kube-scheduler作为kubemaster核心组件运行在master节点上面,主要是watch kube-apiserver中未被调度的Pod,如果有,通过调度算法找到最适合的节点Node,然后通过kube-apiserver以对象(pod名称、Node节点名称等)的形式写入到etcd中来完成调度,kube-scheduler的高可用与kube-controller-manager一样,需要使用选举的方式产生。
下载https://dl.k8s.io/v1.17.0/kubernetes-server-linux-amd64.tar.gz二进制文件并分发到所有master节点服务器。
创建kubeconfig文件并分发
#!/bin/bash
cd /data/k8s/work
source /data/k8s/bin/env.sh
kubectl config set-cluster kubernetes \
--certificate-authority=/data/k8s/work/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=kube-scheduler.kubeconfig
kubectl config set-credentials system:kube-scheduler \
--client-certificate=kube-scheduler.pem \
--client-key=kube-scheduler-key.pem \
--embed-certs=true \
--kubeconfig=kube-scheduler.kubeconfig
kubectl config set-context system:kube-scheduler \
--cluster=kubernetes \
--user=system:kube-scheduler \
--kubeconfig=kube-scheduler.kubeconfig
kubectl config use-context system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig
for node_ip in ${MASTER_IPS[@]}
do
echo ">>> ${node_ip}"
scp kube-scheduler.kubeconfig root@${node_ip}:/etc/kubernetes/
done
创建kube-scheduler配置文件模板
#!/bin/bash
cd /data/k8s/work
source /data/k8s/bin/env.sh
cat >kube-scheduler.yaml.template <<EOF
apiVersion: kubescheduler.config.k8s.io/v1alpha1
kind: KubeSchedulerConfiguration
bindTimeoutSeconds: 600
clientConnection:
burst: 200
kubeconfig: "/etc/kubernetes/kube-scheduler.kubeconfig"
qps: 100
enableContentionProfiling: false
enableProfiling: true
hardPodAffinitySymmetricWeight: 1
healthzBindAddress: 127.0.0.1:10251
leaderElection:
leaderElect: true
metricsBindAddress: ##NODE_IP##:10251
EOF
替换并分发配置文件
#!/bin/bash
cd /data/k8s/work
source /data/k8s/bin/env.sh
# 替换
for (( i=0; i < 3; i++ ))
do
sed -e "s/##NODE_NAME##/${NODE_NAMES[i]}/" -e "s/##NODE_IP##/${NODE_IPS[i]}/" kube-scheduler.yaml.template > kube-scheduler-${NODE_IPS[i]}.yaml
done
# 分发
for node_ip in ${MASTER_IPS[@]}
do
echo ">>> ${node_ip}"
scp kube-scheduler-${node_ip}.yaml root@${node_ip}:/etc/kubernetes/kube-scheduler.yaml
done
创建kube-scheduler启动文件模板
#!/bin/bash
cd /data/k8s/work
source /data/k8s/bin/env.sh
cat > kube-scheduler.service.template <<EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
WorkingDirectory=${K8S_DIR}/kube-scheduler
ExecStart=/data/k8s/bin/kube-scheduler \\
--config=/etc/kubernetes/kube-scheduler.yaml \\
--bind-address=##NODE_IP## \\
--secure-port=10259 \\
--port=10251 \\
--tls-cert-file=/etc/kubernetes/cert/kube-scheduler.pem \\
--tls-private-key-file=/etc/kubernetes/cert/kube-scheduler-key.pem \\
--authentication-kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \\
--client-ca-file=/etc/kubernetes/cert/ca.pem \\
--requestheader-allowed-names="aggregator" \\
--requestheader-client-ca-file=/etc/kubernetes/cert/ca.pem \\
--requestheader-extra-headers-prefix="X-Remote-Extra-" \\
--requestheader-group-headers=X-Remote-Group \\
--requestheader-username-headers=X-Remote-User \\
--authorization-kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \\
--logtostderr=true \\
--v=2
Restart=always
RestartSec=5
StartLimitInterval=0
[Install]
WantedBy=multi-user.target
EOF
启动参数详解
启动模块替换并分发
#!/bin/bash
cd /data/k8s/work
source /data/k8s/bin/env.sh
# 替换模板文件
for (( i=0; i < 3; i++ ))
do
sed -e "s/##NODE_NAME##/${NODE_NAMES[i]}/" -e "s/##NODE_IP##/${NODE_IPS[i]}/" kube-scheduler.service.template > kube-scheduler-${NODE_IPS[i]}.service
done
# 分发
for node_ip in ${MASTER_IPS[@]}
do
echo ">>> ${node_ip}"
scp kube-scheduler-${node_ip}.service root@${node_ip}:/etc/systemd/system/kube-scheduler.service
done
启动kube-scheduler
#!/bin/bash
cd /data/k8s/work
source /data/k8s/bin/env.sh
for node_ip in ${MASTER_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "mkdir -p ${K8S_DIR}/kube-scheduler"
ssh root@${node_ip} "systemctl daemon-reload && systemctl enable kube-scheduler && systemctl restart kube-scheduler"
done
进程验证
#!/bin/bash
cd /data/k8s/work
source /data/k8s/bin/env.sh
for node_ip in ${MASTER_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "netstat -antp |grep kube-schedule|grep LISTEN|grep -v grep"
done
验证结果
>>> 192.168.16.104
tcp 0 0 192.168.16.104:10251 0.0.0.0:* LISTEN 24327/kube-schedule
tcp 0 0 127.0.0.1:10251 0.0.0.0:* LISTEN 24327/kube-schedule
tcp 0 0 192.168.16.104:10259 0.0.0.0:* LISTEN 24327/kube-schedule
>>> 192.168.16.105
tcp 0 0 192.168.16.105:10251 0.0.0.0:* LISTEN 24448/kube-schedule
tcp 0 0 127.0.0.1:10251 0.0.0.0:* LISTEN 24448/kube-schedule
tcp 0 0 192.168.16.105:10259 0.0.0.0:* LISTEN 24448/kube-schedule
>>> 192.168.16.106
tcp 0 0 192.168.16.106:10251 0.0.0.0:* LISTEN 15659/kube-schedule
tcp 0 0 127.0.0.1:10251 0.0.0.0:* LISTEN 15659/kube-schedule
tcp 0 0 192.168.16.106:10259 0.0.0.0:* LISTEN 15659/kube-schedule
查看kube-scheduler leader
[root@master01 ~]# kubectl get endpoints kube-scheduler --namespace=kube-system -o yaml
apiVersion: v1
kind: Endpoints
metadata:
annotations:
control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"master03.k8s.vip_1cd7c2d0-67c5-4dec-917f-8b3d504072a5","leaseDurationSeconds":15,"acquireTime":"2020-01-28T09:06:30Z","renewTime":"2020-01-28T09:15:54Z","leaderTransitions":3}'
creationTimestamp: "2019-12-28T13:59:00Z"
name: kube-scheduler
namespace: kube-system
resourceVersion: "7272253"
selfLink: /api/v1/namespaces/kube-system/endpoints/kube-scheduler
uid: f5d06d23-dcb8-459d-881d-6bd1003dcf71
[root@master01 ~]#
总结
1.kube-scheduler提供非安全端口10251, 安全端口10259;
2.kube-scheduler 部署3节点高可用,通过选举产生leader;
3.它监视kube-apiserver提供的watch接口,它根据预选和优选策略两个环节找一个最佳适配,然后调度到此节点;