单节点安装k8s本文档提供了一种基于 kubeadm 工具实现 Kubernetes 单节点集群部署的详细步骤，适合用于

编辑节点的hosts

vim /etc/hosts

127.0.0.1 localhost
192.168.141.130 k8s-master

关闭防火墙

systemctl stop ufw.service

systemctl disable ufw.service

关闭swap分区

swapoff -a

sed -ri 's/.*swap.*/#&/' /etc/fstab

SELinux

sed -i 's/enforcing/disabled/' /etc/selinux/config

下载用于 Kubernetes 软件包仓库的公共签名密钥

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

添加 Kubernetes `apt` 仓库

echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list

更新 `apt` 包索引，安装 kubelet、kubeadm 和 kubectl，并锁定其版本：

apt-get update

apt-get install -y kubelet kubeadm kubectl

apt-mark hold kubelet kubeadm kubectl

添加命令补全

source /usr/share/bash-completion/bash_completion

source <(kubectl completion bash)

echo "source <(kubectl completion bash)" >> ~/.bashrc

source ~/.bashrc

下载安装cri-dockerd

wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.15/cri-dockerd_0.3.15.3-0.ubuntu-jammy_amd64.deb

dpkg -i cri-dockerd_0.3.15.3-0.ubuntu-jammy_amd64.deb

修改cri-docker配置

vim /usr/lib/systemd/system/cri-docker.service

[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket

[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd://  --network-plugin=cni --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/x_public/pause:3.10
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
Delegate=yes

修改docker的daemon.json文件

vim /etc/docker/daemon.json

{
        "exec-opts": ["native.cgroupdriver=systemd"],
        "registry-mirrors": ["https://cr.console.aliyun.com"]
}

重启docker

systemctl restart docker

编辑kubectl-image.txt和pull-all-kubectl-image.sh文件

vim /opt/k8s/kubectl-image.txt

registry.cn-hangzhou.aliyuncs.com/x_public/kube-apiserver:v1.31.0
registry.cn-hangzhou.aliyuncs.com/x_public/kube-controller-manager:v1.31.0
registry.cn-hangzhou.aliyuncs.com/x_public/kube-scheduler:v1.31.0
registry.cn-hangzhou.aliyuncs.com/x_public/kube-proxy:v1.31.0
registry.cn-hangzhou.aliyuncs.com/x_public/coredns:v1.11.1
registry.cn-hangzhou.aliyuncs.com/x_public/pause:3.10
registry.cn-hangzhou.aliyuncs.com/x_public/etcd:3.5.15-0

vim /opt/k8s/pull-all-kubectl-image.sh

#!/bin/bash

# 读取镜像名称列表文件
while IFS= read -r image
do
  echo "Pulling $image..."
  docker pull $image
done < kubectl-image.txt

echo "All images pulled successfully."

授权pull-all-kubectl-image.sh，并执行

chmod +x pull-all-kubectl-image.sh

./pull-all-kubectl-image.sh

编辑kubeadm配置文件

vim kubeadm.conf

apiVersion: kubeadm.k8s.io/v1beta4
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.141.130
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/cri-dockerd.sock
  imagePullPolicy: IfNotPresent
  imagePullSerial: true
  name: k8s-master
  taints: null
timeouts:
  controlPlaneComponentHealthCheck: 4m0s
  discovery: 5m0s
  etcdAPICall: 2m0s
  kubeletHealthCheck: 4m0s
  kubernetesAPICall: 1m0s
  tlsBootstrap: 5m0s
  upgradeManifests: 5m0s
---
apiServer: {}
apiVersion: kubeadm.k8s.io/v1beta4
caCertificateValidityPeriod: 87600h0m0s
certificateValidityPeriod: 8760h0m0s
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
encryptionAlgorithm: RSA-2048
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/x_public
kind: ClusterConfiguration
kubernetesVersion: 1.31.0
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
proxy: {}
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs

初始化k8s

kubeadm init --config kubeadm.conf

开启主节点容忍污点

kubectl taint nodes --all node-role.kubernetes.io/control-plane-

单节点安装k8s

编辑节点的hosts

关闭防火墙

关闭swap分区

SELinux

下载用于 Kubernetes 软件包仓库的公共签名密钥

添加 Kubernetes apt 仓库

更新 apt 包索引，安装 kubelet、kubeadm 和 kubectl，并锁定其版本：

添加命令补全

下载安装cri-dockerd

修改cri-docker配置

修改docker的daemon.json文件

重启docker

编辑kubectl-image.txt和pull-all-kubectl-image.sh文件

授权pull-all-kubectl-image.sh，并执行

编辑kubeadm配置文件

初始化k8s

开启主节点容忍污点

添加 Kubernetes `apt` 仓库

更新 `apt` 包索引，安装 kubelet、kubeadm 和 kubectl，并锁定其版本：