kubernetes部署kube-scheduler服务

同样的分非认证授权和认证授权：

非认证授权：

cat > /lib/systemd/system/kube-scheduler.service <<EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/usr/local/bin/kube-scheduler 
  --address=127.0.0.1 
  --master=http://127.0.0.1:8080 
  --leader-elect=true 
  --v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF

认证授权：

----------------------------------------------

创建 kube-scheduler 证书和私钥
创建证书签名请求：

cat > kube-scheduler-csr.json <<EOF
{
    "CN": "system:kube-scheduler",
    "hosts": [
      "127.0.0.1",
      "192.168.111.10",
      "192.168.111.11",
      "192.168.111.12"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
      {
        "C": "CN",
        "ST": "ChongQing",
        "L": "ChongQing",
        "O": "system:kube-scheduler",
        "OU": "yunwei"
      }
    ]
}
EOF

cfssl gencert -ca=/etc/kubernetes/ca/ca.pem 
  -ca-key=/etc/kubernetes/ca/ca-key.pem 
  -config=/etc/kubernetes/ca/ca-config.json 
  -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler

创建和分发 kubeconfig 文件
kubeconfig 文件包含访问 apiserver 的所有信息，如 apiserver 地址、CA 证书和自身使用的证书；

kubectl config set-cluster kubernetes 
  --certificate-authority=/etc/kubernetes/ca/ca.pem 
  --embed-certs=true 
  --server=https://192.168.111.9:6443 
  --kubeconfig=kube-scheduler.kubeconfig

kubectl config set-credentials system:kube-scheduler 
  --client-certificate=/etc/kubernetes/ca/kube-scheduler.pem 
  --client-key=/etc/kubernetes/ca/kube-scheduler-key.pem 
  --embed-certs=true 
  --kubeconfig=kube-scheduler.kubeconfig

kubectl config set-context system:kube-scheduler 
  --cluster=kubernetes 
  --user=system:kube-scheduler 
  --kubeconfig=kube-scheduler.kubeconfig

kubectl config use-context system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig

# scp /etc/kubernetes/kube-scheduler.kubeconfig 192.168.111.11:/etc/kubernetes/

# scp /etc/kubernetes/kube-scheduler.kubeconfig 192.168.111.12:/etc/kubernetes/

创建服务文件：

cat > /lib/systemd/system/kube-scheduler.service <<EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/usr/local/bin/kube-scheduler \
  --address=127.0.0.1 \
  --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \
  --leader-elect=true \
  --alsologtostderr=true \
  --logtostderr=false \
  --log-dir=/var/log/kubernetes \
  --v=2
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

启动：

# systemctl daemon-reload&&for SERVICES in kube-scheduler;do systemctl enable $SERVICES; systemctl start  $SERVICES; systemctl status $SERVICES; done

# kubectl get endpoints kube-scheduler --namespace=kube-system  -o yaml