Skip to content

Latest commit

 

History

History
121 lines (115 loc) · 3.51 KB

06.部署 kube-scheduler HA 集群.md

File metadata and controls

121 lines (115 loc) · 3.51 KB
Raw

6. 部署高 HA kube-scheduler 集群

创建kube-scheduler证书证书签名请求

cat > kube-scheduler-csr.json <<EOF
{
    "CN": "system:kube-scheduler",
    "hosts": [
      "127.0.0.1",
      "192.168.133.128",
      "192.168.133.129",
      "192.168.133.130"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
      {
        "C": "CN",
        "ST": "BeiJing",
        "L": "BeiJing",
        "O": "system:kube-scheduler",
        "OU": "4Paradigm"
      }
    ]
}
EOF

生成证书和私钥

cfssl gencert -ca=/etc/kubernetes/ssl/ca.pem \
  -ca-key=/etc/kubernetes/ssl/ca-key.pem \
  -config=/etc/kubernetes/ssl/ca-config.json \
  -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler

创建和分发 kubeconfig 文件

export MASTER_VIP=192.168.133.200
export KUBE_APISERVER="https://${MASTER_VIP}:8443"

kubectl config set-cluster kubernetes \
  --certificate-authority=/etc/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=${KUBE_APISERVER} \
  --kubeconfig=kube-scheduler.kubeconfig

kubectl config set-credentials system:kube-scheduler \
  --client-certificate=kube-scheduler.pem \
  --client-key=kube-scheduler-key.pem \
  --embed-certs=true \
  --kubeconfig=kube-scheduler.kubeconfig

kubectl config set-context system:kube-scheduler \
  --cluster=kubernetes \
  --user=system:kube-scheduler \
  --kubeconfig=kube-scheduler.kubeconfig

kubectl config use-context system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig

分发 kubeconfig 到所有 master 节点

export NODE_IPS=(192.168.133.128 192.168.133.129 192.168.133.130)
for node_ip in ${NODE_IPS[@]}
  do
    echo ">>> ${node_ip}"
    scp kube-scheduler.kubeconfig ${node_ip}:/etc/kubernetes/
    scp kube-scheduler*.pem ${node_ip}:/etc/kubernetes/ssl
    ssh ${node_ip} "chmod 755 /etc/kubernetes/ssl/*"
  done

创建和分发 kube-scheduler systemd unit 文件

cat > kube-scheduler.service <<EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/usr/local/bin/kube-scheduler \\
  --address=127.0.0.1 \\
  --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \\
  --leader-elect=true \\
  --alsologtostderr=true \\
  --logtostderr=false \\
  --log-dir=/var/log/kubernetes \\
  --v=2
Restart=on-failure
RestartSec=5
User=root

[Install]
WantedBy=multi-user.target
EOF

分发 systemd unit 文件到所有 master 节点

export NODE_IPS=(192.168.133.128 192.168.133.129 192.168.133.130)
for node_ip in ${NODE_IPS[@]}
  do
    echo ">>> ${node_ip}"
    scp kube-scheduler.service ${node_ip}:/usr/lib/systemd/system/
    ssh ${node_ip} "systemctl daemon-reload && systemctl enable kube-scheduler && systemctl restart kube-scheduler"
  done

查看当前的 leader

$ kubectl get endpoints kube-scheduler --namespace=kube-system  -o yaml
apiVersion: v1
kind: Endpoints
metadata:
  annotations:
    control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"k8s-m01_3d4104a5-a3bf-11e8-a3b8-000c298e8aad","leaseDurationSeconds":15,"acquireTime":"2018-08-19T14:50:40Z","renewTime":"2018-08-19T14:51:27Z","leaderTransitions":0}'
  creationTimestamp: 2018-08-19T14:50:40Z
  name: kube-scheduler
  namespace: kube-system
  resourceVersion: "3743"
  selfLink: /api/v1/namespaces/kube-system/endpoints/kube-scheduler
  uid: 3deb3719-a3bf-11e8-939b-000c298e8aad

提示:

从 "holderIdentity:k8s-m01_3d4104a5-a3bf-11e8-a3b8-000c298e8aad" 这看出来选举出的 kube-scheduler 是 "k8s-m01";