同样的分非认证授权和认证授权:
非认证授权:
cat > /lib/systemd/system/kube-scheduler.service <<EOF[Unit]Description=Kubernetes SchedulerDocumentation=https://github.com/GoogleCloudPlatform/kubernetes[Service]ExecStart=/usr/local/bin/kube-scheduler ??--address=127.0.0.1 ??--master=http://127.0.0.1:8080 \ ?--leader-elect=true ??--v=2Restart=on-failureRestartSec=5[Install]WantedBy=multi-user.targetEOF
认证授权:
----------------------------------------------
创建 kube-scheduler 证书和私钥
创建证书签名请求:
cat > kube-scheduler-csr.json <<EOF{ ???"CN": "system:kube-scheduler", ???"hosts": [ ?????"127.0.0.1", ?????"192.168.111.10", ?????"192.168.111.11", ?????"192.168.111.12" ???], ???"key": { ???????"algo": "rsa", ???????"size": 2048 ???}, ???"names": [ ?????{ ???????"C": "CN", ???????"ST": "ChongQing", ???????"L": "ChongQing", ???????"O": "system:kube-scheduler", ???????"OU": "yunwei" ?????} ???]}EOFcfssl gencert -ca=/etc/kubernetes/ca/ca.pem ??-ca-key=/etc/kubernetes/ca/ca-key.pem ??-config=/etc/kubernetes/ca/ca-config.json ??-profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler创建和分发 kubeconfig 文件
kubeconfig 文件包含访问 apiserver 的所有信息,如 apiserver 地址、CA 证书和自身使用的证书;
kubectl config set-cluster kubernetes ??--certificate-authority=/etc/kubernetes/ca/ca.pem ??--embed-certs=true ??--server=https://192.168.111.9:6443 \ ?--kubeconfig=kube-scheduler.kubeconfigkubectl config set-credentials system:kube-scheduler ??--client-certificate=/etc/kubernetes/ca/kube-scheduler.pem ??--client-key=/etc/kubernetes/ca/kube-scheduler-key.pem ??--embed-certs=true ??--kubeconfig=kube-scheduler.kubeconfigkubectl config set-context system:kube-scheduler ??--cluster=kubernetes ??--user=system:kube-scheduler ??--kubeconfig=kube-scheduler.kubeconfigkubectl config use-context system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig
# scp /etc/kubernetes/kube-scheduler.kubeconfig 192.168.111.11:/etc/kubernetes/
# scp /etc/kubernetes/kube-scheduler.kubeconfig 192.168.111.12:/etc/kubernetes/
创建服务文件:
cat > /lib/systemd/system/kube-scheduler.service <<EOF[Unit]Description=Kubernetes SchedulerDocumentation=https://github.com/GoogleCloudPlatform/kubernetes[Service]ExecStart=/usr/local/bin/kube-scheduler \ ?--address=127.0.0.1 \ ?--kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \ ?--leader-elect=true \ ?--alsologtostderr=true \ ?--logtostderr=false \ ?--log-dir=/var/log/kubernetes \ ?--v=2Restart=on-failureRestartSec=5[Install]WantedBy=multi-user.targetEOF
启动:
# systemctl daemon-reload&&for SERVICES in kube-scheduler;do systemctl enable $SERVICES; systemctl start $SERVICES; systemctl status $SERVICES; done
# kubectl get endpoints kube-scheduler --namespace=kube-system -o yaml
kubernetes部署kube-scheduler服务
原文地址:https://www.cnblogs.com/xuyingzhong/p/9761808.html