搭了一个K8s的学习环境,采用AllinOne的部署方式,系统采用Rocky linux9,初步测试是成功了,整理了一下。
基于 Kubernetes v1.29.0,使用 containerd 作为容器运行时,阿里云镜像加速。
一、系统准备
1.1 关闭 Swap(必须)
swapoff-ased-i'/swap/d' /etc/fstab
1.2 关闭 SELinux
setenforce 0sed-i's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
1.3 关闭防火墙
systemctl stop firewalldsystemctl disable firewalld
1.4 配置主机名
hostnamectl set-hostname k8s-allinone
1.5 时间同步
dnf install -y chronysystemctl enable chronyd --now

二、配置 YUM 源
2.1 Rocky Linux 9 阿里云镜像源
cat> /etc/yum.repos.d/rocky.repo << 'EOF'[baseos]name=Rocky Linux 9 BaseOS - Aliyunbaseurl=https://mirrors.aliyun.com/rockylinux/9/BaseOS/x86_64/os/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9[appstream]name=Rocky Linux 9 AppStream - Aliyunbaseurl=https://mirrors.aliyun.com/rockylinux/9/AppStream/x86_64/os/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9[extras]name=Rocky Linux 9 Extras - Aliyunbaseurl=https://mirrors.aliyun.com/rockylinux/9/extras/x86_64/os/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9EOFdnf clean alldnf makecache
2.2 Kubernetes 阿里云镜像源
cat> /etc/yum.repos.d/kubernetes.repo << 'EOF'[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.29/rpm/enabled=1gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.29/rpm/repodata/repomd.xml.keyEOF

三、安装 Containerd
3.1 安装并配置
# 安装 containerddnf install -y containerd# 生成默认配置mkdir-p /etc/containerdcontainerd config default > /etc/containerd/config.toml# 修改关键配置sed-i's|sandbox_image = ".*"|sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"|' /etc/containerd/config.tomlsed-i's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml# 启动服务systemctl enable containerd --now# 验证systemctl is-active containerd
⚠️ 关键检查:确保配置中有 sandbox_image,否则 Pod 无法创建。

四、安装 Kubernetes 组件
# 安装组件dnf install -y kubelet kubeadm kubectl kubernetes-cni# 启动 kubeletsystemctl enable kubelet --now

五、配置 CNI 网络
5.1 创建基础 CNI 配置
mkdir-p /etc/cni/net.d /opt/cni/bincat> /etc/cni/net.d/10-containerd-net.conflist << 'EOF'{"cniVersion": "1.0.0","name": "containerd-net","plugins": [{"type": "bridge","bridge": "cni0","isGateway": true,"ipMasq": true,"promiscMode": true,"ipam": {"type": "host-local","ranges": [[{ "subnet": "10.244.0.0/16" }]],"routes": [{ "dst": "0.0.0.0/0" }]}},{ "type": "portmap", "capabilities": {"portMappings": true} }]}EOFsystemctl restart containerd

六、初始化 Kubernetes 集群
6.1 预拉取镜像
kubeadm config images pull \--image-repository=registry.aliyuncs.com/google_containers \--kubernetes-version=v1.29.0
6.2 初始化集群
kubeadm init \--apiserver-advertise-address=192.168.229.133 \--pod-network-cidr=10.244.0.0/16 \--service-cidr=10.96.0.0/12 \--image-repository=registry.aliyuncs.com/google_containers \--kubernetes-version=v1.29.0

七、配置 kubectl
# root 用户exportKUBECONFIG=/etc/kubernetes/admin.conf# 或永久配置mkdir-p$HOME/.kubecp-i /etc/kubernetes/admin.conf $HOME/.kube/configchown$(id-u):$(id-g)$HOME/.kube/config

八、安装 Flannel 网络插件
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml# 等待运行kubectl get pods -n kube-flannel -w

九、移除控制平面污点(单节点必须)
kubectl taint nodes k8s-allinone node-role.kubernetes.io/control-plane:NoSchedule-

十、配置镜像加速
10.1 配置 Docker Hub 镜像加速
cat>> /etc/containerd/config.toml << 'EOF'[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint = ["https://m.daocloud.io","https://swr.cn-north-4.myhuaweicloud.com/ddn-k8s","https://ccr.ccs.tencentyun.com"]EOFsystemctl restart containerd
10.2 常用镜像源对照表
镜像源 | 地址 | 适用场景 |
DaoCloud | m.daocloud.io | nginx、redis 等简单镜像 |
华为云 | swr.cn-north-4.myhuaweicloud.com/ddn-k8s | 大部分官方镜像 |
腾讯云 | ccr.ccs.tencentyun.com | 部分官方镜像 |
注意:mysql、postgres 等复杂镜像可能需要特定源或版本,建议测试后使用。

十一、验证集群
# 查看节点kubectl get nodes# 查看系统 Podkubectl get pods -n kube-system# 测试运行 Podkubectl run nginx --image=nginx --restart=Neverkubectl get pods -o wide# 测试网络kubectl exec nginx -- curl -s https://www.baidu.com -o /dev/null -w"%{http_code}"

十二、常见问题速查
问题 | 原因 | 解决 |
timed out waiting for the condition | containerd 配置缺少 sandbox_image | 重新配置 containerd |
RunPodSandbox failed | containerd 无法创建 pause 容器 | 检查 sandbox_image 配置 |
NetworkPluginNotReady | CNI 未配置 | 创建 /etc/cni/net.d/ 配置 |
0/1 nodes are available: untolerated taint | 控制平面污点阻止调度 | kubectl taint nodes ... NoSchedule- |
ImagePullBackOff | Docker Hub 被墙 | 配置镜像加速或使用国内镜像 |
403 Forbidden / 401 Unauthorized | 镜像源权限限制 | 换其他镜像源 |
no such host | DNS 解析失败 | 检查 DNS 配置或换其他镜像源 |

十三、集群清理与重置
13.1 删除所有工作负载
# 删除所有命名空间的 Podkubectl delete pods --all--all-namespaces# 删除所有工作负载kubectl delete deployments,daemonsets,replicasets,services --all--all-namespaces
13.2 重置整个集群
# 重置 kubeadmkubeadm reset -f# 清理残留rm-rf /etc/kubernetes \/var/lib/etcd \/var/lib/kubelet/*\/var/lib/kubelet/config.yaml \/var/lib/kubelet/kubeadm-flags.env# 停止服务systemctl stop kubelet containerd# 可选:清理 CNI 配置rm-rf /etc/cni/net.d/*rm-rf /opt/cni/bin/*
13.3 完全重装
# 卸载组件dnf remove -y kubelet kubeadm kubectl kubernetes-cni containerd# 清理数据rm-rf /var/lib/containerd \/var/lib/kubelet \/var/lib/etcd \/etc/kubernetes \/etc/containerd \/etc/cni \/opt/cni# 重新安装(回到第三步)

附录:关键配置文件参考
A.1 完整 containerd 配置(最简版)
version=2root="/var/lib/containerd"state="/run/containerd"[grpc]address="/run/containerd/containerd.sock"[plugins."io.containerd.grpc.v1.cri"]sandbox_image="registry.aliyuncs.com/google_containers/pause:3.9"[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]runtime_type="io.containerd.runc.v2"[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]SystemdCgroup=true[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint=["https://m.daocloud.io", "https://swr.cn-north-4.myhuaweicloud.com/ddn-k8s", "https://ccr.ccs.tencentyun.com"]
A.2 诊断命令合集
# 查看 containerd 状态systemctl status containerdjournalctl-xeu containerd -n 50# 查看 kubelet 状态systemctl status kubeletjournalctl-xeu kubelet -n 50# 查看容器ctr-n k8s.io images listcrictl--runtime-endpoint unix:///run/containerd/containerd.sock ps -a# 查看 Pod 详情kubectl describe pod <pod-name>kubectl logs <pod-name># 查看节点污点kubectl describe node <node-name>|grep Taints
