25年12月最新k8s V1.35.0版本离线部署教程（单主节点），包一次成功

1、安装前准备

安装有docker的虚拟机或服务器，linux64位系统即可，我这里用的opencloudos9.2, 首先要关闭防火墙，至于selinux还有swap，我这里都是保留的系统默认设置

# 停止服务+禁用开机自启
systemctl stop firewalld && systemctl disable firewalld

2、下载kubectl、kubele、kubectl

# 查询最新版本号
https://cdn.dl.k8s.io/release/stable.txt
# 下载最新版本
wget https://cdn.dl.k8s.io/release/v1.35.0/bin/linux/amd64/kubeadm
wget https://cdn.dl.k8s.io/release/v1.35.0/bin/linux/amd64/kubelet
wget https://cdn.dl.k8s.io/release/v1.35.0/bin/linux/amd64/kubectl

# kubeadm可执行权限, 并查看当前kubeadm所需的镜像列表
chmod +x kubeadm

[root@localhost download]# ./kubeadm config images list --kubernetes-version=v1.35.0
registry.k8s.io/kube-apiserver:v1.35.0
registry.k8s.io/kube-controller-manager:v1.35.0
registry.k8s.io/kube-scheduler:v1.35.0
registry.k8s.io/kube-proxy:v1.35.0
registry.k8s.io/coredns/coredns:v1.13.1
registry.k8s.io/pause:3.10.1
registry.k8s.io/etcd:3.6.6-0

# 然后切换镜像源下载
docker pull k8s.mirror.nju.edu.cn/kube-apiserver:v1.35.0
docker pull k8s.mirror.nju.edu.cn/kube-controller-manager:v1.35.0
docker pull k8s.mirror.nju.edu.cn/kube-scheduler:v1.35.0
docker pull k8s.mirror.nju.edu.cn/kube-proxy:v1.35.0
docker pull k8s.mirror.nju.edu.cn/coredns/coredns:v1.13.1
docker pull k8s.mirror.nju.edu.cn/pause:3.10.1
# 这个最新版本有点坑，它居然要同时准备pause:3.10.1和3.10版本，不然启动不起来
docker pull k8s.mirror.nju.edu.cn/pause:3.10
docker pull k8s.mirror.nju.edu.cn/etcd:3.6.6-0

# 重命名镜像
docker tag k8s.mirror.nju.edu.cn/kube-apiserver:v1.35.0 registry.k8s.io/kube-apiserver:v1.35.0
docker tag k8s.mirror.nju.edu.cn/kube-controller-manager:v1.35.0 registry.k8s.io/kube-controller-manager:v1.35.0
docker tag k8s.mirror.nju.edu.cn/kube-scheduler:v1.35.0 registry.k8s.io/kube-scheduler:v1.35.0
docker tag k8s.mirror.nju.edu.cn/kube-proxy:v1.35.0 registry.k8s.io/kube-proxy:v1.35.0
docker tag k8s.mirror.nju.edu.cn/coredns/coredns:v1.13.1 registry.k8s.io/coredns/coredns:v1.13.1
docker tag k8s.mirror.nju.edu.cn/pause:3.10.1 registry.k8s.io/pause:3.10.1
docker tag k8s.mirror.nju.edu.cn/pause:3.10 registry.k8s.io/pause:3.10
docker tag k8s.mirror.nju.edu.cn/etcd:3.6.6-0 registry.k8s.io/etcd:3.6.6-0

3、移动kubeadm kubelet kubectl

我这里是移动到/usr/local/bin下的，这个位置先记住，跟后面的service文件有关

chmod +x kubeadm kubelet kubectl
cp kubeadm kubelet kubectl /usr/local/bin/

4、安装cri-dockerd 服务，这个可以单独先安装，也可以现在安装，以为它是独立于kubeadm、kubelete、和kubectl的安装而存在的

4.1 下载和移动cri-dockerd

# k8s 1.2.4版本过后，如果使用docker做cri，需要再安装cridockerd
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.21/cri-dockerd-0.3.21.amd64.tgz
tar zxf cri-dockerd-0.3.21.amd64.tgz
# 注意，这里拷贝到哪个路径，后面cri-docker.service文件里面的execstart就要指向哪个路径
cp cri-dockerd/cri-dockerd /usr/local/bin/

4.2 cri-docker.service文件和cri-docker.socket文件

这两个文件来自https://github.com/Mirantis/cri-dockerd/tree/master/packaging/systemd

4.2.1 创建cri-docker.service

vi /usr/lib/systemd/system/cri-docker.service

cri-docker.service文件

[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket

[Service]
Type=notify
# 唯一需要修改的就是这里这一行ExecStart后面的内容，因为前面cri-dockerd的位置是/usr/local/bin/cri-dockerd，所以这里也是/usr/local/bin/cri-dockerd
# --container-runtime-endpoint unix:///var/run/cri-dockerd.sock这个也要保留
ExecStart=/usr/local/bin/cri-dockerd --container-runtime-endpoint unix:///var/run/cri-dockerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
Delegate=yes
KillMode=process

[Install]
WantedBy=multi-user.target

创建cri-docker.socket文件

vi /usr/lib/systemd/system/cri-docker.socket

cri-docker.socket文件

[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
 
[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
 
[Install]
WantedBy=sockets.target

5.启动cri-dockerd并且设置开机启动

# 创建docker用户组
groupadd docker

systemctl daemon-reload

# 先启动cri-docker.socket（因为cri-docker.service依赖它）
systemctl start cri-docker.socket

# 再启动cri-docker.service
systemctl start cri-docker.service

systemctl enable cri-docker --now;
#查看状态
systemctl is-active cri-docker

6.kubectl.service创建

cat <<EOF | tee /usr/lib/systemd/system/kubelet.service
[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/
Wants=network-online.target
After=network-online.target

[Service]
ExecStart=/usr/local/bin/kubelet 
Restart=always
StartLimitInterval=0
RestartSec=10

[Install]
WantedBy=multi-user.target
EOF

设置该服务自启动

# kubectl 服务自启动设置
systemctl enable kubelet.service

6.kubeadm配置文件

mkdir -p /usr/lib/systemd/system/kubelet.service.d

# 创建 kubeadm 配置文件
cat <<EOF | tee /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/local/bin/kubelet \$KUBELET_KUBECONFIG_ARGS \$KUBELET_CONFIG_ARGS \$KUBELET_KUBEADM_ARGS \$KUBELET_EXTRA_ARGS
EOF

7、初始化主节点

这里的-apiserver-advertise-address=10.62.170.178 ip地址需要改成你自己虚拟机的ip地址

kubeadm init \
--apiserver-advertise-address=10.62.170.178 \
--pod-network-cidr=10.244.0.0/16 \
--cri-socket /var/run/cri-dockerd.sock

8、设置环境变量

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile

9、安装网络服务

因为上一步安装完成过后，kubectl get nodes 得到的结果肯定是notready,我在网上看到有很多可以安装的网络服务，尝试使用最新的kube-flannel.yaml发现还是不得行，就换成了calico.yaml，
等待30s过后，主节点就成了ready状态，无需额外设置

kubectl apply -f https://github.com/projectcalico/calico/blob/master/manifests/calico.yaml