1.8、部署kube-scheduler
1.8.0、创建kube-scheduler请求证书
k8s-01:~ # cd /opt/k8s/ssl/ k8s-01:/opt/k8s/ssl # cat > kube-scheduler-csr.json <<EOF { "CN": "system:kube-scheduler", "hosts": [ "127.0.0.1", "192.168.72.39", "192.168.72.40", "192.168.72.41" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "ShangHai", "L": "ShangHai", "O": "system:kube-scheduler", "OU": "bandian" } ] } EOF
1.8.1、生成kube-scheduler证书和私钥
k8s-01:/opt/k8s/ssl # cfssl gencert -ca=/opt/k8s/ssl/ca.pem \ -ca-key=/opt/k8s/ssl/ca-key.pem \ -config=/opt/k8s/ssl/ca-config.json \ -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler
1.8.2、创建kube-scheduler的kubeconfig文件
k8s-01:/opt/k8s/ssl # source /opt/k8s/bin/k8s-env.sh
"设置集群参数" k8s-01:/opt/k8s/ssl # kubectl config set-cluster kubernetes \ --certificate-authority=/opt/k8s/ssl/ca.pem \ --embed-certs=true \ --server=${KUBE_APISERVER} \ --kubeconfig=kube-scheduler.kubeconfig
"设置客户端认证参数" k8s-01:/opt/k8s/ssl # kubectl config set-credentials system:kube-scheduler \ --client-certificate=kube-scheduler.pem \ --client-key=kube-scheduler-key.pem \ --embed-certs=true \ --kubeconfig=kube-scheduler.kubeconfig
"设置上下文参数" k8s-01:/opt/k8s/ssl # kubectl config set-context system:kube-scheduler \ --cluster=kubernetes \ --user=system:kube-scheduler \ --kubeconfig=kube-scheduler.kubeconfig
"设置默认上下文" k8s-01:/opt/k8s/ssl # kubectl config use-context system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig
1.8.3、配置kube-scheduler为systemctl启动
k8s-01:~ # cd /opt/k8s/conf/ k8s-01:/opt/k8s/conf # source /opt/k8s/bin/k8s-env.sh k8s-01:/opt/k8s/conf # cat > kube-scheduler.service.template <<EOF [Unit] Description=Kubernetes Scheduler Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] WorkingDirectory=${K8S_DIR}/kube-scheduler ExecStart=/opt/k8s/bin/kube-scheduler \\ --bind-address=0.0.0.0 \\ --leader-elect=true \\ --kubeconfig=/etc/kubernetes/cert/kube-scheduler.kubeconfig \\ --tls-cert-file=/etc/kubernetes/cert/kube-scheduler.pem \\ --tls-private-key-file=/etc/kubernetes/cert/kube-scheduler-key.pem \\ --authentication-kubeconfig=/etc/kubernetes/cert/kube-scheduler.kubeconfig \\ --client-ca-file=/etc/kubernetes/cert/ca.pem \\ --requestheader-allowed-names \\ --requestheader-client-ca-file=/etc/kubernetes/cert/ca.pem \\ --requestheader-extra-headers-prefix="X-Remote-Extra-" \\ --requestheader-group-headers=X-Remote-Group \\ --requestheader-username-headers=X-Remote-User \\ --logtostderr=true \\ --v=2 Restart=always RestartSec=5 StartLimitInterval=0 [Install] WantedBy=multi-user.target EOF
1.8.4、分发kube-scheduler证书和文件到其他节点
#!/usr/bin/env bash source /opt/k8s/bin/k8s-env.sh for host in ${MASTER_IPS[@]} do printf "\e[1;34m${host}\e[0m\n" scp /opt/k8s/conf/kube-scheduler.service.template ${host}:/etc/systemd/system/kube-scheduler.service scp /opt/k8s/ssl/{kube-scheduler*.pem,kube-scheduler.kubeconfig} ${host}:/etc/kubernetes/cert done
1.8.5、启动kube-scheduler服务
#!/usr/bin/env bash source /opt/k8s/bin/k8s-env.sh for host in ${MASTER_IPS[@]} do printf "\e[1;34m${host}\e[0m\n" ssh root@${host} "mkdir -p ${K8S_DIR}/kube-scheduler" ssh root@${host} "systemctl daemon-reload && \ systemctl enable kube-scheduler --now && \ systemctl status kube-scheduler | grep Active" done
1.8.6、查看kube-scheduler端口
k8s-01:~ # ss -nltp | grep kube-scheduler LISTEN 0 128 :::10251 :::* users:(("kube-scheduler",pid=67502,fd=8)) LISTEN 0 128 :::10259 :::* users:(("kube-scheduler",pid=67502,fd=9))
1.8.7、查看当前leader
k8s-01:~ # kubectl get endpoints kube-scheduler --namespace=kube-system -o yaml apiVersion: v1 kind: Endpoints metadata: annotations: control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"k8s-01_556718e1-338e-4e87-b2c8-c1ea2ccfa1c1","leaseDurationSeconds":15,"acquireTime":"2021-02-12T16:54:38Z","renewTime":"2021-02-12T16:54:49Z","leaderTransitions":0}' creationTimestamp: "2021-02-12T16:54:39Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:control-plane.alpha.kubernetes.io/leader: {} manager: kube-scheduler operation: Update time: "2021-02-12T16:54:39Z" name: kube-scheduler namespace: kube-system resourceVersion: "557" selfLink: /api/v1/namespaces/kube-system/endpoints/kube-scheduler uid: 1e33fe40-0d13-4407-a7bb-f7a37f4a72a8
- 到此,
kubernetes master节点已经部署完成,后面开始kubernetes node节点的部署 - docker和flannel之前已经全节点部署了,因此,node节点只需要部署kubelet、kube-proxy、coredns以及dashboard
