#创建csr请求
[root@master-1 work]# cat kube-scheduler-csr.json
{
"CN": "system:kube-scheduler",
"hosts": [
"127.0.0.1",
"192.168.10.28",
"192.168.10.29",
"192.168.10.30",
"192.168.10.31"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Hubei",
"L": "Wuhan",
"O": "system:kube-scheduler",
"OU": "system"
}
]
}
创建证书
[root@master-1 work]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler
2022/01/15 12:56:06 [INFO] generate received request
2022/01/15 12:56:06 [INFO] received CSR
2022/01/15 12:56:06 [INFO] generating key: rsa-2048
2022/01/15 12:56:06 [INFO] encoded CSR
2022/01/15 12:56:06 [INFO] signed certificate with serial number 590063874685592696745003825094956388230301625419
2022/01/15 12:56:06 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
#创建kube-scheduler的kubeconfig
1.设置集群参数
[root@master-1 work]# kubectl config set-cluster kubernetes --certificate-authority=ca.pem --embed-certs=true --server=https://192.168.10.29:6443 --kubeconfig=kube-scheduler.kubeconfig Cluster "kubernetes" set. 您在 /var/spool/mail/root 中有新邮件 [root@master-1 work]# kubectl config set-credentials system:kube-scheduler --client-certificate=kube-scheduler.pem --client-key=kube-scheduler-key.pem --embed-certs=true --kubeconfig=kube-scheduler.kubeconfig User "system:kube-scheduler" set. [root@master-1 work]# kubectl config set-context system:kube-scheduler --cluster=kubernetes --user=system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig Context "system:kube-scheduler" created. [root@master-1 work]# kubectl config use-context system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig Switched to context "system:kube-scheduler".
创建配置文件
vim kube-scheduler.conf KUBE_SCHEDULER_OPTS="--address=127.0.0.1 \ --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \ --leader-elect=true \ --alsologtostderr=true \ --logtostderr=false \ --log-dir=/var/log/kubernetes \ --v=2"
#创建服务启动文件
[root@master-1 work]# vim kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=-/etc/kubernetes/kube-scheduler.conf
ExecStart=/usr/local/bin/kube-scheduler $KUBE_SCHEDULER_OPTS
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
分发其他节点
[root@master-1 work]# mv kube-scheduler*.pem /etc/kubernetes/ssl/ [root@master-1 work]# mv kube-scheduler.kubeconfig /etc/kubernetes/ [root@master-1 work]# mv kube-scheduler.conf /etc/kubernetes/ 您在 /var/spool/mail/root 中有新邮件 [root@master-1 work]# mv kube-scheduler.service /usr/lib/systemd/system/ [root@master-1 work]# scp /usr/lib/systemd/system/kube-scheduler.service master-2:/usr/lib/systemd/system/ kube-scheduler.service 100% 292 274.9KB/s 00:00 [root@master-1 work]# scp /usr/lib/systemd/system/kube-scheduler.service master-2:/usr/lib/systemd/system/ kube-scheduler.service 100% 292 189.2KB/s 00:00 您在 /var/spool/mail/root 中有新邮件 [root@master-1 work]# scp /usr/lib/systemd/system/kube-scheduler.service master-1:/usr/lib/systemd/system/ kube-scheduler.service 100% 292 851.8KB/s 00:00 [root@master-1 work]# scp /usr/lib/systemd/system/kube-scheduler.service master-3:/usr/lib/systemd/system/ kube-scheduler.service 100% 292 387.1KB/s 00:00 [root@master-1 work]# scp -r /etc/kubernetes master-3:/etc/ ca-key.pem 100% 1675 1.5MB/s 00:00 ca.pem 100% 1346 2.0MB/s 00:00 kube-apiserver-key.pem 100% 1679 3.3MB/s 00:00 kube-apiserver.pem 100% 1635 2.3MB/s 00:00 admin-key.pem 100% 1675 2.9MB/s 00:00 admin.pem 100% 1391 2.1MB/s 00:00 kube-controller-manager-key.pem 100% 1679 3.3MB/s 00:00 kube-controller-manager.pem 100% 1505 2.4MB/s 00:00 kube-scheduler-key.pem 100% 1675 2.1MB/s 00:00 kube-scheduler.pem 100% 1480 967.8KB/s 00:00 token.csv 100% 84 120.5KB/s 00:00 kube-apiserver.conf 100% 1611 3.0MB/s 00:00 kube-controller-manager.conf 100% 1048 1.8MB/s 00:00 kube-controller-manager.kubeconfig 100% 6479 12.5MB/s 00:00 kube-scheduler.kubeconfig 100% 6407 8.1MB/s 00:00 kube-scheduler.conf 100% 208 292.7KB/s 00:00 [root@master-1 work]# scp -r /etc/kubernetes master-2:/etc/
启动
[root@master-1 work]# systemctl daemon-reload
您在 /var/spool/mail/root 中有新邮件
[root@master-1 work]# systemctl enable kube-scheduler
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-scheduler.service to /usr/lib/systemd/system/kube-scheduler.service.
[root@master-1 work]# systemctl start kube-scheduler
[root@master-1 work]# systemctl status kube-scheduler
● kube-scheduler.service - Kubernetes Scheduler
Loaded: loaded (/usr/lib/systemd/system/kube-scheduler.service; enabled; vendor preset: disabled)
Active: active (running) since 六 2022-01-15 13:11:15 CST; 11s ago
Docs: https://github.com/kubernetes/kubernetes
Main PID: 34356 (kube-scheduler)
Tasks: 7
Memory: 15.1M
CGroup: /system.slice/kube-scheduler.service
└─34356 /usr/local/bin/kube-scheduler --address=127.0.0.1 --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --leader-elect=true --alsologtostderr=true --logtostderr=false --log-dir=/var/log/...
1月 15 13:11:16 master-1 kube-scheduler[34356]: reserve: {}
1月 15 13:11:16 master-1 kube-scheduler[34356]: score: {}
1月 15 13:11:16 master-1 kube-scheduler[34356]: schedulerName: default-scheduler
1月 15 13:11:16 master-1 kube-scheduler[34356]: ------------------------------------Configuration File Contents End Here---------------------------------
1月 15 13:11:16 master-1 kube-scheduler[34356]: I0115 13:11:16.936434 34356 server.go:139] "Starting Kubernetes Scheduler" version="v1.23.0-rc.0"
1月 15 13:11:16 master-1 kube-scheduler[34356]: I0115 13:11:16.941128 34356 tlsconfig.go:200] "Loaded serving cert" certName="Generated self signed cert" certDetail="\"localhost@1642223476\" [serving] va...
1月 15 13:11:16 master-1 kube-scheduler[34356]: I0115 13:11:16.941256 34356 named_certificates.go:53] "Loaded SNI cert" index=0 certName="self-signed loopback" certDetail="\"apiserver-loopback-client@164...
1月 15 13:11:16 master-1 kube-scheduler[34356]: I0115 13:11:16.941498 34356 secure_serving.go:200] Serving securely on [::]:10259
1月 15 13:11:16 master-1 kube-scheduler[34356]: I0115 13:11:16.942713 34356 tlsconfig.go:240] "Starting DynamicServingCertificateController"
1月 15 13:11:17 master-1 kube-scheduler[34356]: I0115 13:11:17.044695 34356 leaderelection.go:248] attempting to acquire leader lease kube-system/kube-scheduler...
Hint: Some lines were ellipsized, use -l to show in full.