zoukankan      html  css  js  c++  java

  • kubernetes部署kube-scheduler服务

    同样的分非认证授权和认证授权:

    非认证授权:

    cat > /lib/systemd/system/kube-scheduler.service <<EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/usr/local/bin/kube-scheduler 
  --address=127.0.0.1 
  --master=http://127.0.0.1:8080 
  --leader-elect=true 
  --v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF

    认证授权:

    ----------------------------------------------

    创建 kube-scheduler 证书和私钥
    创建证书签名请求:

    cat > kube-scheduler-csr.json <<EOF
{
    "CN": "system:kube-scheduler",
    "hosts": [
      "127.0.0.1",
      "192.168.111.10",
      "192.168.111.11",
      "192.168.111.12"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
      {
        "C": "CN",
        "ST": "ChongQing",
        "L": "ChongQing",
        "O": "system:kube-scheduler",
        "OU": "yunwei"
      }
    ]
}
EOF

cfssl gencert -ca=/etc/kubernetes/ca/ca.pem 
  -ca-key=/etc/kubernetes/ca/ca-key.pem 
  -config=/etc/kubernetes/ca/ca-config.json 
  -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler

    创建和分发 kubeconfig 文件
    kubeconfig 文件包含访问 apiserver 的所有信息,如 apiserver 地址、CA 证书和自身使用的证书;

    kubectl config set-cluster kubernetes 
  --certificate-authority=/etc/kubernetes/ca/ca.pem 
  --embed-certs=true 
  --server=https://192.168.111.9:6443 
  --kubeconfig=kube-scheduler.kubeconfig

kubectl config set-credentials system:kube-scheduler 
  --client-certificate=/etc/kubernetes/ca/kube-scheduler.pem 
  --client-key=/etc/kubernetes/ca/kube-scheduler-key.pem 
  --embed-certs=true 
  --kubeconfig=kube-scheduler.kubeconfig

kubectl config set-context system:kube-scheduler 
  --cluster=kubernetes 
  --user=system:kube-scheduler 
  --kubeconfig=kube-scheduler.kubeconfig

kubectl config use-context system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig

    # scp /etc/kubernetes/kube-scheduler.kubeconfig 192.168.111.11:/etc/kubernetes/

    # scp /etc/kubernetes/kube-scheduler.kubeconfig 192.168.111.12:/etc/kubernetes/

    创建服务文件:

    cat > /lib/systemd/system/kube-scheduler.service <<EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/usr/local/bin/kube-scheduler \
  --address=127.0.0.1 \
  --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \
  --leader-elect=true \
  --alsologtostderr=true \
  --logtostderr=false \
  --log-dir=/var/log/kubernetes \
  --v=2
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

    启动:

    # systemctl daemon-reload&&for SERVICES in kube-scheduler;do systemctl enable $SERVICES; systemctl start  $SERVICES; systemctl status $SERVICES; done

    # kubectl get endpoints kube-scheduler --namespace=kube-system  -o yaml
  • 相关阅读:
    MongoDB 释放磁盘空间 db.runCommand({repairDatabase: 1 })
    RK 调试笔记
    RK Android7.1 拨号
    RK Android7.1 移植gt9271 TP偏移
    RK Android7.1 定制化 itvbox 盒子Launcher
    RK Android7.1 双屏显示旋转方向
    RK Android7.1 设置 内存条作假
    RK Android7.1 设置 蓝牙 已断开连接
    RK Android7.1 进入Camera2 亮度会增加
    RK 3128 调触摸屏 TP GT9XX
  • 原文地址:https://www.cnblogs.com/xuyingzhong/p/9761808.html
Copyright © 2011-2022 走看看