install Kubernetes on Debian 11 Bullseye

  • prepare Hosts [all nodes]
    • disable swap
      swapoff -a
    • add cluster DNS to /etc/hosts
      • e.g.
        echo “” >> /etc/hosts
apt install -y curl gpg
# edit /etc/sysctl.conf
#   net.ipv4.ip_forward=1
#   net.bridge.bridge-nf-call-iptables=1
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.bridge.bridge-nf-call-iptables=1
# edit /etc/modules
#   br_netfilter
modprobe br_netfilter
export KUBECONFIG=/etc/kubernetes/admin.conf
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /root/.bashrc
  • install Container Runtime CRI-O ( [all nodes]
export OS=Debian_11
export VERSION=1.25
echo "deb$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
echo "deb$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list

curl -L$VERSION/$OS/Release.key | apt-key add -
curl -L$OS/Release.key | apt-key add -

apt update
apt install -y cri-o cri-o-runc
systemctl enable crio.service
systemctl start crio.service
  • install K8s ( [all nodes]
apt install -y apt-transport-https ca-certificates curl
mkdir /etc/apt/keyrings
curl -fsSL | gpg --dearmor | dd status=none of=/etc/apt/keyrings/kubernetes-archive-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list
apt update
apt install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl
  • install CNI Cillium ( [all nodes]
if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
curl -L --fail --remote-name-all${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
  • Create Cluster [control plane]
kubeadm init --v=5 --pod-network-cidr=
# wait for node to get 'ready'
watch --color 'kubectl get nodes'

cilium install
cilium status
  • Join Nodes [worker nodes]
kubeadm token create --print-join-command
  • reset K8s Node
kubeadm reset
  • expose K8s Port
iptables -t nat -A PREROUTING -d -i eno1 -p tcp --dport 6443 -j DNAT --to-destination
iptables -I FORWARD -p tcp -d --dport 6443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
  • test Cluster
kubectl create namespace test
kubectl config set-context --current --namespace=test
kubectl create deployment whoami --image=traefik/whoami:latest
#kubectl expose deployment whoami --name whoami-service --port 80 --target-port=30080 --type NodePort
kubectl create service nodeport whoami --node-port=30080 --tcp=80:80