碼上快樂

相關內容    簡體    繁體

高可用Kubernetes集群-8. 部署kube-scheduler

本文轉載自   查看原文   2018-04-09 19:32   2578    kubernetes/ Docker/Kubernetes/Mesos

 十.部署kube-scheduler

kube-scheduler是Kube-Master相關的3個服務之一,是有狀態的服務,會修改集群的狀態信息。

如果多個master節點上的相關服務同時生效,則會有同步與一致性問題,所以多master節點中的kube-scheduler服務只能是主備的關系,kukubernetes采用租賃鎖(lease-lock)實現leader的選舉,具體到kube-scheduler,設置啟動參數"--leader-elect=true"。

1. 創建kube-scheduler證書

1)創建kube-scheduler證書簽名請求

# kube-scheduler與kubei-apiserver通信采用雙向TLS認證;
# kube-apiserver提取CN作為客戶端的用戶名,即system:kube-scheduler。 kube-apiserver預定義的 RBAC使用的ClusterRoleBindings system:kube-scheduler將用戶system:kube-scheduler與ClusterRole system:kube-scheduler綁定
[root@kubenode1 ~]# mkdir -p /etc/kubernetes/scheduler
[root@kubenode1 ~]# cd /etc/kubernetes/scheduler
[root@kubenode1 scheduler]# touch scheduler-csr.json
[root@kubenode1 scheduler]# vim scheduler-csr.json
{
    "CN": "system:kube-scheduler",
    "hosts": [
      "172.30.200.21",
      "172.30.200.22",
      "172.30.200.23"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "ChengDu",
            "L": "ChengDu",
            "O": "system:kube-scheduler",
            "OU": "cloudteam"
        }
    ]
}

2)生成kube-scheduler證書與私鑰

[root@kubenode1 scheduler]# cfssl gencert -ca=/etc/kubernetes/ssl/ca.pem \
-ca-key=/etc/kubernetes/ssl/ca-key.pem \
-config=/etc/kubernetes/ssl/ca-config.json \
-profile=kubernetes scheduler-csr.json | cfssljson -bare scheduler

# 分發scheduler.pem,scheduler-key.pem
[root@kubenode1 scheduler]# scp scheduler*.pem root@172.30.200.22:/etc/kubernetes/scheduler/
[root@kubenode1 scheduler]# scp scheduler*.pem root@172.30.200.22:/etc/kubernetes/scheduler/

2. 創建kube-scheduler kubeconfig文件

kube-scheduler kubeconfig文件中包含Master地址信息與必要的認證信息。

# 配置集群參數;
# --server:指定api-server,采用ha之后的vip;
# cluster名自定義,設定之后需保持一致;
# --kubeconfig:指定kubeconfig文件路徑與文件名;如果不設置,默認生成在~/.kube/config文件
[root@kubenode1 scheduler]# kubectl config set-cluster kubernetes \
--certificate-authority=/etc/kubernetes/ssl/ca.pem \
--embed-certs=true \
--server=https://172.30.200.10:6443 \
--kubeconfig=scheduler.conf

# 配置客戶端認證參數;
# 認證用戶為前文簽名中的“system:kube-scheduler”;
# 指定對應的公鑰證書/私鑰等
[root@kubenode1 scheduler]# kubectl config set-credentials system:kube-scheduler \
--client-certificate=/etc/kubernetes/scheduler/scheduler.pem \
--embed-certs=true \
--client-key=/etc/kubernetes/scheduler/scheduler-key.pem \
--kubeconfig=scheduler.conf

# 配置上下文參數
[root@kubenode1 scheduler]# kubectl config set-context system:kube-scheduler@kubernetes \
--cluster=kubernetes \
--user=system:kube-scheduler \
--kubeconfig=scheduler.conf

# 配置默認上下文
[root@kubenode1 scheduler]# kubectl config use-context system:kube-scheduler@kubernetes --kubeconfig=scheduler.conf

# 分發scheduler.conf文件到所有master節點;
[root@kubenode1 scheduler]# scp scheduler.conf root@172.30.200.22:/etc/kubernetes/scheduler/
[root@kubenode1 scheduler]# scp scheduler.conf root@172.30.200.22:/etc/kubernetes/scheduler/

3. 配置kube-scheduler的systemd unit文件

相關可執行文件在部署kubectl時已部署完成。 

# kube-scheduler在kube-apiserver啟動之后啟動
[root@kubenode1 ~]# touch /usr/lib/systemd/system/kube-scheduler.service 
[root@kubenode1 ~]# vim /usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
After=kube-apiserver.service

[Service]
EnvironmentFile=/usr/local/kubernetes/kube-scheduler.conf
ExecStart=/usr/local/kubernetes/bin/kube-scheduler $KUBE_SCHEDULER_ARGS
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

# 啟動參數文件
# --kubeconfig:kubeconfig配置文件路徑,配置文件中包含master地址信息與必要的認證信息;
# --leader-elect:設置為true時進行leader選舉,集群高可用部署時scheduler必須選舉leader,默認即true
[root@kubenode1 ~]# touch /usr/local/kubernetes/kube-scheduler.conf
[root@kubenode1 ~]# vim /usr/local/kubernetes/kube-scheduler.conf 
KUBE_SCHEDULER_ARGS="--master=https://172.30.200.10:6443 \
  --kubeconfig=/etc/kubernetes/scheduler/scheduler.conf \
  --leader-elect=true \
  --logtostderr=false \
  --log-dir=/var/log/kubernetes/scheduler \
  --v=2"

# 創建日志目錄
[root@kubenode1 ~]# mkdir -p /var/log/kubernetes/scheduler

4. 啟動並驗證

1)kube-scheduler狀態驗證

[root@kubenode1 ~]# systemctl daemon-reload
[root@kubenode1 ~]# systemctl enable kube-scheduler
[root@kubenode1 ~]# systemctl start kube-scheduler
[root@kubenode1 ~]# systemctl status kube-scheduler

2)kube-scheduler選舉查看

# 因kubenode1是第一個啟動kube-scheduler節點,嘗試獲取leader權限,成功
[root@kubenode1 ~]# cat /var/log/kubernetes/scheduler/kube-scheduler.INFO | grep "leaderelection" 

# 在kubenode2上觀察,kubenode2在嘗試獲取leader權限,但未成功,后續操作掛起
[root@kubenode2 ~]# tailf /var/log/kubernetes/scheduler/kube-scheduler.INFO

3)驗證master節點功能

# 在任意具有客戶端工具kubectl的節點上均可查詢master集群各核心組件的狀態;
# kubectl默認會調用~/.kube/config的kube-apiserver信息與認證信息;
# “kubectl get componentstatuses”可簡寫” kubectl get cs”
[root@kubenode1 ~]# kubectl get componentstatuses


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 K8S從入門到放棄系列-(7)kubernetes集群之kube-scheduler部署 kubernetes之kube-scheduler模塊 kubernetes-v1.20.4 二進制部署-kube-controller-manager、kube-scheduler 高可用Kubernetes集群-10. 部署kube-proxy 高可用Kubernetes集群-11. 部署kube-dns 高可用Kubernetes集群-6. 部署kube-apiserver 高可用Kubernetes集群-7. 部署kube-controller-manager Kubernetes K8S之調度器kube-scheduler詳解 二進制安裝kubernetes(四) kube-scheduler組件安裝 使用kubeadm部署kubernetes1.9.1+coredns+kube-router(ipvs)高可用集群
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM