DNS=8.8.8.8/' /etc/systemd/network/lan-ens3.network

swapoff -a

sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

modprobe overlay
modprobe br_netfilter

cat <<EOF | tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

sysctl --system

echo "source <(kubectl completion bash)" >> .bashrc 
echo "alias k=kubectl" >> .bashrc 
echo "complete -F __start_kubectl k" >> .bashrc

apt install -y containerd

containerd config default | tee /etc/containerd/config.toml
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml

curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian trixie stable" | tee /etc/apt/sources.list.d/docker.list
apt update
apt install containerd.io

containerd config default | tee /etc/containerd/config.toml
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
apt update
# apt update -o APT::Key::GPGVCommand=1
apt install -y kubeadm kubelet kubectl
apt-mark hold kubeadm kubelet kubectl

kubeadm config images list
I0205 12:57:13.742748    1181 version.go:261] remote version is much newer: v1.35.0; falling back to: stable-1.33
registry.k8s.io/kube-apiserver:v1.33.7
registry.k8s.io/kube-controller-manager:v1.33.7
registry.k8s.io/kube-scheduler:v1.33.7
registry.k8s.io/kube-proxy:v1.33.7
registry.k8s.io/coredns/coredns:v1.12.0
registry.k8s.io/pause:3.10
registry.k8s.io/etcd:3.5.24-0

In der Konfig-Datei /etc/containerd/config.toml müssen folgende Werte angepasst werden:

   bin_dir = "/opt/cni/bin"
oder
   bin_dirs = "/opt/cni/bin"

Version von registry.k8s.io/pause:3.10 siehe oben Output von “kubeadm config images list”

sandbox_image = "registry.k8s.io/pause:3.8"
->
sandbox_image = "registry.k8s.io/pause:3.10"

systemctl restart containerd

Socket (runtime-endpoint) in /etc/crictl.yaml festlegen

crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock
crictl config image-endpoint unix:///var/run/containerd/containerd.sock

crictl version
crictl --runtime-endpoint=unix:///var/run/containerd/containerd.sock version

Wenn die Control-Plane folgende IP-Adresse hat: 192.168.1.31

kubeadm init --control-plane-endpoint 192.168.1.31 --pod-network-cidr 192.168.0.0/16

Am Ende wird eine Zeile ausgegeben die auf den Worker-Nodes ausgeführt werden muss um diesen Worker zum Cluster hinzu zu fügen.

kubeadm join 192.168.15.39:6443 --token krb1xl.59h553st1fdi0274 \
	--discovery-token-ca-cert-hash sha256:5b7485d01dbbeba707dbb9b2ec648b9da56aaf253f3464bfd4a563466aa641c1 

Auf der Control-Plane als normaler User ausführen

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Auf allen Worker-Nodes muss der gleiche kubeadm join durchgeführt werden.
kubeadm join Kommando neu generieren:

kubeadm token create --print-join-command
kubeadm join 192.168.1.31:6443 --token l592ef.xawon3l8jy6dhtfe --discovery-token-ca-cert-hash sha256:5b7485d01dbbeba707dbb9b2ec648b9da56aaf253f3464bfd4a563466aa641c1