任務9.2.2部署Kubernetes集群（1）任務目標掌握部署Kubernetes集群的方法（2）任務內容配置Kubeadm和Kubelet的Repo源并安裝配置網絡轉發參數并使其生效加載IPVS相關內核模塊配置Kubelet的Cgroups，啟動Kubelet服務初始化Master節點安裝網絡插件flannel并啟動Kubelet將Node1和Node2加入集群（3）完成任務所需的設備和軟件一臺安裝Windows10操作系統的計算機VMwareWorkstation，Docker遠程管理工具MobaXterm（4）任務實施步驟：以下第一步至第六步需在master、node1和node2三臺節點上同時運行，在此僅給出master節點的運行步驟，其它節點可參照進行。第一步：配置Kubeadm和Kubelet的Repo源，下載安裝信息并緩存到本地，操作命令如下：[root@master~]#vim/etc/yum.repos.d/Kubernetes.repo[Kubernetes]name=Kubernetesbaseurl=/kubernetes/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=0repo_gpgcheck=0gpgkey=/kubernetes/yum/doc/yum-key.gpg/kubernetes/yum/doc/rpm-package-key.gpg[root@master~]#yummakecachefast命令運行結果如圖9-6所示。圖9-6配置Kubeadm和Kubelet的Repo源，下載安裝信息并緩存到本地第二步：安裝Kubeadm和Kubelet工具，操作命令如下：[root@master~]#yuminstall-ykubelet-1.19.0kubeadm-1.19.0kubectl-1.19.0命令運行結果如圖9-7所示。圖9-7安裝Kubeadm和Kubelet工具第三步：配置網絡轉發參數并使其生效，確保集群能夠正常通信，操作命令如下：[root@master~]#vim/etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1vm.swappiness=0[root@master~]#sysctl--system命令運行結果如圖9-8所示。圖9-8配置網絡轉發參數并使其生效第四步：加載IPVS相關內核模塊，并查看是否加載成功，操作命令如下：[root@master~]#modprobeip_vs[root@master~]#modprobeip_vs_rr[root@master~]#modprobeip_vs_wrr[root@master~]#modprobeip_vs_sh[root@master~]#modprobenf_conntrack_ipv4[root@master~]#lsmod|grepip_vs命令運行結果如圖9-9所示。圖9-9加載IPVS相關內核模塊并查看是否加載成功第五步：獲取Docker的Cgroups，配置Kubelet的Cgroups，操作命令如下：[root@master~]#DOCKER_CGROUPS=$(dockerinfo|grep'Cgroup'|cut-d''-f4)[root@master~]#echo$DOCKER_CGROUPS[root@master~]#cat>/etc/sysconfig/kubelet<<EOFKUBELET_EXTRA_ARGS="--cgroup-driver=$DOCKER_CGROUPS--pod-infra-container-image=/google_containers/pause-amd64:3.1"EOF如果獲取Docker的Cgroups時出現WARNING:IPv4forwardingisdisabled，則需重啟網絡和docker，命令運行結果如圖9-10所示。圖9-10配置Kubelet的Cgroups第六步：啟動Kubelet服務，并查看其狀態，操作命令如下：[root@master~]#systemctldaemon-reload[root@master~]#systemctlrestartkubelet[root@master~]#systemctlenablekubelet[root@master~]#systemctlstatuskubelet命令運行結果如圖9-11所示。圖9-11啟動Kubelet服務，并查看其狀態第七步：初始化master節點，操作命令如下：[root@master~]#kubeadminit--kubernetes-version=v1.19.0--service-cidr=/12--pod-network-cidr=/16--apiserver-advertise-address=0--ignore-preflight-errors=Swap--image-repository=/google_containers命令運行后，會顯示以下內容：W121421:26:13.94527328698configset.go:348]WARNING:kubeadmcannotvalidatecomponentconfigsforAPIgroups[kubelet.config.k8s.iokubeproxy.config.k8s.io][init]UsingKubernetesversion:v1.19.0[preflight]Runningpre-flightchecks[WARNINGIsDockerSystemdCheck]:detected"cgroupfs"astheDockercgroupdriver.Therecommendeddriveris"systemd".Pleasefollowtheguideathttps://kubernetes.io/docs/setup/cri/[WARNINGSystemVerification]:thisDockerversionisnotonthelistofvalidatedversions:20.10.14.Latestvalidatedversion:19.03[preflight]PullingimagesrequiredforsettingupaKubernetescluster[preflight]Thismighttakeaminuteortwo,dependingonthespeedofyourinternetconnection[preflight]Youcanalsoperformthisactioninbeforehandusing'kubeadmconfigimagespull'[certs]UsingcertificateDirfolder"/etc/kubernetes/pki"[certs]Generating"ca"certificateandkey[certs]Generating"apiserver"certificateandkey[certs]apiserverservingcertissignedforDNSnames[kuberneteskubernetes.defaultkubernetes.default.svckubernetes.default.svc.cluster.localmaster]andIPs[0][certs]Generating"apiserver-kubelet-client"certificateandkey[certs]Generating"front-proxy-ca"certificateandkey[certs]Generating"front-proxy-client"certificateandkey[certs]Generating"etcd/ca"certificateandkey[certs]Generating"etcd/server"certificateandkey[certs]etcd/serverservingcertissignedforDNSnames[localhostmaster]andIPs[0::1][certs]Generating"etcd/peer"certificateandkey[certs]etcd/peerservingcertissignedforDNSnames[localhostmaster]andIPs[0::1][certs]Generating"etcd/healthcheck-client"certificateandkey[certs]Generating"apiserver-etcd-client"certificateandkey[certs]Generating"sa"keyandpublickey[kubeconfig]Usingkubeconfigfolder"/etc/kubernetes"[kubeconfig]Writing"admin.conf"kubeconfigfile[kubeconfig]Writing"kubelet.conf"kubeconfigfile[kubeconfig]Writing"controller-manager.conf"kubeconfigfile[kubeconfig]Writing"scheduler.conf"kubeconfigfile[kubelet-start]Writingkubeletenvironmentfilewithflagstofile"/var/lib/kubelet/kubeadm-flags.env"[kubelet-start]Writingkubeletconfigurationtofile"/var/lib/kubelet/config.yaml"[kubelet-start]Startingthekubelet[control-plane]Usingmanifestfolder"/etc/kubernetes/manifests"[control-plane]CreatingstaticPodmanifestfor"kube-apiserver"[control-plane]CreatingstaticPodmanifestfor"kube-controller-manager"[control-plane]CreatingstaticPodmanifestfor"kube-scheduler"[etcd]CreatingstaticPodmanifestforlocaletcdin"/etc/kubernetes/manifests"[wait-control-plane]WaitingforthekubelettobootupthecontrolplaneasstaticPodsfromdirectory"/etc/kubernetes/manifests".Thiscantakeupto4m0s[apiclient]Allcontrolplanecomponentsarehealthyafter36.180436seconds[upload-config]StoringtheconfigurationusedinConfigMap"kubeadm-config"inthe"kube-system"Namespace[kubelet]CreatingaConfigMap"kubelet-config-1.19"innamespacekube-systemwiththeconfigurationforthekubeletsinthecluster[upload-certs]Skippingphase.Pleasesee--upload-certs[mark-control-plane]Markingthenodemasterascontrol-planebyaddingthelabel"node-role.kubernetes.io/master=''"[mark-control-plane]Markingthenodemasterascontrol-planebyaddingthetaints[node-role.kubernetes.io/master:NoSchedule][bootstrap-token]Usingtoken:on2k3m.xpk70r1pmjrcemw1[bootstrap-token]Configuringbootstraptokens,cluster-infoConfigMap,RBACRoles[bootstrap-token]configuredRBACrulestoallowNodeBootstraptokenstogetnodes[bootstrap-token]configuredRBACrulestoallowNodeBootstraptokenstopostCSRsinorderfornodestogetlongtermcertificatecredentials[bootstrap-token]configuredRBACrulestoallowthecsrapprovercontrollerautomaticallyapproveCSRsfromaNodeBootstrapToken[bootstrap-token]configuredRBACrulestoallowcertificaterotationforallnodeclientcertificatesinthecluster[bootstrap-token]Creatingthe"cluster-info"ConfigMapinthe"kube-public"namespace[kubelet-finalize]Updating"/etc/kubernetes/kubelet.conf"topointtoarotatablekubeletclientcertificateandkey[addons]Appliedessentialaddon:CoreDNS[addons]Appliedessentialaddon:kube-proxyYourKubernetescontrol-planehasinitializedsuccessfully!Tostartusingyourcluster,youneedtorunthefollowingasaregularuser:mkdir-p$HOME/.kubesudocp-i/etc/kubernetes/admin.conf$HOME/.kube/configsudochown$(id-u):$(id-g)$HOME/.kube/configYoushouldnowdeployapodnetworktothecluster.Run"kubectlapply-f[podnetwork].yaml"withoneoftheoptionslistedat:https://kubernetes.io/docs/concepts/cluster-administration/addons/Thenyoucanjoinanynumberofworkernodesbyrunningthefollowingoneachasroot:kubeadmjoin0:6443--tokenon2k3m.xpk70r1pmjrcemw1\--discovery-token-ca-cert-hashsha256:ec388416ec8c934948157963b39fcbd2d56bf143ea15b2bfd119be143194d683注意，最后三行代碼是配置Node節點加入集群的token指令，在Node節點輸入此token指令即可加入集群，請將其復制保存。Kubernetes集群初始化完成了四項工作：(1)[kubelet]：生成Kubelet的配置文件“/var/lib/kubelet/config.yaml”。(2)[certificates]：生成相關的各種證書。(3)[kubeconfig]：生成kubeconfig文件(4)[bootstraptoken]:生成token。第八步：在master節點配置Kubectl，并查看節點狀態，操作命令如下：[root@master~]#rm-rf$HOME/.kube[root@master~]#mkdir-p$HOME/.kube[root@master~]#cp-i/etc/kubernetes/admin.conf$HOME/.kube/config[root@master~]#chown$(id-u):$(id-g)$HOME/.kube/config[root@master~]#kubectlgetnodes命令運行結果如圖9-12所示。圖9-12在master節點配置Kubectl，并查看節點狀態注意：此時master節點的狀態為“NotReady”，因為還沒有安裝網絡插件。第九步：在master節點上，安裝網絡插件flannel，并啟動Kubectl，操作命令如下：[root@master~]#dockerpullquay.io/coreos/flannel:v0.11.0-amd64[root@master~]#wget/coreos/flannel/master/Documentation/kube-flannel.yml[root@master~]#kubectlapply-fkube-flannel.yml命令運行結果如圖9-13所示。圖9-13在master節點上，安裝網絡插件flannel并啟動Kubectl第十步：在node1節點和node2節點上，安裝網絡插件flannel，并啟動Kubectl，操作命令如下：注意：此處僅給出node1節點的操作，node2節點的操作類似。[root@node1~]#dockerpullquay.io/coreos/flannel:v0.11.0-amd64[root@node1~]#wget/coreos/flannel/master/Documentation/kube-flannel.yml[root@node1~]#kubectlapply-fkube-flannel.yml命令運行結果如圖9-14所示。圖9-14在node1節點上安裝網絡插件flannel，并啟動Kubectl注意，以上啟動Kubectl失敗，原因是kubectl命令需要使用kubernetes-admin的身份來運行，在“kubeadmint”啟動集群的步驟中已經生成“/etc/kubernetes/admin.conf”，只有將主節點中的“/etc/kubernetes/admin.conf”文件拷貝到node1節點和node2節點相同目錄下，并且配置環境變量，才能啟動Kubectl成功。解決辦法如下：（1）首先需在master節點上復制文件到node1節點和node2節點，操作命令為：[root@master~]#scp/etc/kubernetes/admin.confroot@1:/etc/kubernetes/admin.conf[root@master~]#scp/etc/kubernetes/admin.confroot@2:/etc/kubernetes/admin.conf命令運行結果如圖9-15所示。圖9-15在master節點上復制文件到node1節點和node2節點（2）在n