1.8, deploy kube-scheduler
1.8.0, create kube-scheduler request certificate
k8s-01:~ # cd /opt/k8s/ssl/
k8s-01:/opt/k8s/ssl # cat > kube-scheduler-csr.json <<EOF
{
"CN": "system:kube-scheduler",
"hosts": [
"127.0.0.1",
"192.168.72.39",
"192.168.72.40",
"192.168.72.41"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "ShangHai",
"L": "ShangHai",
"O": "system:kube-scheduler",
"OU": "bandian"
}
]
}
EOF
1.8.1, Generate kube-scheduler certificate and private key
k8s-01:/opt/k8s/ssl
-ca-key=/opt/k8s/ssl/ca-key.pem \
-config=/opt/k8s/ssl/ca-config.json \
-profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler
1.8.2, create the kubeconfig file of kube-scheduler
k8s-01:/opt/k8s/ssl
"设置集群参数"
k8s-01:/opt/k8s/ssl
--certificate-authority=/opt/k8s/ssl/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=kube-scheduler.kubeconfig
"设置客户端认证参数"
k8s-01:/opt/k8s/ssl
--client-certificate=kube-scheduler.pem \
--client-key=kube-scheduler-key.pem \
--embed-certs=true \
--kubeconfig=kube-scheduler.kubeconfig
"设置上下文参数"
k8s-01:/opt/k8s/ssl
--cluster=kubernetes \
--user=system:kube-scheduler \
--kubeconfig=kube-scheduler.kubeconfig
"设置默认上下文"
k8s-01:/opt/k8s/ssl
1.8.3、Configure kube-scheduler to start systemctl
k8s-01:~
k8s-01:/opt/k8s/conf
k8s-01:/opt/k8s/conf
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
WorkingDirectory=${K8S_DIR}/kube-scheduler
ExecStart=/opt/k8s/bin/kube-scheduler \\
--bind-address=0.0.0.0 \\
--leader-elect=true \\
--kubeconfig=/etc/kubernetes/cert/kube-scheduler.kubeconfig \\
--tls-cert-file=/etc/kubernetes/cert/kube-scheduler.pem \\
--tls-private-key-file=/etc/kubernetes/cert/kube-scheduler-key.pem \\
--authentication-kubeconfig=/etc/kubernetes/cert/kube-scheduler.kubeconfig \\
--client-ca-file=/etc/kubernetes/cert/ca.pem \\
--requestheader-allowed-names \\
--requestheader-client-ca-file=/etc/kubernetes/cert/ca.pem \\
--requestheader-extra-headers-prefix="X-Remote-Extra-" \\
--requestheader-group-headers=X-Remote-Group \\
--requestheader-username-headers=X-Remote-User \\
--logtostderr=true \\
--v=2
Restart=always
RestartSec=5
StartLimitInterval=0
[Install]
WantedBy=multi-user.target
EOF
1.8.4. Distribute kube-scheduler certificates and files to other nodes
source /opt/k8s/bin/k8s-env.sh
for host in ${MASTER_IPS[@]}
do
printf "\e[1;34m${host}\e[0m\n"
scp /opt/k8s/conf/kube-scheduler.service.template ${host}:/etc/systemd/system/kube-scheduler.service
scp /opt/k8s/ssl/{
kube-scheduler*.pem,kube-scheduler.kubeconfig} ${host}:/etc/kubernetes/cert
done
1.8.5, start kube-scheduler service
source /opt/k8s/bin/k8s-env.sh
for host in ${MASTER_IPS[@]}
do
printf "\e[1;34m${host}\e[0m\n"
ssh root@${host} "mkdir -p ${K8S_DIR}/kube-scheduler"
ssh root@${host} "systemctl daemon-reload && \
systemctl enable kube-scheduler --now && \
systemctl status kube-scheduler | grep Active"
done
1.8.6, view kube-scheduler port
k8s-01:~
LISTEN 0 128 :::10251 :::* users:(("kube-scheduler",pid=67502,fd=8))
LISTEN 0 128 :::10259 :::* users:(("kube-scheduler",pid=67502,fd=9))
1.8.7, view the current leader
k8s-01:~
apiVersion: v1
kind: Endpoints
metadata:
annotations:
control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"k8s-01_556718e1-338e-4e87-b2c8-c1ea2ccfa1c1","leaseDurationSeconds":15,"acquireTime":"2021-02-12T16:54:38Z","renewTime":"2021-02-12T16:54:49Z","leaderTransitions":0}'
creationTimestamp: "2021-02-12T16:54:39Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {
}
f:control-plane.alpha.kubernetes.io/leader: {
}
manager: kube-scheduler
operation: Update
time: "2021-02-12T16:54:39Z"
name: kube-scheduler
namespace: kube-system
resourceVersion: "557"
selfLink: /api/v1/namespaces/kube-system/endpoints/kube-scheduler
uid: 1e33fe40-0d13-4407-a7bb-f7a37f4a72a8
- At this point, the
kubernetes master
node has been deployed, and kubernetes node
the deployment of the node will begin later
- Docker and flannel have been deployed on full nodes before, so node nodes only need to deploy kubelet, kube-proxy, coredns and dashboard