k8s二进制安装kube-scheduler
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了k8s二进制安装kube-scheduler相关的知识,希望对你有一定的参考价值。
参考技术A 1、创建csr请求文件,hosts 列表包含所有 kube-scheduler 节点 IP;CN为system:kube-scheduler、O 为 system:kube-scheduler,kubernetes 内置的 ClusterRoleBindings system:kube-scheduler 将赋予 kube-scheduler 工作所需的权限。
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler
2、创建kube-scheduler的kubeconfig
设置集群参数
kubectl config set-cluster kubernetes --certificate-authority=ca.pem --embed-certs=true --server=https://135.251.205.109:6443 --kubeconfig=kube-scheduler.kubeconfig
设置客户端认证参数
kubectl config set-credentials system:kube-scheduler --client-certificate=kube-scheduler.pem --client-key=kube-scheduler-key.pem --embed-certs=true --kubeconfig=kube-scheduler.kubeconfig
设置上下文参数
kubectl config set-context system:kube-scheduler --cluster=kubernetes --user=system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig
设置默认上下文
kubectl config use-context system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig
3、创建配置文件
4、创建服务启动文件
5、启动服务
cp /root/k8sbinary/TLS/k8s/kube-scheduler.kubeconfig /etc/kubernetes
cp /root/k8sbinary/TLS/k8s/kube-scheduler*.pem /etc/kubernetes/ssl/
systemctl daemon-reload
systemctl enable kube-scheduler
systemctl start kube-scheduler
systemctl status kube-scheduler
systemctl daemon-reload && systemctl restart kube-scheduler
kubernetes集群安装指南:master组件kube-scheduler部署
kube-scheduler集群包含 3 个节点,启动后将通过竞争选举机制产生一个 leader 节点,其它节点为阻塞状态。当 leader 节点不可用后,剩余节点将再次进行选举产生新的 leader 节点,从而保证服务的可用性。1 安装准备
1.1 环境变量定义
#################### Variable parameter setting ######################
KUBE_NAME=kube-scheduler
K8S_INSTALL_PATH=/data/apps/k8s/kubernetes
K8S_BIN_PATH=$K8S_INSTALL_PATH/sbin
K8S_LOG_DIR=$K8S_INSTALL_PATH/logs
K8S_CONF_PATH=/etc/k8s/kubernetes
KUBE_CONFIG_PATH=/etc/k8s/kubeconfig
CA_DIR=/etc/k8s/ssl
SOFTWARE=/root/software
VERSION=v1.14.2
PACKAGE="kubernetes-server-$VERSION-linux-amd64.tar.gz"
DOWNLOAD_URL=“”https://github.com/devops-apps/download/raw/master/kubernetes/$PACKAGE"
ETCD_ENDPOIDS=https://10.10.10.22:2379,https://10.10.10.23:2379,https://10.10.10.24:2379
ETH_INTERFACE=eth1
LISTEN_IP=$(ifconfig | grep -A 1 $ETH_INTERFACE |grep inet |awk ‘print $2‘)
USER=k8s
1.2 下载和分发 kubernetes 二进制文件
访问kubernetes github 官方地址下载稳定的 realease 包至本机;
wget $DOWNLOAD_URL -P $SOFTWARE
将kubernetes 软件包分发到各个master节点服务器;
sudo ansible master_k8s_vgs -m copy -a "src=$SOFTWARE/$PACKAGE dest=$SOFTWARE/" -b
2 部署kube-scheduler集群
2.1 安装kube-scheduler二进制文件
### 1.Check if the install directory exists.
if [ ! -d "$K8S_BIN_PATH" ]; then
mkdir -p $K8S_BIN_PATH
fi
if [ ! -d "$K8S_LOG_DIR/$KUBE_NAME" ]; then
mkdir -p $K8S_LOG_DIR/$KUBE_NAME
fi
if [ ! -d "$K8S_CONF_PATH" ]; then
mkdir -p $K8S_CONF_PATH
fi
if [ ! -d "$KUBE_CONFIG_PATH" ]; then
mkdir -p $KUBE_CONFIG_PATH
fi
### 2.Install kube-apiserver binary of kubernetes.
if [ ! -f "$SOFTWARE/kubernetes-server-$VERSION-linux-amd64.tar.gz" ]; then
wget $DOWNLOAD_URL -P $SOFTWARE >>/tmp/install.log 2>&1
fi
cd $SOFTWARE && tar -xzf kubernetes-server-$VERSION-linux-amd64.tar.gz -C ./
cp -fp kubernetes/server/bin/$KUBE_NAME $K8S_BIN_PATH
ln -sf $K8S_BIN_PATH/$KUBE_NAM /usr/local/bin
chown -R $USER:$USER $K8S_INSTALL_PATH
chmod -R 755 $K8S_INSTALL_PATH
2.1.3 分发kubeconfig文件和证书文件
分发证书
sudo ansible master_k8s_vgs -m synchronize -a "src=$CA_DIR/kube-scheduler* dest=$K8S_KUBECONFIG_PATH/ mode=push delete=yes rsync_opts=-avz" -b
分发kubeconfig认证文件
kube-scheduler使用 kubeconfig文件连接访问 apiserver服务,该文件提供了 apiserver 地址、嵌入的 CA 证书和 kube-scheduler证书:
sudo ansible master_k8s_vgs -m synchronize -a "src=$K8S_KUBECONFIG_PATH/ dest=$K8S_KUBECONFIG_PATH/ mode=push delete=yes rsync_opts=-avz" -b
备注: 如果在前面小节已经同步过各组件kubeconfig和证书文件,此处可以不必执行此操作;
2.1.4 创建kube-scheduler配置文件
cat >$K8S_CONF_PATH/kube-scheduler.yaml<<EOF
apiVersion: kubescheduler.config.k8s.io/v1alpha1
kind: KubeSchedulerConfiguration
bindTimeoutSeconds: 600
clientConnection:
burst: 200
kubeconfig: "$KUBE_CONFIG_PATH/$KUBE_NAME.kubeconfig"
qps: 100
enableContentionProfiling: false
enableProfiling: true
hardPodAffinitySymmetricWeight: 1
healthzBindAddress: 127.0.0.1:10251
leaderElection:
leaderElect: true
metricsBindAddress: 127.0.0.1:10251
EOF
- --kubeconfig:指定 kubeconfig 文件路径,kube-scheduler 使用它连接和验证 kube-apiserver;
- --leader-elect=true:集群运行模式,启用选举功能;被选为 leader 的节点负责处理工作,其它节点为阻塞状态;
- kubernetes新版本都会以配置文件的形式设置对应的参数;
2.1.4 创建kube-scheduler 启动服务
cat >/usr/lib/systemd/system/$KUBE_NAME.service<<EOF
[Unit]
Description=Kubernetes kube-scheduler Service
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
After=etcd.service
[Service]
User=$USER
WorkingDirectory=$K8S_INSTALL_PATH
ExecStart=$K8S_BIN_PATH/$KUBE_NAME \ --config=/etc/k8s/kubernetes/kube-scheduler.yaml \ --bind-address=$LISTEN_IP \ --secure-port=10259 \ --tls-cert-file=$CA_DIR/kube-scheduler.pem \ --tls-private-key-file=$CA_DIR/kube-scheduler-key.pem \ --kubeconfig=$KUBE_CONFIG_PATH/$KUBE_NAME.kubeconfig \ --authentication-kubeconfig=$KUBE_CONFIG_PATH/$KUBE_NAME.kubeconfig \ --authorization-kubeconfig=$KUBE_CONFIG_PATH/$KUBE_NAME.kubeconfig \ --client-ca-file=$CA_DIR/ca.pem \ --requestheader-allowed-names="" \ --requestheader-client-ca-file=$CA_DIR/ca.pem \ --requestheader-extra-headers-prefix="X-Remote-Extra-" \ --requestheader-group-headers=X-Remote-Group \ --requestheader-username-headers=X-Remote-User \ --leader-elect=true \ --alsologtostderr=true \ --logtostderr=false \ --log-dir=$K8S_LOG_DIR/$KUBE_NAME \ --v=2
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
检查服务运行状态
systemctl status kube-scheduler|grep Active
确保状态为 active (running),否则查看日志,确认原因:
sudo journalctl -u kube-scheduler
查看输出的 metrics
注意:以下命令在 kube-scheduler 节点上执行。kube-scheduler 监听 10251 和 10251 端口:
- 10251:接收 http 请求,非安全端口,不需要认证授权;
- 10259:接收 https 请求,安全端口,需要认证授权;
两个接口都对外提供 /metrics 和 /healthz 的访问。sudo netstat -lnpt |grep kube-sch tcp 0 0 127.0.0.1:10251 0.0.0.0:* LISTEN 28786/kube-schedule tcp 0 0 10.10.10.22:10259 0.0.0.0:* LISTEN 28786/kube-schedule
查看当前的 leader
kubectl get endpoints kube-scheduler --namespace=kube-system -o yaml
测试 kube-scheduler 集群的高可用
随机找一个或两个 master 节点,停掉 kube-scheduler 服务,看其它节点是否获取了 leader 权限.
以上是关于k8s二进制安装kube-scheduler的主要内容,如果未能解决你的问题,请参考以下文章
在linux中离线安装k8s的master, 包括kube-apiserver, kube-controller-manager, kube-scheduler
在linux中离线安装k8s的master, 包括kube-apiserver, kube-controller-manager, kube-scheduler