参考文档node
注:二进制文件前面已经分发到各个节点git
1.建立 kube-scheduler 证书和密钥github
建立证书签名请求web
[root@k8s-node1 kube-scheduler]# pwd /opt/k8s/k8s_software/server/kube-scheduler
[root@k8s-node1 kube-scheduler]# cat kube-scheduler-csr.json
{
"CN": "system:kube-scheduler",
"hosts": [
"127.0.0.1",
"192.168.174.128",
"192.168.174.129",
"192.168.174.130"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "SZ",
"L": "SZ",
"O": "system:kube-scheduler",
"OU": "4Paradigm"
}
]
}
[root@k8s-node1 kube-scheduler]#
生成证书和密钥json
[root@k8s-node1 kube-scheduler]# cfssl gencert -ca=/etc/kubernetes/cert/ca.pem -ca-key=/etc/kubernetes/cert/ca-key.pem -config=/etc/kubernetes/cert/ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler
2019/11/04 23:07:22 [INFO] generate received request
2019/11/04 23:07:22 [INFO] received CSR
2019/11/04 23:07:22 [INFO] generating key: rsa-2048
2019/11/04 23:07:23 [INFO] encoded CSR
2019/11/04 23:07:23 [INFO] signed certificate with serial number 157337328590831228861216677538063218085327184629
2019/11/04 23:07:23 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@k8s-node1 kube-scheduler]#
[root@k8s-node1 kube-scheduler]# ls kube-scheduler.csr kube-scheduler-csr.json kube-scheduler-key.pem kube-scheduler.pem [root@k8s-node1 kube-scheduler]#
2.建立和分发 kubeconfig 文件api
建立kubeconfig文件ssh
[root@k8s-node1 kube-scheduler]# kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/cert/ca.pem --embed-certs=true --server=https://192.168.174.127:8443 --kubeconfig=kube-scheduler.kubeconfig Cluster "kubernetes" set. [root@k8s-node1 kube-scheduler]# kubectl config set-credentials system:kube-scheduler --client-certificate=kube-scheduler.pem --client-key=kube-scheduler-key.pem --embed-certs=true --kubeconfig=kube-scheduler.kubeconfig User "system:kube-scheduler" set. [root@k8s-node1 kube-scheduler]# kubectl config set-context system:kube-scheduler --cluster=kubernetes --user=system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig Context "system:kube-scheduler" created. [root@k8s-node1 kube-scheduler]# kubectl config use-context system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig Switched to context "system:kube-scheduler". [root@k8s-node1 kube-scheduler]#
分发kubeconfig文件ide
[root@k8s-node1 kube-scheduler]# cp kube-scheduler.kubeconfig /etc/kubernetes/ [root@k8s-node1 kube-scheduler]# scp kube-scheduler.kubeconfig root@k8s-node2:/etc/kubernetes/ kube-scheduler.kubeconfig 100% 6373 4.5MB/s 00:00 [root@k8s-node1 kube-scheduler]# scp kube-scheduler.kubeconfig root@k8s-node3:/etc/kubernetes/ kube-scheduler.kubeconfig 100% 6373 5.8MB/s 00:00 [root@k8s-node1 kube-scheduler]#
修改下权限测试
[root@k8s-node1 kube-scheduler]# chown -R k8s /etc/kubernetes/ && chmod -R +x /etc/kubernetes/ [root@k8s-node1 kube-scheduler]# ssh root@k8s-node2 "chown -R k8s /etc/kubernetes/ && chmod -R +x /etc/kubernetes/" [root@k8s-node1 kube-scheduler]# ssh root@k8s-node3 "chown -R k8s /etc/kubernetes/ && chmod -R +x /etc/kubernetes/"
3.建立和分发 kube-scheduler systemd unit 文件ui
注:
-address:在 127.0.0.1:10251 端口接收 http /metrics 请求.kube-scheduler目前还不支持接收 https 请求.
--kubeconfig:指定 kubeconfig 文件路径,kube-scheduler 使用它链接和验证kube-apiserver.
--leader-elect=true:集群运行模式,启用选举功能,被选为 leader 的节点负责处理工做,其它节点为阻塞状态.
User=k8s:使用 k8s 帐户运行.
[root@k8s-node1 kube-scheduler]# pwd /opt/k8s/k8s_software/server/kube-scheduler
[root@k8s-node1 kube-scheduler]# cat kube-scheduler.service [Unit] Description=Kubernetes Scheduler Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] ExecStart=/opt/k8s/bin/kube-scheduler \ --address=127.0.0.1 \ --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \ --leader-elect=true \ --alsologtostderr=true \ --logtostderr=false \ --log-dir=/var/log/kubernetes \ --v=2 Restart=on-failure RestartSec=5 User=k8s [Install] WantedBy=multi-user.target [root@k8s-node1 kube-scheduler]#
分发文件到全部节点
[root@k8s-node1 kube-scheduler]# cp kube-scheduler.service /etc/systemd/system [root@k8s-node1 kube-scheduler]# scp kube-scheduler.service root@k8s-node2:/etc/systemd/system kube-scheduler.service 100% 418 542.9KB/s 00:00 [root@k8s-node1 kube-scheduler]# scp kube-scheduler.service root@k8s-node3:/etc/systemd/system kube-scheduler.service 100% 418 410.8KB/s 00:00 [root@k8s-node1 kube-scheduler]#
修改下权限
[root@k8s-node1 kube-scheduler]# chmod +x -R /etc/systemd/system [root@k8s-node1 kube-scheduler]# ssh root@k8s-node2 "chmod +x -R /etc/systemd/system" [root@k8s-node1 kube-scheduler]# ssh root@k8s-node3 "chmod +x -R /etc/systemd/system" [root@k8s-node1 kube-scheduler]#
4.启动服务
systemctl daemon-reload && systemctl enable kube-scheduler && systemctl restart kube-scheduler
[root@k8s-node1 kube-scheduler]# systemctl status kube-scheduler
● kube-scheduler.service - Kubernetes Scheduler
Loaded: loaded (/etc/systemd/system/kube-scheduler.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2019-11-04 23:20:34 EST; 26s ago
Docs: https://github.com/GoogleCloudPlatform/kubernetes
Main PID: 23458 (kube-scheduler)
Tasks: 8
Memory: 49.9M
CGroup: /system.slice/kube-scheduler.service
└─23458 /opt/k8s/bin/kube-scheduler --address=127.0.0.1 --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --leader-el...
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.328287 23458 defaults.go:87] TaintNodesByCondition is enabled...datory
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.328323 23458 server.go:161] Starting Kubernetes Scheduler ver...1.15.5
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.329499 23458 factory.go:345] Creating scheduler from algorith...vider'
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.329515 23458 factory.go:433] Creating scheduler with fit pred...onflic
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: W1104 23:20:35.330652 23458 authorization.go:47] Authorization is disabled
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: W1104 23:20:35.330663 23458 authentication.go:55] Authentication is disabled
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.330674 23458 deprecated_insecure_serving.go:51] Serving healt...:10251
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.331076 23458 secure_serving.go:116] Serving securely on [::]:10259
Nov 04 23:20:36 k8s-node1 kube-scheduler[23458]: I1104 23:20:36.236301 23458 leaderelection.go:235] attempting to acquire lea...ler...
Nov 04 23:20:36 k8s-node1 kube-scheduler[23458]: I1104 23:20:36.258688 23458 leaderelection.go:245] successfully acquired lea...eduler
Hint: Some lines were ellipsized, use -l to show in full.
[root@k8s-node1 kube-scheduler]#
5.测试下
查看当前leader
[root@k8s-node1 kube-scheduler]# kubectl get endpoints kube-scheduler --namespace=kube-system -o yaml
apiVersion: v1
kind: Endpoints
metadata:
annotations:
control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"k8s-node1_ded3655a-d1a5-4d09-a5bf-4b4e21087d9d","leaseDurationSeconds":15,"acquireTime":"2019-11-05T04:20:36Z","renewTime":"2019-11-05T04:22:15Z","leaderTransitions":0}'
creationTimestamp: "2019-11-05T04:20:36Z"
name: kube-scheduler
namespace: kube-system
resourceVersion: "4930"
selfLink: /api/v1/namespaces/kube-system/endpoints/kube-scheduler
uid: 502bfeeb-b16c-4191-bbb8-f1092760b064
[root@k8s-node1 kube-scheduler]#
[root@k8s-node1 kube-scheduler]# kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-2 Healthy {"health":"true"}
etcd-0 Healthy {"health":"true"}
etcd-1 Healthy {"health":"true"}
[root@k8s-node1 kube-scheduler]#