技术积累LZ 2020-05-07
# 设置连接KUBE_APISERVER ip export KUBE_APISERVER=https://127.0.0.1:5443 # 环境变量沿用kube-apiserver # 创建 Kubernetes Scheduler 配置文件 cat << EOF | tee ${HOST_PATH}/cfssl/k8s/k8s-scheduler.json { "CN": "system:kube-scheduler", "hosts": [""], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "$CERT_ST", "L": "$CERT_L", "O": "system:kube-scheduler", "OU": "Kubernetes-manual" } ] } EOF # 生成 Kubernetes Scheduler 证书和私钥 cfssl gencert -ca=${HOST_PATH}/cfssl/pki/k8s/k8s-ca.pem -ca-key=${HOST_PATH}/cfssl/pki/k8s/k8s-ca-key.pem -config=${HOST_PATH}/cfssl/ca-config.json -profile=${CERT_PROFILE} ${HOST_PATH}/cfssl/k8s/k8s-scheduler.json | cfssljson -bare ${HOST_PATH}/cfssl/pki/k8s/k8s-scheduler # 配置kube-scheduler.kubeconfig # 创建kube-scheduler kubeconfig 配置文件 # 设置集群参数 kubectl config set-cluster ${CLUSTER_NAME} --certificate-authority=${HOST_PATH}/cfssl/pki/k8s/k8s-ca.pem --embed-certs=true --server=${KUBE_APISERVER} --kubeconfig=${HOST_PATH}/kubeconfig/kube-scheduler.kubeconfig # 设置客户端认证参数 kubectl config set-credentials system:kube-scheduler --client-certificate=${HOST_PATH}/cfssl/pki/k8s/k8s-scheduler.pem --embed-certs=true --client-key=${HOST_PATH}/cfssl/pki/k8s/k8s-scheduler-key.pem --kubeconfig=${HOST_PATH}/kubeconfig/kube-scheduler.kubeconfig # 设置上下文参数 kubectl config set-context ${CLUSTER_NAME} --cluster=${CLUSTER_NAME} --user=system:kube-scheduler --kubeconfig=${HOST_PATH}/kubeconfig/kube-scheduler.kubeconfig # 设置默认上下文 kubectl config use-context ${CLUSTER_NAME} --kubeconfig=${HOST_PATH}/kubeconfig/kube-scheduler.kubeconfig # 分发kubeconfig 及 证书文件到远程服务器 scp ./kubeconfig/kube-scheduler.kubeconfig 192.168.2.175:/apps/k8s/config scp ./kubeconfig/kube-scheduler.kubeconfig 192.168.2.176:/apps/k8s/config scp ./kubeconfig/kube-scheduler.kubeconfig 192.168.2.177:/apps/k8s/config
# 进入二进制所在文件夹 cd ${HOST_PATH}/kubernetes/server/bin scp -r kube-scheduler 192.168.2.175:/apps/k8s/bin scp -r kube-scheduler 192.168.2.176:/apps/k8s/bin scp -r kube-scheduler 192.168.2.177:/apps/k8s/bin
cd ${HOST_PATH} # 创建 kube-scheduler cat << EOF | tee kube-scheduler KUBE_SCHEDULER_OPTS=" \ --logtostderr=false \ --address=0.0.0.0 \ --leader-elect=true \ --feature-gates=ServiceTopology=true,EndpointSlice=true \ --kubeconfig=/apps/k8s/config/kube-scheduler.kubeconfig \ --authentication-kubeconfig=/apps/k8s/config/kube-scheduler.kubeconfig \ --authorization-kubeconfig=/apps/k8s/config/kube-scheduler.kubeconfig \ --alsologtostderr=true \ --kube-api-qps=100 \ --kube-api-burst=100 \ --log-dir=/apps/k8s/log \ --v=2" EOF # 分发配置文件所有节点配置文件一致 scp -r kube-scheduler 192.168.2.175:/apps/k8s/conf scp -r kube-scheduler 192.168.2.176:/apps/k8s/conf scp -r kube-scheduler 192.168.2.177:/apps/k8s/conf
cat << EOF | tee kube-scheduler.service [Unit] Description=Kubernetes Scheduler Documentation=https://github.com/kubernetes/kubernetes [Service] LimitNOFILE=65535 LimitNPROC=65535 LimitCORE=infinity LimitMEMLOCK=infinity EnvironmentFile=-/apps/k8s/conf/kube-scheduler ExecStart=/apps/k8s/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS Restart=on-failure RestartSec=5 User=k8s [Install] WantedBy=multi-user.target EOF # 上传启动文件到服务器 scp kube-scheduler.service 192.168.2.175:/usr/lib/systemd/system scp kube-scheduler.service 192.168.2.176:/usr/lib/systemd/system scp kube-scheduler.service 192.168.2.176:/usr/lib/systemd/system
# 给/apps/k8s k8s 用户权限 ssh 192.168.2.175 chown -R k8s:root /apps/k8s ssh 192.168.2.176 chown -R k8s:root /apps/k8s ssh 192.168.2.177 chown -R k8s:root /apps/k8s
# 刷新service ssh 192.168.2.175 systemctl daemon-reload ssh 192.168.2.176 systemctl daemon-reload ssh 192.168.2.177 systemctl daemon-reload # 设置开机启动 ssh 192.168.2.175 systemctl enable kube-scheduler.service ssh 192.168.2.176 systemctl enable kube-scheduler.service ssh 192.168.2.177 systemctl enable kube-scheduler.service # 启动 kube-apiserver ssh 192.168.2.175 systemctl start kube-scheduler.service ssh 192.168.2.176 systemctl start kube-scheduler.service ssh 192.168.2.177 systemctl start kube-scheduler.service # 查看启动状态 ssh 192.168.2.175 systemctl status kube-scheduler.service ssh 192.168.2.176 systemctl status kube-scheduler.service ssh 192.168.2.177 systemctl status kube-scheduler.service
:/tmp/sss# kubectl get cs NAME STATUS MESSAGE ERROR controller-manager Healthy ok scheduler Healthy ok etcd-0 Healthy {"health":"true"} etcd-1 Healthy {"health":"true"} etcd-2 Healthy {"health":"true"} # 查看 kube-scheduler master 节点 :/tmp/sss# kubectl -n kube-system get endpoints kube-scheduler -o yaml apiVersion: v1 kind: Endpoints metadata: annotations: control-plane.alpha.kubernetes.io/leader: ‘{"holderIdentity":"k8s-master-1_974eb2be-9496-463e-8ea3-67c128819d30","leaseDurationSeconds":15,"acquireTime":"2020-05-06T10:26:08Z","renewTime":"2020-05-06T10:27:15Z","leaderTransitions":0}‘ creationTimestamp: "2020-05-06T10:26:08Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:control-plane.alpha.kubernetes.io/leader: {} manager: kube-scheduler operation: Update time: "2020-05-06T10:27:15Z" name: kube-scheduler namespace: kube-system resourceVersion: "2974" selfLink: /api/v1/namespaces/kube-system/endpoints/kube-scheduler uid: 80a88d06-d0a7-49ad-8452-df08e1bb6048 # kube-scheduler master k8s-master-1 节点
###host字段指定授权使用该证书的etcd节点IP或子网列表,需要将etcd集群的3个节点都添加其中。cp etcd-v3.3.13-linux-amd64/etcd* /opt/k8s/bin/