文件下载
kubernetes.io/releases/do…
下载对应 CPU 架构的 kube-scheduler 二进制文件
复制到 /usr/local/bin 下
赋予执行权限 \
sudo chmod +x kube-scheduler
签发 kube-scheduler 证书
cfssl 证书配置新增 kube-scheduler 配置
cat config.json
{
"signing": {
"default": {
"expiry": "8760h"
},
"profiles": {
"kubernetes": {
"usages": [
"signing",
"digital signature",
"key encipherment",
"cert sign",
"crl sign"
],
"expiry": "43800h",
"ca_constraint": {
"is_ca": true,
"max_path_len": 0
}
},
"etcd": {
"usages": [
"digital signature",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "8760h"
},
"kube-apiserver": {
"usages": [
"digital signature",
"key encipherment",
"server auth"
],
"expiry": "8760h"
},
"kube-controller-manager": {
"usages": [
"digital signature",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "8760h"
},
"kube-scheduler": {
"usages": [
"digital signature",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "8760h"
},
"admin": {
"usages": [
"digital signature",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "8760h"
}
}
}
}
创建证书请求文件 kube-scheduler-csr.json
cat kube-scheduler-csr.json
{
"CN": "system:kube-scheduler",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Guangdong",
"L": "Guangzhou",
"O": "system:kube-scheduler",
"OU": "Technology"
}
]
}
签发证书
cfssl gencert -ca=kubernetes-ca.pem -ca-key=kubernetes-ca-key.pem -config=config.json -profile=kube-scheduler kube-scheduler-csr.json | cfssljson
-bare kube-scheduler
2024/12/09 16:15:24 [INFO] generate received request
2024/12/09 16:15:24 [INFO] received CSR
2024/12/09 16:15:24 [INFO] generating key: rsa-2048
2024/12/09 16:15:24 [INFO] encoded CSR
2024/12/09 16:15:24 [INFO] signed certificate with serial number 616544163894880722958078189531669381115328720340
2024/12/09 16:15:24 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
ls kube-scheduler*
kube-scheduler.csr kube-scheduler-csr.json kube-scheduler-key.pem kube-scheduler.pem
生成 kubeconfig 文件
设置集群参数
kubectl config set-cluster kubernetes \
--certificate-authority=/home/we8/k8s/cfssl/kubernetes-chain.pem \
--embed-certs=true \
--server=https://10.0.30.47:6443 \
--kubeconfig=/home/we8/k8s/kubeconfig/kube-scheduler
设置客户端认证参数
kubectl config set-credentials system:kube-scheduler \
--client-certificate=/home/we8/k8s/cfssl/kube-scheduler.pem \
--client-key=/home/we8/k8s/cfssl/kube-scheduler-key.pem \
--embed-certs=true \
--kubeconfig=/home/we8/k8s/kubeconfig/kube-scheduler
设置上下文参数
kubectl config set-context system:kube-scheduler \
--cluster=kubernetes \
--user=system:kube-scheduler \
--kubeconfig=/home/we8/k8s/kubeconfig/kube-scheduler
设置默认上下文
kubectl config use-context system:kube-scheduler \
--kubeconfig=/home/we8/k8s/kubeconfig/kube-scheduler
创建 kube-scheduler 配置文件 kube-scheduler-config.yaml
cat kube-scheduler-config.yaml
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "/home/we8/k8s/kubeconfig/kube-scheduler"
leaderElection:
leaderElect: true
启动 kube-scheduler
创建 systemd 配置文件
cat kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes
After=network.target
[Service]
ExecStart=/usr/local/bin/kube-scheduler \
--config=/home/we8/k8s/config/kube-scheduler-config.yaml
--leader-elect=true \
--v=2
Restart=always
RestartSec=10s
[Install]
WantedBy=multi-user.target
查看启动结果
sudo systemctl daemon-reload
sudo systemctl enable kube-scheduler.service
sudo systemctl start kube-scheduler.service
sudo systemctl status kube-scheduler.service
