k8s集羣部署v1.15實踐9:部署高可用 kube-scheduler 集羣
參考文檔node
部署高可用 kube-scheduler 集羣
注:二進制文件前面已經分發到各個節點git
1.建立 kube-scheduler 證書和密鑰github
建立證書籤名請求web
[root@k8s-node1 kube-scheduler]# pwd /opt/k8s/k8s_software/server/kube-scheduler
[root@k8s-node1 kube-scheduler]# cat kube-scheduler-csr.json
{
"CN": "system:kube-scheduler",
"hosts": [
"127.0.0.1",
"192.168.174.128",
"192.168.174.129",
"192.168.174.130"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "SZ",
"L": "SZ",
"O": "system:kube-scheduler",
"OU": "4Paradigm"
}
]
}
[root@k8s-node1 kube-scheduler]#
生成證書和密鑰json
[root@k8s-node1 kube-scheduler]# cfssl gencert -ca=/etc/kubernetes/cert/ca.pem -ca-key=/etc/kubernetes/cert/ca-key.pem -config=/etc/kubernetes/cert/ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler
2019/11/04 23:07:22 [INFO] generate received request
2019/11/04 23:07:22 [INFO] received CSR
2019/11/04 23:07:22 [INFO] generating key: rsa-2048
2019/11/04 23:07:23 [INFO] encoded CSR
2019/11/04 23:07:23 [INFO] signed certificate with serial number 157337328590831228861216677538063218085327184629
2019/11/04 23:07:23 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@k8s-node1 kube-scheduler]#
[root@k8s-node1 kube-scheduler]# ls kube-scheduler.csr kube-scheduler-csr.json kube-scheduler-key.pem kube-scheduler.pem [root@k8s-node1 kube-scheduler]#
2.建立和分發 kubeconfig 文件api
建立kubeconfig文件ssh
[root@k8s-node1 kube-scheduler]# kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/cert/ca.pem --embed-certs=true --server=https://192.168.174.127:8443 --kubeconfig=kube-scheduler.kubeconfig Cluster "kubernetes" set. [root@k8s-node1 kube-scheduler]# kubectl config set-credentials system:kube-scheduler --client-certificate=kube-scheduler.pem --client-key=kube-scheduler-key.pem --embed-certs=true --kubeconfig=kube-scheduler.kubeconfig User "system:kube-scheduler" set. [root@k8s-node1 kube-scheduler]# kubectl config set-context system:kube-scheduler --cluster=kubernetes --user=system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig Context "system:kube-scheduler" created. [root@k8s-node1 kube-scheduler]# kubectl config use-context system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig Switched to context "system:kube-scheduler". [root@k8s-node1 kube-scheduler]#
分發kubeconfig文件ide
[root@k8s-node1 kube-scheduler]# cp kube-scheduler.kubeconfig /etc/kubernetes/ [root@k8s-node1 kube-scheduler]# scp kube-scheduler.kubeconfig root@k8s-node2:/etc/kubernetes/ kube-scheduler.kubeconfig 100% 6373 4.5MB/s 00:00 [root@k8s-node1 kube-scheduler]# scp kube-scheduler.kubeconfig root@k8s-node3:/etc/kubernetes/ kube-scheduler.kubeconfig 100% 6373 5.8MB/s 00:00 [root@k8s-node1 kube-scheduler]#
修改下權限測試
[root@k8s-node1 kube-scheduler]# chown -R k8s /etc/kubernetes/ && chmod -R +x /etc/kubernetes/ [root@k8s-node1 kube-scheduler]# ssh root@k8s-node2 "chown -R k8s /etc/kubernetes/ && chmod -R +x /etc/kubernetes/" [root@k8s-node1 kube-scheduler]# ssh root@k8s-node3 "chown -R k8s /etc/kubernetes/ && chmod -R +x /etc/kubernetes/"
3.建立和分發 kube-scheduler systemd unit 文件ui
注:
-address:在 127.0.0.1:10251 端口接收 http /metrics 請求.kube-scheduler目前還不支持接收 https 請求.
--kubeconfig:指定 kubeconfig 文件路徑,kube-scheduler 使用它鏈接和驗證kube-apiserver.
--leader-elect=true:集羣運行模式,啓用選舉功能,被選爲 leader 的節點負責處理工做,其它節點爲阻塞狀態.
User=k8s:使用 k8s 帳戶運行.
[root@k8s-node1 kube-scheduler]# pwd /opt/k8s/k8s_software/server/kube-scheduler
[root@k8s-node1 kube-scheduler]# cat kube-scheduler.service [Unit] Description=Kubernetes Scheduler Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] ExecStart=/opt/k8s/bin/kube-scheduler \ --address=127.0.0.1 \ --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \ --leader-elect=true \ --alsologtostderr=true \ --logtostderr=false \ --log-dir=/var/log/kubernetes \ --v=2 Restart=on-failure RestartSec=5 User=k8s [Install] WantedBy=multi-user.target [root@k8s-node1 kube-scheduler]#
分發文件到全部節點
[root@k8s-node1 kube-scheduler]# cp kube-scheduler.service /etc/systemd/system [root@k8s-node1 kube-scheduler]# scp kube-scheduler.service root@k8s-node2:/etc/systemd/system kube-scheduler.service 100% 418 542.9KB/s 00:00 [root@k8s-node1 kube-scheduler]# scp kube-scheduler.service root@k8s-node3:/etc/systemd/system kube-scheduler.service 100% 418 410.8KB/s 00:00 [root@k8s-node1 kube-scheduler]#
修改下權限
[root@k8s-node1 kube-scheduler]# chmod +x -R /etc/systemd/system [root@k8s-node1 kube-scheduler]# ssh root@k8s-node2 "chmod +x -R /etc/systemd/system" [root@k8s-node1 kube-scheduler]# ssh root@k8s-node3 "chmod +x -R /etc/systemd/system" [root@k8s-node1 kube-scheduler]#
4.啓動服務
systemctl daemon-reload && systemctl enable kube-scheduler && systemctl restart kube-scheduler
[root@k8s-node1 kube-scheduler]# systemctl status kube-scheduler
● kube-scheduler.service - Kubernetes Scheduler
Loaded: loaded (/etc/systemd/system/kube-scheduler.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2019-11-04 23:20:34 EST; 26s ago
Docs: https://github.com/GoogleCloudPlatform/kubernetes
Main PID: 23458 (kube-scheduler)
Tasks: 8
Memory: 49.9M
CGroup: /system.slice/kube-scheduler.service
└─23458 /opt/k8s/bin/kube-scheduler --address=127.0.0.1 --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --leader-el...
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.328287 23458 defaults.go:87] TaintNodesByCondition is enabled...datory
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.328323 23458 server.go:161] Starting Kubernetes Scheduler ver...1.15.5
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.329499 23458 factory.go:345] Creating scheduler from algorith...vider'
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.329515 23458 factory.go:433] Creating scheduler with fit pred...onflic
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: W1104 23:20:35.330652 23458 authorization.go:47] Authorization is disabled
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: W1104 23:20:35.330663 23458 authentication.go:55] Authentication is disabled
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.330674 23458 deprecated_insecure_serving.go:51] Serving healt...:10251
Nov 04 23:20:35 k8s-node1 kube-scheduler[23458]: I1104 23:20:35.331076 23458 secure_serving.go:116] Serving securely on [::]:10259
Nov 04 23:20:36 k8s-node1 kube-scheduler[23458]: I1104 23:20:36.236301 23458 leaderelection.go:235] attempting to acquire lea...ler...
Nov 04 23:20:36 k8s-node1 kube-scheduler[23458]: I1104 23:20:36.258688 23458 leaderelection.go:245] successfully acquired lea...eduler
Hint: Some lines were ellipsized, use -l to show in full.
[root@k8s-node1 kube-scheduler]#
5.測試下
查看當前leader
[root@k8s-node1 kube-scheduler]# kubectl get endpoints kube-scheduler --namespace=kube-system -o yaml
apiVersion: v1
kind: Endpoints
metadata:
annotations:
control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"k8s-node1_ded3655a-d1a5-4d09-a5bf-4b4e21087d9d","leaseDurationSeconds":15,"acquireTime":"2019-11-05T04:20:36Z","renewTime":"2019-11-05T04:22:15Z","leaderTransitions":0}'
creationTimestamp: "2019-11-05T04:20:36Z"
name: kube-scheduler
namespace: kube-system
resourceVersion: "4930"
selfLink: /api/v1/namespaces/kube-system/endpoints/kube-scheduler
uid: 502bfeeb-b16c-4191-bbb8-f1092760b064
[root@k8s-node1 kube-scheduler]#
[root@k8s-node1 kube-scheduler]# kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-2 Healthy {"health":"true"}
etcd-0 Healthy {"health":"true"}
etcd-1 Healthy {"health":"true"}
[root@k8s-node1 kube-scheduler]#
相關文章
- 1. k8s集羣部署v1.15實踐8:部署高可用 kube-controller-manager 集羣
- 2. k8s集羣部署v1.15實踐4:部署etcd集羣
- 3. k8s集羣部署v1.15實踐7:部署kube-apiserver組件
- 4. k8s集羣部署v1.15實踐5:部署flannel網絡:
- 5. Kubernetes V1.15 二進制部署k8s集羣
- 6. 高可用 kubernetes 集羣部署實踐
- 7. k8s集羣部署v1.15實踐2:建立集羣使用的證書
- 8. kubernetes(k8s):部署高可用集羣
- 9. kubeadm部署高可用K8S集羣(v1.14.0)
- 10. k8s實踐(十六):lvs+keepalived部署k8s v1.16.4高可用集羣
- 更多相關文章...
- • Swarm 集羣管理 - Docker教程
- • Maven 自動化部署 - Maven教程
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
- • ☆技術問答集錦(13)Java Instrument原理
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. python的安裝和Hello,World編寫
- 2. 重磅解讀:K8s Cluster Autoscaler模塊及對應華爲雲插件Deep Dive
- 3. 鴻蒙學習筆記2(永不斷更)
- 4. static關鍵字 和構造代碼塊
- 5. JVM筆記
- 6. 無法啓動 C/C++ 語言服務器。IntelliSense 功能將被禁用。錯誤: Missing binary at c:\Users\MSI-NB\.vscode\extensions\ms-vsc
- 7. 【Hive】Hive返回碼狀態含義
- 8. Java樹形結構遞歸(以時間換空間)和非遞歸(以空間換時間)
- 9. 數據預處理---缺失值
- 10. 都要2021年了,現代C++有什麼值得我們學習的?
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. k8s集羣部署v1.15實踐8:部署高可用 kube-controller-manager 集羣
- 2. k8s集羣部署v1.15實踐4:部署etcd集羣
- 3. k8s集羣部署v1.15實踐7:部署kube-apiserver組件
- 4. k8s集羣部署v1.15實踐5:部署flannel網絡:
- 5. Kubernetes V1.15 二進制部署k8s集羣
- 6. 高可用 kubernetes 集羣部署實踐
- 7. k8s集羣部署v1.15實踐2:建立集羣使用的證書
- 8. kubernetes(k8s):部署高可用集羣
- 9. kubeadm部署高可用K8S集羣(v1.14.0)
- 10. k8s實踐(十六):lvs+keepalived部署k8s v1.16.4高可用集羣