Kubernetes部署通用手册 (支持版本1.19,1.18,1.17,1.16) (9)

如果--requestheader-allowed-names不为空,且--proxy-client-cert-file证书的 CN 名称不在 allowed-names 中，则后续查看 node 或 pods 的 metrics 失败，会提示：

$ kubectl top nodes Error from server (Forbidden): nodes.metrics.k8s.io is forbidden: User "aggregator" cannot list

创建 kube-apiserver 的kube-apiserver.service文件

vim /usr/lib/systemd/system/kube-apiserver.service [Unit] Description=Kubernetes API Server Documentation=http://github.com/kubernetes/kubernetes [Service] EnvironmentFile=http://www.likecs.com/data/soft/kubernetes/cfg/kube-apiserver ExecStart=http://www.likecs.com/data/soft/kubernetes/bin/kube-apiserver $KUBE_APISERVER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target

启动服务

systemctl daemon-reload systemctl enable kube-apiserver systemctl restart kube-apiserver

查看apiserver是否运行

ps -ef |grep kube-apiserver root 76300 1 45 08:57 ? 00:00:14 /data/soft/kubernetes/bin/kube-apiserver --logtostderr=true --v=4 --etcd-servers=https://192.168.0.10:2379,https://192.168.0.12:2379,https://192.168.0.4:2379 --bind-address=192.168.0.10 --secure-port=6443 --advertise-address=172.16.9.51 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --enable-bootstrap-token-auth --token-auth-file=http://www.likecs.com/data/soft/kubernetes/cfg/token.csv --service-node-port-range=30000-50000 --tls-cert-file=http://www.likecs.com/data/soft/kubernetes/ssl/api-server.pem --tls-private-key-file=http://www.likecs.com/data/soft/kubernetes/ssl/api-server-key.pem --client-ca-file=http://www.likecs.com/data/soft/kubernetes/ssl/api-ca.pem --service-account-key-file=http://www.likecs.com/data/soft/kubernetes/ssl/api-ca-key.pem --etcd-cafile=http://www.likecs.com/data/soft/etcd/ssl/etcd-ca.pem --etcd-certfile=http://www.likecs.com/data/soft/etcd/ssl/etcd-server.pem --etcd-keyfile=http://www.likecs.com/data/soft/etcd/ssl/etcd-server-key.pem root 76357 4370 0 08:58 pts/1 00:00:00 grep --color=auto kube-apiserver 部署kube-scheduler

创建kube-scheduler配置文件

vim /data/soft/kubernetes/cfg/kube-scheduler KUBE_SCHEDULER_OPTS="--logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect=true"

参数说明：

--address：在 127.0.0.1:10251 端口接收 http /metrics 请求；kube-scheduler 目前还不支持接收 https 请求； --master 连接本地apiserver --kubeconfig：指定 kubeconfig 文件路径，kube-scheduler 使用它连接和验证 kube-apiserver； --leader-elect=true：集群运行模式，启用选举功能；被选为 leader 的节点负责处理工作，其它节点为阻塞状态；当该组件启动多个时，自动选举（HA）

创建kube-scheduler的kube-scheduler.service 文件

vim /usr/lib/systemd/system/kube-scheduler.service [Unit] Description=Kubernetes Scheduler Documentation=http://github.com/kubernetes/kubernetes [Service] EnvironmentFile=-/data/soft/kubernetes/cfg/kube-scheduler ExecStart=http://www.likecs.com/data/soft/kubernetes/bin/kube-scheduler $KUBE_SCHEDULER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target

启动服务

systemctl daemon-reload systemctl enable kube-scheduler.service systemctl restart kube-scheduler.service

查看kube-scheduler是否运行

# ps -ef |grep kube-scheduler root 77854 1 8 09:17 ? 00:00:02 /data/soft/kubernetes/bin/kube-scheduler --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect root 77901 1305 0 09:18 pts/0 00:00:00 grep --color=auto kube-scheduler # systemctl status kube-scheduler.service ● kube-scheduler.service - Kubernetes Scheduler Loaded: loaded (/usr/lib/systemd/system/kube-scheduler.service; disabled; vendor preset: disabled) Active: active (running) since 三 2018-12-05 09:17:43 CST; 29s ago Docs: https:*//github.com/kubernetes/kubernetes* Main PID: 77854 (kube-scheduler) Tasks: 13 Memory: 10.9M CGroup: /system.slice/kube-scheduler.service └─77854 /data/soft/kubernetes/bin/kube-scheduler --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect 12月 05 09:17:45 qas-k8s-master01 kube-scheduler[77854]: I1205 09:17:45.642632 77854 shared_informer.go:123] caches populated 12月 05 09:17:45 qas-k8s-master01 kube-scheduler[77854]: I1205 09:17:45.743297 77854 shared_informer.go:123] caches populated 12月 05 09:17:45 qas-k8s-master01 kube-scheduler[77854]: I1205 09:17:45.844554 77854 shared_informer.go:123] caches populated 12月 05 09:17:45 qas-k8s-master01 kube-scheduler[77854]: I1205 09:17:45.945332 77854 shared_informer.go:123] caches populated 12月 05 09:17:45 qas-k8s-master01 kube-scheduler[77854]: I1205 09:17:45.945434 77854 controller_utils.go:1027] Waiting **for** caches to sync **for** scheduler controller 12月 05 09:17:46 qas-k8s-master01 kube-scheduler[77854]: I1205 09:17:46.046385 77854 shared_informer.go:123] caches populated 12月 05 09:17:46 qas-k8s-master01 kube-scheduler[77854]: I1205 09:17:46.046427 77854 controller_utils.go:1034] Caches are synced **for** scheduler controller 12月 05 09:17:46 qas-k8s-master01 kube-scheduler[77854]: I1205 09:17:46.046574 77854 leaderelection.go:205] attempting to acquire leader lease kube-system/kube-scheduler... 12月 05 09:17:46 qas-k8s-master01 kube-scheduler[77854]: I1205 09:17:46.063185 77854 leaderelection.go:214] successfully acquired lease kube-system/kube-scheduler 12月 05 09:17:46 qas-k8s-master01 kube-scheduler[77854]: I1205 09:17:46.164498 77854 shared_informer.go:123] caches populated 部署kube-controller-manager