@@ -269,26 +269,70 @@ For more information on version skews, see:
269269* Kubernetes [ 版本与版本间的偏差策略] ( /zh-cn/releases/version-skew-policy/ )
270270* kubeadm 特定的[ 版本偏差策略] ( /zh-cn/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#version-skew-policy )
271271
272+ {{< note >}}
273+ <!--
274+ Kubernetes has two different package repositories starting from August 2023.
275+ The Google-hosted repository is deprecated and it's being replaced with the
276+ Kubernetes (community-owned) package repositories. The Kubernetes project strongly
277+ recommends using the Kubernetes community-owned package repositories, because the
278+ project plans to stop publishing packages to the Google-hosted repository in the future.
279+ -->
280+ 自2023年8月起,Kubernetes 有两个不同的软件包仓库。
281+ Google 托管的仓库已被弃用,并正在被 Kubernetes(由社区拥有)软件包仓库替代。
282+ Kubernetes 项目强烈建议使用 Kubernetes 社区拥有的软件包仓库,
283+ 因为该项目计划将来停止向 Google 托管的仓库发布软件包。
284+
285+
286+ <!--
287+ There are some important considerations for the Kubernetes package repositories:
288+ -->
289+ 对于 Kubernetes 软件包仓库,有一些重要的考虑事项:
290+ <!--
291+ - The Kubernetes package repositories contain packages beginning with those
292+ Kubernetes versions that were still under support when the community took
293+ over the package builds. This means that anything before v1.24.0 will only be
294+ available in the Google-hosted repository.
295+ - There's a dedicated package repository for each Kubernetes minor version.
296+ When upgrading to a different minor release, you must bear in mind that
297+ the package repository details also change.
298+ -->
299+ - Kubernetes 软件包仓库包含从社区接管软件包构建时仍在支持范围内的 Kubernetes 版本开始的软件包。
300+ 这意味着v1.24.0之前的版本只在 Google 托管的仓库中提供。
301+ - 每个 Kubernetes 次要版本都有一个专用的软件包仓库。
302+ 当升级到不同的次要版本时,必须记住软件包仓库的详细信息也会发生变化。
303+ {{< /note >}}
304+
272305{{< tabs name="k8s_install" >}}
273306{{% tab name="基于 Debian 的发行版" %}}
274307
308+ <!--
309+ ### Kubernetes package repositories {#dpkg-k8s-package-repo}
310+ -->
311+ ### Kubernetes 软件包仓库 {#dpkg-k8s-package-repo}
312+
313+ <!--
314+ These instructions are for Kubernetes {{< skew currentVersion >}}.
315+ -->
316+ 这些说明适用于 Kubernetes {{< skew currentVersion >}}.
317+
275318<!--
2763191. Update the `apt` package index and install packages needed to use the Kubernetes `apt` repository:
277320-->
2783211 . 更新 ` apt ` 包索引并安装使用 Kubernetes ` apt ` 仓库所需要的包:
279322
280323 ``` shell
281324 sudo apt-get update
325+ # apt-transport-https 可能是一个虚拟包(dummy package);如果是的话,你可以跳过安装这个包
282326 sudo apt-get install -y apt-transport-https ca-certificates curl
283327 ```
284328
285329<!--
286- 2. Download the Google Cloud public signing key:
330+ 2. Download the public signing key for the Kubernetes package repositories. The same signing key is used for all repositories so you can disregard the version in the URL :
287331-->
288- 2 . 下载 Google Cloud 公开签名秘钥 :
332+ 2 . 下载用于 Kubernetes 软件包仓库的公共签名密钥。所有仓库都使用相同的签名密钥,因此你可以忽略URL中的版本 :
289333
290334 ``` shell
291- curl -fsSL https://dl .k8s.io/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive -keyring.gpg
335+ curl -fsSL https://pkgs .k8s.io/core:/stable:/{{ < param " version " > }}/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt -keyring.gpg
292336 ```
293337
294338<!--
@@ -297,7 +341,8 @@ For more information on version skews, see:
2973413 . 添加 Kubernetes ` apt ` 仓库:
298342
299343 ``` shell
300- echo " deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
344+ # 此操作会覆盖 /etc/apt/sources.list.d/kubernetes.list 中现存的所有配置。
345+ echo ' deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/{{< param "version" >}}/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
301346 ```
302347
303348<!--
@@ -310,6 +355,7 @@ For more information on version skews, see:
310355 sudo apt-get install -y kubelet kubeadm kubectl
311356 sudo apt-mark hold kubelet kubeadm kubectl
312357 ```
358+
313359{{< note >}}
314360<!--
315361In releases older than Debian 12 and Ubuntu 22.04, `/etc/apt/keyrings` does not exist by default.
@@ -319,55 +365,193 @@ You can create this directory if you need to, making it world-readable but write
319365如有需要,你可以创建此目录,并将其设置为对所有人可读,但仅对管理员可写。
320366{{< /note >}}
321367
368+ <!--
369+ ### Google-hosted package repository (deprecated) {#dpkg-google-package-repo}
370+ -->
371+ ### Google 托管的软件包仓库(已弃用) {#dpkg-google-package-repo}
372+
373+ <!--
374+ These instructions are for Kubernetes {{< skew currentVersion >}}.
375+ -->
376+ 这些说明适用于 Kubernetes {{< skew currentVersion >}}.
377+
378+ <!--
379+ 1. Update the `apt` package index and install packages needed to use the Kubernetes `apt` repository:
380+ -->
381+ 1 . 更新 ` apt ` 软件包索引并安装使用 Kubernetes ` apt ` 仓库所需的软件包:
382+
383+ ``` shell
384+ sudo apt-get update
385+ # apt-transport-https 可能是一个虚拟包(dummy package);如果是的话,你可以跳过安装这个包
386+ sudo apt-get install -y apt-transport-https ca-certificates curl
387+ ```
388+
389+ <!--
390+ 2. Download the Google Cloud public signing key:
391+ -->
392+ 2 . 下载 Google Cloud 公共签名密钥:
393+
394+ ``` shell
395+ curl -fsSL https://dl.k8s.io/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
396+ ```
397+
398+ <!--
399+ Add the Google-hosted `apt` repository:
400+ -->
401+ 3 . 添加 Google 托管的 ` apt ` 仓库:
402+
403+ ``` shell
404+ # 此操作会覆盖 /etc/apt/sources.list.d/kubernetes.list 中现存的所有配置
405+ echo " deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
406+ ```
407+
408+ <!--
409+ 4. Update the `apt` package index, install kubelet, kubeadm and kubectl, and pin their version:
410+ -->
411+ 4 . 更新 ` apt ` 软件包索引,安装 kubelet、kubeadm 和 kubectl,并锁定它们的版本:
412+
413+ ``` shell
414+ sudo apt-get update
415+ sudo apt-get install -y kubelet kubeadm kubectl
416+ sudo apt-mark hold kubelet kubeadm kubectl
417+ ```
418+
419+ {{< note >}}
420+ <!--
421+ In releases older than Debian 12 and Ubuntu 22.04, `/etc/apt/keyrings` does not exist by default;
422+ you can create it by running `sudo mkdir -m 755 /etc/apt/keyrings`
423+ -->
424+ 在 Debian 12 和 Ubuntu 22.04 之前的早期版本中,默认情况下不存在 ` /etc/apt/keyrings ` 目录;
425+ 你可以通过运行 ` sudo mkdir -m 755 /etc/apt/keyrings ` 来创建它。
426+ {{< /note >}}
427+
322428{{% /tab %}}
323429
324430{{% tab name="基于 Red Hat 的发行版" %}}
325431
326- ``` bash
327- cat << EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
328- [kubernetes]
329- name=Kubernetes
330- baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$ basearch
331- enabled=1
332- gpgcheck=1
333- gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
334- exclude=kubelet kubeadm kubectl
335- EOF
336-
337- # 将 SELinux 设置为 permissive 模式(相当于将其禁用)
338- sudo setenforce 0
339- sudo sed -i ' s/^SELINUX=enforcing$/SELINUX=permissive/'
340-
341- sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
342-
343- sudo systemctl enable --now kubelet
344- ```
432+ <!--
433+ 1. Set SELinux to `permissive` mode:
434+ -->
435+ 1 . 将 SELinux 设置为 ` permissive ` 模式:
436+
437+ ``` shell
438+ # 将 SELinux 设置为 permissive 模式(相当于将其禁用)
439+ sudo setenforce 0
440+ sudo sed -i ' s/^SELINUX=enforcing$/SELINUX=permissive/'
441+ ```
442+
443+ {{< caution >}}
444+ <!--
445+ - Setting SELinux in permissive mode by running `setenforce 0` and `sed ...`
446+ effectively disables it. This is required to allow containers to access the host
447+ filesystem; for example, some cluster network plugins require that. You have to
448+ do this until SELinux support is improved in the kubelet.
449+ - You can leave SELinux enabled if you know how to configure it but it may require
450+ settings that are not supported by kubeadm.
451+ -->
452+ - 通过运行命令 ` setenforce 0 ` 和 ` sed ... ` 将 SELinux 设置为 permissive 模式相当于将其禁用。
453+ 这是允许容器访问主机文件系统所必需的,例如,某些容器网络插件需要这一能力。
454+ 你必须这么做,直到 kubelet 改进其对 SELinux 的支持。
455+ - 如果你知道如何配置 SELinux 则可以将其保持启用状态,但可能需要设定部分 kubeadm 不支持的配置。
456+ {{< /caution >}}
457+
458+ <!--
459+ ### Kubernetes package repositories {#rpm-k8s-package-repo}
460+ -->
461+ ### Kubernetes 软件包仓库 {#rpm-k8s-package-repo}
462+
463+ <!--
464+ These instructions are for Kubernetes {{< skew currentVersion >}}.
465+ -->
466+ 这些说明适用于 Kubernetes {{< skew currentVersion >}}.
345467
346468<!--
347- **Notes:**
469+ 2. Add the Kubernetes `yum` repository. The `exclude` parameter in the
470+ repository definition ensures that the packages related to Kubernetes are
471+ not upgraded upon running `yum update` as there's a special procedure that
472+ must be followed for upgrading Kubernetes.
473+ -->
474+ 2 . 添加 Kubernetes 的 ` yum ` 仓库。在仓库定义中的 ` exclude ` 参数确保了与
475+ Kubernetes 相关的软件包在运行 ` yum update ` 时不会升级,因为升级
476+ Kubernetes 需要遵循特定的过程。
348477
349- - Setting SELinux in permissive mode by running `setenforce 0` and `sed ...` effectively disables it.
350- This is required to allow containers to access the host filesystem, which is needed by pod networks for example.
351- You have to do this until SELinux support is improved in the kubelet.
478+ ``` shell
479+ # 此操作会覆盖 /etc/yum.repos.d/kubernetes.repo 中现存的所有配置
480+ cat << EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
481+ [kubernetes]
482+ name=Kubernetes
483+ baseurl=https://pkgs.k8s.io/core:/stable:/{{< param "version" >}}/rpm/
484+ enabled=1
485+ gpgcheck=1
486+ gpgkey=https://pkgs.k8s.io/core:/stable:/{{< param "version" >}}/rpm/repodata/repomd.xml.key
487+ exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
488+ EOF
489+ ` ` `
490+
491+ < ! --
492+ 3. Install kubelet, kubeadm and kubectl, and enable kubelet to ensure it' s automatically started on startup:
493+ -->
494+ 3. 安装 kubelet、kubeadm 和 kubectl,并启用 kubelet 以确保它在启动时自动启动:
495+
496+ ```shell
497+ sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
498+ sudo systemctl enable --now kubelet
499+ ```
500+
501+ <!--
502+ ### Google-hosted package repository (deprecated) {#rpm-google-package-repo}
503+ -->
504+ ### Google 托管的软件包仓库(已弃用) {#rpm-google-package-repo}
352505
353- - You can leave SELinux enabled if you know how to configure it but it may require settings that are not supported by kubeadm.
506+ <!--
507+ These instructions are for Kubernetes {{< skew currentVersion >}}.
508+ -->
509+ 这些说明适用于 Kubernetes {{< skew currentVersion >}}.
354510
355- - If the `baseurl` fails because your Red Hat-based distribution cannot interpret `basearch`, replace `\$basearch` with your computer's architecture.
356- Type `uname -m` to see that value.
357- For example, the `baseurl` URL for `x86_64` could be: `https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64`.
511+ <!--
512+ 2. Add the Kubernetes `yum` repository. The `exclude` parameter in the
513+ repository definition ensures that the packages related to Kubernetes are
514+ not upgraded upon running `yum update` as there' s a special procedure that
515+ must be followed for upgrading Kubernetes.
358516-->
359- ** 请注意:**
517+ 2. 添加 Google 托管的 ` yum` 仓库。
518+ 仓库定义中的 ` exclude` 参数确保了与 Kubernetes 相关的软件包在运行
519+ ` yum update` 时不会升级,因为升级 Kubernetes 需要遵循特定的过程。"
360520
361- - 通过运行命令 ` setenforce 0 ` 和 ` sed ... ` 将 SELinux 设置为 permissive 模式可以有效地将其禁用。
362- 这是允许容器访问主机文件系统所必需的,而这些操作是为了例如 Pod 网络工作正常。
521+ ` ` ` shell
522+ # 此操作会覆盖 /etc/yum.repos.d/kubernetes.repo 中现存的所有配置
523+ cat << EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
524+ [kubernetes]
525+ name=Kubernetes
526+ baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$ basearch
527+ enabled=1
528+ gpgcheck=1
529+ gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
530+ exclude=kubelet kubeadm kubectl
531+ EOF
532+ ` ` `
363533
364- 你必须这么做,直到 kubelet 做出对 SELinux 的支持进行升级为止。
534+ < ! --
535+ 3. Install kubelet, kubeadm and kubectl, and enable kubelet to ensure it' s automatically started on startup:
536+ -->
537+ 3. 安装 kubelet、kubeadm 和 kubectl,并启用 kubelet 以确保它在启动时自动启动:
365538
366- - 如果你知道如何配置 SELinux 则可以将其保持启用状态,但可能需要设定 kubeadm 不支持的部分配置
539+ ```shell
540+ sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
541+ sudo systemctl enable --now kubelet
542+ ```
367543
368- - 如果由于该 Red Hat 的发行版无法解析 ` basearch ` 导致获取 ` baseurl ` 失败,请将 ` \$basearch ` 替换为你计算机的架构。
369- 输入 ` uname -m ` 以查看该值。
370- 例如,` x86_64 ` 的 ` baseurl ` URL 可以是:` https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 ` 。
544+ {{< note >}}
545+ <!--
546+ If the `baseurl` fails because your RPM-based distribution cannot interpret `$basearch`, replace `\$basearch` with your computer' s architecture.
547+ Type ` uname -m` to see that value.
548+ For example, the ` baseurl` URL for ` ` could be: ` ` .
549+ -->
550+ 如果 ` baseurl` 因为你的基于 RPM 的 Linux 发行版无法解释 ` $basearch ` 而失败,
551+ 你需要将 ` \$ basearch` 替换为你的计算机的体系结构。
552+ 输入 ` uname -m` 命令来查看该值。
553+ 例如,对于 ` x86_64` 架构,` ` URL 可能是:` ` 。
554+ {{< /note > }}
371555
372556{{% /tab %}}
373557{{% tab name=" 无包管理器的情况"
@@ -409,7 +593,7 @@ Install crictl (required for kubeadm / Kubelet Container Runtime Interface (CRI)
409593安装 crictl(kubeadm/kubelet 容器运行时接口(CRI)所需)
410594
411595` ` `
412- CRICTL_VERSION=" v1.27 .0"
596+ CRICTL_VERSION="v1.28 .0"
413597ARCH="amd64"
414598curl -L "https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION} /crictl-${CRICTL_VERSION} -linux-${ARCH} .tar.gz" | sudo tar -C $DOWNLOAD_DIR -xz
415599` ` `
0 commit comments