部署高可用 kube-scheduler 集羣
注:二進制文件前面已經分發到各個節點
1.創建 kube-scheduler 證書和密鑰
創建證書籤名請求
[root@k8s-node1 kube-scheduler]# pwd
/opt/k8s/k8s_software/server/kube-scheduler[root@k8s-node1 kube-scheduler]# cat kube-scheduler-csr.json
{
"CN": "system:kube-scheduler",
"hosts": [
"127.0.0.1",
"192.168.174.128",
"192.168.174.129",
"192.168.174.130"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "SZ",
"L": "SZ",
"O": "system:kube-scheduler",
"OU": "4Paradigm"
}
]
}
[root@k8s-node1 kube-scheduler]#生成證書和密鑰
[root@k8s-node1 kube-scheduler]# cfssl gencert -ca=/etc/kubernetes/cert/ca.pem -ca-key=/etc/kubernetes/cert/ca-key.pem -config=/etc/kubernetes/cert/ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler
2019/11/04 23:07:22 [INFO] generate received request
2019/11/04 23:07:22 [INFO] received CSR
2019/11/04 23:07:22 [INFO] generating key: rsa-2048
2019/11/04 23:07:23 [INFO] encoded CSR
2019/11/04 23:07:23 [INFO] signed certificate with serial number 157337328590831228861216677538063218085327184629
2019/11/04 23:07:23 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@k8s-node1 kube-scheduler]#[root@k8s-node1 kube-scheduler]# ls
kube-scheduler.csr kube-scheduler-csr.json kube-scheduler-key.pem kube-scheduler.pem
[root@k8s-node1 kube-scheduler]#2.創建和分發 kubeconfig 文件
創建kubeconfig文件
[root@k8s-node1 kube-scheduler]# kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/cert/ca.pem --embed-certs=true --server=https://192.168.174.127:8443 --kubeconfig=kube-scheduler.kubeconfig
Cluster "kubernetes" set.
[root@k8s-node1 kube-scheduler]# kubectl config set-credentials system:kube-scheduler --client-certificate=kube-scheduler.pem --client-key=kube-scheduler-key.pem --embed-certs=true --kubeconfig=kube-scheduler.kubeconfig
User "system:kube-scheduler" set.
[root@k8s-node1 kube-scheduler]# kubectl config set-context system:kube-scheduler --cluster=kubernetes --user=system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig
Context "system:kube-scheduler" created.
[root@k8s-node1 kube-scheduler]# kubectl config use-context system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig
Switched to context "system:kube-scheduler".
[root@k8s-node1 kube-scheduler]#分發kubeconfig文件
[root@k8s-node1 kube-scheduler]# cp kube-scheduler.kubeconfig /etc/kubernetes/
[root@k8s-node1 kube-scheduler]# scp kube-scheduler.kubeconfig root@k8s-node2:/etc/kubernetes/
kube-scheduler.kubeconfig 100% 6373 4.5MB/s 00:00
[root@k8s-node1 kube-scheduler]# scp kube-scheduler.kubeconfig root@k8s-node3:/etc/kubernetes/
kube-scheduler.kubeconfig 100% 6373 5.8MB/s 00:00
[root@k8s-node1 kube-scheduler]#修改下權限
[root@k8s-node1 kube-scheduler]# chown -R k8s /etc/kubernetes/ && chmod -R +x /etc/kubernetes/
[root@k8s-node1 kube-scheduler]# ssh root@k8s-node2 "chown -R k8s /etc/kubernetes/ && chmod -R +x /etc/kubernetes/"
[root@k8s-node1 kube-scheduler]# ssh root@k8s-node3 "chown -R k8s /etc/kubernetes/ && chmod -R +x /etc/kubernetes/"3.創建和分發 kube-scheduler systemd unit 文件
注:
-address:在 127.0.0.1:10251 端口接收 http /metrics 請求.kube-scheduler目前還不支持接收 https 請求.
--kubeconfig:指定 kubeconfig 文件路徑,kube-scheduler 使用它連接和驗證kube-apiserver.
--leader-elect=true:集羣運行模式,啓用選舉功能,被選爲 leader 的節點負責處理工作,其它節點爲阻塞狀態.
User=k8s:使用 k8s 賬戶運行.
[root@k8s-node1 kube-scheduler]# pwd
/opt/k8s/k8s_software/server/kube-scheduler[root@k8s-node1 kube-scheduler]# cat kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
ExecStart=/opt/k8s/bin/kube-scheduler \
--address=127.0.0.1 \
--kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \
--leader-elect=true \
--alsologtostderr=true \
--logtostderr=false \
--log-dir=/var/log/kubernetes \
--v=2
Restart=on-failure
RestartSec=5
User=k8s
[Install]
WantedBy=multi-user.target
[root@k8s-node1 kube-scheduler]#分發文件到所有節點
[root@k8s-node1 kube-scheduler]# cp kube-scheduler.service /etc/systemd/system
[root@k8s-node1 kube-scheduler]# scp kube-scheduler.service root@k8s-node2:/etc/systemd/system
kube-scheduler.service 100% 418 542.9KB/s 00:00
[root@k8s-node1 kube-scheduler]# scp kube-scheduler.service root@k8s-node3:/etc/systemd/system
kube-scheduler.service 100% 418 410.8KB/s 00:00
[root@k8s-node1 kube-scheduler]# 修改下權限
[root@k8s-node1 kube-scheduler]# chmod +x -R /etc/systemd/system
[root@k8s-node1 kube-scheduler]# ssh root@k8s-node2 "chmod +x -R /etc/systemd/system"
[root@k8s-node1 kube-scheduler]# ssh root@k8s-node3 "chmod +x -R /etc/systemd/system"
[root@k8s-node1 kube-scheduler]# 4.啓動服務
systemctl daemon-reload && systemctl enable kube-scheduler && systemctl restart kube-scheduler[root@k8s-node1 kube-scheduler]# systemctl status kube-scheduler
● kube-scheduler.service - Kubernetes Scheduler
Loaded: loaded (/etc/systemd/system/kube-scheduler.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2019-11-04 23:20:34 EST; 26s ago
Docs: https://github.com/GoogleCloudPlatform/kubernetes
Main PID: 23458 (kube-scheduler)
Tasks: 8
Memory: 49.9M
CGroup: /system.slice/kube-scheduler.service
└─23458 /opt/k8s/bin/kube-scheduler --address=127.0.0.1 --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --leader-el...
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.328287 23458 defaults.go:87] TaintNodesByCondition is enabled...datory
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.328323 23458 server.go:161] Starting Kubernetes Scheduler ver...1.15.5
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.329499 23458 factory.go:345] Creating scheduler from algorith...vider'
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.329515 23458 factory.go:433] Creating scheduler with fit pred...onflic
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: W1104 23:20:35.330652 23458 authorization.go:47] Authorization is disabled
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: W1104 23:20:35.330663 23458 authentication.go:55] Authentication is disabled
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.330674 23458 deprecated_insecure_serving.go:51] Serving healt...:10251
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.331076 23458 secure_serving.go:116] Serving securely on [::]:10259
Nov 04 23:20:36 k8s-node1 kube-scheduler[23458]: I1104 23:20:36.236301 23458 leaderelection.go:235] attempting to acquire lea...ler...
Nov 04 23:20:36 k8s-node1 kube-scheduler[23458]: I1104 23:20:36.258688 23458 leaderelection.go:245] successfully acquired lea...eduler
Hint: Some lines were ellipsized, use -l to show in full.
[root@k8s-node1 kube-scheduler]#5.測試下
查看當前leader
[root@k8s-node1 kube-scheduler]# kubectl get endpoints kube-scheduler --namespace=kube-system -o yaml
apiVersion: v1
kind: Endpoints
metadata:
annotations:
control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"k8s-node1_ded3655a-d1a5-4d09-a5bf-4b4e21087d9d","leaseDurationSeconds":15,"acquireTime":"2019-11-05T04:20:36Z","renewTime":"2019-11-05T04:22:15Z","leaderTransitions":0}'
creationTimestamp: "2019-11-05T04:20:36Z"
name: kube-scheduler
namespace: kube-system
resourceVersion: "4930"
selfLink: /api/v1/namespaces/kube-system/endpoints/kube-scheduler
uid: 502bfeeb-b16c-4191-bbb8-f1092760b064
[root@k8s-node1 kube-scheduler]#[root@k8s-node1 kube-scheduler]# kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-2 Healthy {"health":"true"}
etcd-0 Healthy {"health":"true"}
etcd-1 Healthy {"health":"true"}
[root@k8s-node1 kube-scheduler]#