Dcker容器技术应用 实验指导书 任务9.2.2 部署Kubernetes集群

任务9.2.2部署Kubernetes集群（1）任务目标掌握部署Kubernetes集群的方法（2）任务内容配置Kubeadm和Kubelet的Repo源并安装配置网络转发参数并使其生效加载IPVS相关内核模块配置Kubelet的Cgroups，启动Kubelet服务初始化Master节点安装网络插件flannel并启动Kubelet将Node1和Node2加入集群（3）完成任务所需的设备和软件一台安装Windows10操作系统的计算机VMwareWorkstation，Docker远程管理工具MobaXterm（4）任务实施步骤：以下第一步至第六步需在master、node1和node2三台节点上同时运行，在此仅给出master节点的运行步骤，其它节点可参照进行。第一步：配置Kubeadm和Kubelet的Repo源，下载安装信息并缓存到本地，操作命令如下：[root@master~]#vim/etc/yum.repos.d/Kubernetes.repo[Kubernetes]name=Kubernetesbaseurl=/kubernetes/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=0repo_gpgcheck=0gpgkey=/kubernetes/yum/doc/yum-key.gpg/kubernetes/yum/doc/rpm-package-key.gpg[root@master~]#yummakecachefast命令运行结果如图9-6所示。图9-6配置Kubeadm和Kubelet的Repo源，下载安装信息并缓存到本地第二步：安装Kubeadm和Kubelet工具，操作命令如下：[root@master~]#yuminstall-ykubelet-1.19.0kubeadm-1.19.0kubectl-1.19.0命令运行结果如图9-7所示。图9-7安装Kubeadm和Kubelet工具第三步：配置网络转发参数并使其生效，确保集群能够正常通信，操作命令如下：[root@master~]#vim/etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1vm.swappiness=0[root@master~]#sysctl--system命令运行结果如图9-8所示。图9-8配置网络转发参数并使其生效第四步：加载IPVS相关内核模块，并查看是否加载成功，操作命令如下：[root@master~]#modprobeip_vs[root@master~]#modprobeip_vs_rr[root@master~]#modprobeip_vs_wrr[root@master~]#modprobeip_vs_sh[root@master~]#modprobenf_conntrack_ipv4[root@master~]#lsmod|grepip_vs命令运行结果如图9-9所示。图9-9加载IPVS相关内核模块并查看是否加载成功第五步：获取Docker的Cgroups，配置Kubelet的Cgroups，操作命令如下：[root@master~]#DOCKER_CGROUPS=$(dockerinfo|grep'Cgroup'|cut-d''-f4)[root@master~]#echo$DOCKER_CGROUPS[root@master~]#cat>/etc/sysconfig/kubelet<<EOFKUBELET_EXTRA_ARGS="--cgroup-driver=$DOCKER_CGROUPS--pod-infra-container-image=/google_containers/pause-amd64:3.1"EOF如果获取Docker的Cgroups时出现WARNING:IPv4forwardingisdisabled，则需重启网络和docker，命令运行结果如图9-10所示。图9-10配置Kubelet的Cgroups第六步：启动Kubelet服务，并查看其状态，操作命令如下：[root@master~]#systemctldaemon-reload[root@master~]#systemctlrestartkubelet[root@master~]#systemctlenablekubelet[root@master~]#systemctlstatuskubelet命令运行结果如图9-11所示。图9-11启动Kubelet服务，并查看其状态第七步：初始化master节点，操作命令如下：[root@master~]#kubeadminit--kubernetes-version=v1.19.0--service-cidr=/12--pod-network-cidr=/16--apiserver-advertise-address=0--ignore-preflight-errors=Swap--image-repository=/google_containers命令运行后，会显示以下内容：W121421:26:13.94527328698configset.go:348]WARNING:kubeadmcannotvalidatecomponentconfigsforAPIgroups[kubelet.config.k8s.iokubeproxy.config.k8s.io][init]UsingKubernetesversion:v1.19.0[preflight]Runningpre-flightchecks[WARNINGIsDockerSystemdCheck]:detected"cgroupfs"astheDockercgroupdriver.Therecommendeddriveris"systemd".Pleasefollowtheguideathttps://kubernetes.io/docs/setup/cri/[WARNINGSystemVerification]:thisDockerversionisnotonthelistofvalidatedversions:20.10.14.Latestvalidatedversion:19.03[preflight]PullingimagesrequiredforsettingupaKubernetescluster[preflight]Thismighttakeaminuteortwo,dependingonthespeedofyourinternetconnection[preflight]Youcanalsoperformthisactioninbeforehandusing'kubeadmconfigimagespull'[certs]UsingcertificateDirfolder"/etc/kubernetes/pki"[certs]Generating"ca"certificateandkey[certs]Generating"apiserver"certificateandkey[certs]apiserverservingcertissignedforDNSnames[kuberneteskubernetes.defaultkubernetes.default.svckubernetes.default.svc.cluster.localmaster]andIPs[0][certs]Generating"apiserver-kubelet-client"certificateandkey[certs]Generating"front-proxy-ca"certificateandkey[certs]Generating"front-proxy-client"certificateandkey[certs]Generating"etcd/ca"certificateandkey[certs]Generating"etcd/server"certificateandkey[certs]etcd/serverservingcertissignedforDNSnames[localhostmaster]andIPs[0::1][certs]Generating"etcd/peer"certificateandkey[certs]etcd/peerservingcertissignedforDNSnames[localhostmaster]andIPs[0::1][certs]Generating"etcd/healthcheck-client"certificateandkey[certs]Generating"apiserver-etcd-client"certificateandkey[certs]Generating"sa"keyandpublickey[kubeconfig]Usingkubeconfigfolder"/etc/kubernetes"[kubeconfig]Writing"admin.conf"kubeconfigfile[kubeconfig]Writing"kubelet.conf"kubeconfigfile[kubeconfig]Writing"controller-manager.conf"kubeconfigfile[kubeconfig]Writing"scheduler.conf"kubeconfigfile[kubelet-start]Writingkubeletenvironmentfilewithflagstofile"/var/lib/kubelet/kubeadm-flags.env"[kubelet-start]Writingkubeletconfigurationtofile"/var/lib/kubelet/config.yaml"[kubelet-start]Startingthekubelet[control-plane]Usingmanifestfolder"/etc/kubernetes/manifests"[control-plane]CreatingstaticPodmanifestfor"kube-apiserver"[control-plane]CreatingstaticPodmanifestfor"kube-controller-manager"[control-plane]CreatingstaticPodmanifestfor"kube-scheduler"[etcd]CreatingstaticPodmanifestforlocaletcdin"/etc/kubernetes/manifests"[wait-control-plane]WaitingforthekubelettobootupthecontrolplaneasstaticPodsfromdirectory"/etc/kubernetes/manifests".Thiscantakeupto4m0s[apiclient]Allcontrolplanecomponentsarehealthyafter36.180436seconds[upload-config]StoringtheconfigurationusedinConfigMap"kubeadm-config"inthe"kube-system"Namespace[kubelet]CreatingaConfigMap"kubelet-config-1.19"innamespacekube-systemwiththeconfigurationforthekubeletsinthecluster[upload-certs]Skippingphase.Pleasesee--upload-certs[mark-control-plane]Markingthenodemasterascontrol-planebyaddingthelabel"node-role.kubernetes.io/master=''"[mark-control-plane]Markingthenodemasterascontrol-planebyaddingthetaints[node-role.kubernetes.io/master:NoSchedule][bootstrap-token]Usingtoken:on2k3m.xpk70r1pmjrcemw1[bootstrap-token]Configuringbootstraptokens,cluster-infoConfigMap,RBACRoles[bootstrap-token]configuredRBACrulestoallowNodeBootstraptokenstogetnodes[bootstrap-token]configuredRBACrulestoallowNodeBootstraptokenstopostCSRsinorderfornodestogetlongtermcertificatecredentials[bootstrap-token]configuredRBACrulestoallowthecsrapprovercontrollerautomaticallyapproveCSRsfromaNodeBootstrapToken[bootstrap-token]configuredRBACrulestoallowcertificaterotationforallnodeclientcertificatesinthecluster[bootstrap-token]Creatingthe"cluster-info"ConfigMapinthe"kube-public"namespace[kubelet-finalize]Updating"/etc/kubernetes/kubelet.conf"topointtoarotatablekubeletclientcertificateandkey[addons]Appliedessentialaddon:CoreDNS[addons]Appliedessentialaddon:kube-proxyYourKubernetescontrol-planehasinitializedsuccessfully!Tostartusingyourcluster,youneedtorunthefollowingasaregularuser:mkdir-p$HOME/.kubesudocp-i/etc/kubernetes/admin.conf$HOME/.kube/configsudochown$(id-u):$(id-g)$HOME/.kube/configYoushouldnowdeployapodnetworktothecluster.Run"kubectlapply-f[podnetwork].yaml"withoneoftheoptionslistedat:https://kubernetes.io/docs/concepts/cluster-administration/addons/Thenyoucanjoinanynumberofworkernodesbyrunningthefollowingoneachasroot:kubeadmjoin0:6443--tokenon2k3m.xpk70r1pmjrcemw1\--discovery-token-ca-cert-hashsha256:ec388416ec8c934948157963b39fcbd2d56bf143ea15b2bfd119be143194d683注意，最后三行代码是配置Node节点加入集群的token指令，在Node节点输入此token指令即可加入集群，请将其复制保存。Kubernetes集群初始化完成了四项工作：(1)[kubelet]：生成Kubelet的配置文件“/var/lib/kubelet/config.yaml”。(2)[certificates]：生成相关的各种证书。(3)[kubeconfig]：生成kubeconfig文件(4)[bootstraptoken]:生成token。第八步：在master节点配置Kubectl，并查看节点状态，操作命令如下：[root@master~]#rm-rf$HOME/.kube[root@master~]#mkdir-p$HOME/.kube[root@master~]#cp-i/etc/kubernetes/admin.conf$HOME/.kube/config[root@master~]#chown$(id-u):$(id-g)$HOME/.kube/config[root@master~]#kubectlgetnodes命令运行结果如图9-12所示。图9-12在master节点配置Kubectl，并查看节点状态注意：此时master节点的状态为“NotReady”，因为还没有安装网络插件。第九步：在master节点上，安装网络插件flannel，并启动Kubectl，操作命令如下：[root@master~]#dockerpullquay.io/coreos/flannel:v0.11.0-amd64[root@master~]#wget/coreos/flannel/master/Documentation/kube-flannel.yml[root@master~]#kubectlapply-fkube-flannel.yml命令运行结果如图9-13所示。图9-13在master节点上，安装网络插件flannel并启动Kubectl第十步：在node1节点和node2节点上，安装网络插件flannel，并启动Kubectl，操作命令如下：注意：此处仅给出node1节点的操作，node2节点的操作类似。[root@node1~]#dockerpullquay.io/coreos/flannel:v0.11.0-amd64[root@node1~]#wget/coreos/flannel/master/Documentation/kube-flannel.yml[root@node1~]#kubectlapply-fkube-flannel.yml命令运行结果如图9-14所示。图9-14在node1节点上安装网络插件flannel，并启动Kubectl注意，以上启动Kubectl失败，原因是kubectl命令需要使用kubernetes-admin的身份来运行，在“kubeadmint”启动集群的步骤中已经生成“/etc/kubernetes/admin.conf”，只有将主节点中的“/etc/kubernetes/admin.conf”文件拷贝到node1节点和node2节点相同目录下，并且配置环境变量，才能启动Kubectl成功。解决办法如下：（1）首先需在master节点上复制文件到node1节点和node2节点，操作命令为：[root@master~]#scp/etc/kubernetes/admin.confroot@1:/etc/kubernetes/admin.conf[root@master~]#scp/etc/kubernetes/admin.confroot@2:/etc/kubernetes/admin.conf命令运行结果如图9-15所示。图9-15在master节点上复制文件到node1节点和node2节点（2）在n