kubernetes-v1.20.8二进制安装(六)-kube-scheduler
kube-scheduler 是 kubernetes 的核心组件之一,主要负责整个集群资源的调度功能,根据特定的调度算法和策略,将 Pod 调度到最优的工作节点上面去,从而更加合理、更加充分的利用集群的资源
1. 部署
1.1. 创建证书配置文件
cfssl支持SAN(Subject Alternative Name),它是X.509中定义的一个扩展,使用了SAN字段的SSL证书,可以扩展此证书支持的域名,即一个证书可以支持多个不同域名的解析,即下面的 *.k8s-host.com,有利于节点的扩展,不用和以前的部署中提前将需要的IP写入到证书hosts中。
cat > /opt/software/kubernetes/certs/kube-scheduler-csr.json<<EOF
{
"CN": "system:kube-scheduler",
"hosts": [
"127.0.0.1",
"*.k8s-host.com"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "GuangZhou",
"L": "TianHe",
"O": "system:kube-scheduler",
"OU": "system"
}
]
}
EOF
1.2. 签发证书
cd /opt/software/kubernetes/certs/
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssl-json -bare kube-scheduler
cp kube-scheduler.pem kube-scheduler-key.pem /opt/software/kubernetes/master/certs/
1.3. 生成kubeconfig文件
设置集群参数
cd /opt/software/kubernetes/certs/
kubectl config set-cluster kubernetes --certificate-authority=ca.pem --embed-certs=true --server=https://islb.k8s-host.com:6443 --kubeconfig=/opt/software/kubernetes/master/kubeconfig/kube-scheduler.kubeconfig
- master与node节点的
islb.k8s-host.com不同, 是因为master的controller-manager和scheduler服务都与apiserver为同一台服务器,所以直接指向127.0.0.1即可
设置客户端认证参数
kubectl config set-credentials system:kube-scheduler --client-certificate=kube-scheduler.pem --client-key=kube-scheduler-key.pem --embed-certs=true --kubeconfig=/opt/software/kubernetes/master/kubeconfig/kube-scheduler.kubeconfig
设置上下文参数
kubectl config set-context system:kube-scheduler --cluster=kubernetes --user=system:kube-scheduler --kubeconfig=/opt/software/kubernetes/master/kubeconfig/kube-scheduler.kubeconfig
设置默认上下文
kubectl config use-context system:kube-scheduler --kubeconfig=/opt/software/kubernetes/master/kubeconfig/kube-scheduler.kubeconfig
1.4. 生成配置文件
注意各个节点bind-address的修改
cat > /opt/software/kubernetes/master/config/kube-scheduler.conf<<EOF
KUBE_SCHEDULER_OPTS="--address=127.0.0.1 \\
--bind-address=10.0.0.10 \\
--secure-port=10259 \\
--port=10251 \\
--kubeconfig=/opt/software/kubernetes/kubeconfig/kube-scheduler.kubeconfig \\
--tls-cert-file=/opt/software/kubernetes/certs/kube-scheduler.pem \\
--tls-private-key-file=/opt/software/kubernetes/certs/kube-scheduler-key.pem \\
--leader-elect=true \\
--alsologtostderr=true \\
--logtostderr=false \\
--log-dir=/opt/software/kubernetes/logs \\
--v=2"
EOF
--leader-elect-resource-lock="leases"用于在leader选举期间锁定资源的类型, 1.20版本默认值为"leases", 1.19版本为"endpointsleases", 查看基础组件信息可使用命令kubectl get leases查看
1.5. 生成service启动文件
cat > /opt/software/kubernetes/master/service/kube-scheduler.service<<EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes
[Service]
Type=simple
EnvironmentFile=-/opt/software/kubernetes/config/kube-scheduler.conf
ExecStart=/opt/software/kubernetes/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
1.6. 分发
hosts=(master01 master02 master03)
domain='k8s-host.com'
config_files=('config/kube-scheduler.conf')
cd /opt/software/kubernetes
for host in ${hosts[*]}
do
scp -r master/{bin,certs,kubeconfig,service} ${host}.${domain}:/opt/software/kubernetes/
done
# 不可重复执行,否则覆盖修改的配置
for host in ${hosts[*]}
do
for file in ${config_files[*]}
do
scp -r master/${file} ${host}.${domain}:/opt/software/kubernetes/${file}
done
done
1.8. 服务启动
请修改各个节点配置文件的差异地方, 设置service文件软链接且启动
hosts=(master01 master02 master03)
domain='k8s-host.com'
for host in ${hosts[*]}
do
ssh root@${host}.${domain} "ln -s /opt/software/kubernetes/service/kube-scheduler.service /usr/lib/systemd/system/kube-scheduler.service"
# 开机启动并启动服务
ssh root@${host}.${domain} "systemctl daemon-reload && systemctl enable kube-scheduler.service --now "
done
1.9. 验证服务
前提客户端已配置kubectl命令
1.20版本之前可使用命令kubectl get endpoints查看集群信息
# 当前schedulerr的leader为 master01
$ kubectl get leases -n kube-system
NAME HOLDER AGE
kube-scheduler master01.k8s-host.com_xxxxx 3d17h
2. 问题
(有待补充)
