kubernetes實踐之三:ETCD TLS證書叢集安裝
一:前言
kuberntes 系統使用etcd 儲存所有資料,部署一個三節點的etcd 叢集,需要為 etcd 叢集建立加密通訊的 TLS 證書,複製以前建立的kubernetes 證書。cp ca.pem kubernetes-key.pem kubernetes.pem /etc/kubernetes/ssl。
iZwz95trb3stk6afg8oozuZ :10.116.137.196
iZwz96e1vc35er68nlrcauZ :10.116.82.28
iZwz96e1vc35er68nlrcatZ :10.116.36.57
二:ETCD 安裝
三:建立 etcd 的 systemd unit 檔案
/usr/lib/systemd/system/etcd.service
四:環境變數配置檔案 /etc/etcd/etcd.conf
五:啟動 etcd 服務
systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
systemctl status etcd
六:驗證服務
etcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem --endpoints=https://127.0.0.1:2379 cluster-health
kuberntes 系統使用etcd 儲存所有資料,部署一個三節點的etcd 叢集,需要為 etcd 叢集建立加密通訊的 TLS 證書,複製以前建立的kubernetes 證書。cp ca.pem kubernetes-key.pem kubernetes.pem /etc/kubernetes/ssl。
iZwz95trb3stk6afg8oozuZ :10.116.137.196
iZwz96e1vc35er68nlrcauZ :10.116.82.28
iZwz96e1vc35er68nlrcatZ :10.116.36.57
二:ETCD 安裝
點選(此處)摺疊或開啟
-
wget https://github.com/coreos/etcd/releases/download/v3.3.2/etc
-
d-v3.3.2-linux-amd64.tar.gz
-
tar -xvf etcd-v3.3.2-linux-amd64.tar.gz
- mv etcd-v3.3.2-linux-amd64/etcd* /usr/local/bin
/usr/lib/systemd/system/etcd.service
點選(此處)摺疊或開啟
-
[Unit]
-
Description=Etcd Server
-
After=network.target
-
After=network-online.target
-
Wants=network-online.target
-
-
[Service]
-
Type=notify
-
WorkingDirectory=/var/lib/etcd/
-
EnvironmentFile=/etc/etcd/etcd.conf
-
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/bin/etcd --name=\"${ETCD_NAME}\" --cert-file=\"${ETCD_CERT_FILE}\" --key-file=\"${ETCD_KEY_FILE}\" --trusted-ca-file=\"${ETCD_TRUSTED_CA_FILE}\" --peer-cert-file=\"${ETCD_PEER_CERT_FILE}\" --peer-key-file=\"${ETCD_PEER_KEY_FILE}\" --peer-trusted-ca-file=\"${ETCD_PEER_TRUSTED_CA_FILE}\" --data-dir=\"${ETCD_DATA_DIR}\" --listen-client-urls=\"${ETCD_LISTEN_CLIENT_URLS}\" --listen-peer-urls=\"${ETCD_LISTEN_PEER_URLS}\" --advertise-client-urls=\"${ETCD_ADVERTISE_CLIENT_URLS}\" --initial-advertise-peer-urls=\"${ETCD_INITIAL_ADVERTISE_PEER_URLS}\" --initial-cluster=\"${ETCD_INITIAL_CLUSTER}\" --initial-cluster-state=\"${ETCD_INITIAL_CLUSTER_STATE}\""
-
Restart=on-failure
-
LimitNOFILE=65536
-
-
[Install]
- WantedBy=multi-user.target
點選(此處)摺疊或開啟
-
# [member]
-
ETCD_NAME=iZwz96e1vc35er68nlrcauZ
-
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
-
ETCD_LISTEN_PEER_URLS="https://10.116.82.28:2380"
-
ETCD_LISTEN_CLIENT_URLS="https://10.116.82.28:2379,https://127.0.0.1:2379"
-
-
# [cluster]
-
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://10.116.82.28:2380"
-
ETCD_INITIAL_CLUSTER="iZwz95trb3stk6afg8oozuZ=https://10.116.137.196:2380,iZwz96e1vc35er68nlrcauZ=https://10.116.82.28:2380,iZwz96e1vc35er68nlrcatZ=https://10.116.36.57:2380"
-
ETCD_INITIAL_CLUSTER_STATE="new"
-
ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"
-
ETCD_ADVERTISE_CLIENT_URLS="https://10.116.82.28:2379"
-
-
# [security]
-
ETCD_CERT_FILE="/etc/kubernetes/ssl/kubernetes.pem"
-
ETCD_KEY_FILE="/etc/kubernetes/ssl/kubernetes-key.pem"
-
ETCD_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
-
ETCD_PEER_CERT_FILE="/etc/kubernetes/ssl/kubernetes.pem"
-
ETCD_PEER_KEY_FILE="/etc/kubernetes/ssl/kubernetes-key.pem"
- ETCD_PEER_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
五:啟動 etcd 服務
systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
systemctl status etcd
六:驗證服務
etcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem --endpoints=https://127.0.0.1:2379 cluster-health
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/28624388/viewspace-2151775/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Kubernetes安裝之三:etcd叢集的配置
- Kubernetes 叢集安裝
- kubernetes叢集安裝
- kubernetes實踐之二:建立TLS證書和金鑰TLS
- etcd簡介及叢集安裝部署使用
- kubernetes實踐之一:Etcd3叢集搭建
- Kubernetes叢集部署史上最詳細(一)Kubernetes叢集安裝
- elasticsearch叢集安裝+安全驗證+kibana安裝Elasticsearch
- kubernetes實踐之八:TLS bootstrappingTLSbootAPP
- kubernetes實踐之三十一:kubectl
- TiDB叢集安裝TiDB
- StarRocks 叢集安裝
- 【redis叢集安裝】Redis
- cdh 叢集安裝
- kubernetes實踐之三十四: Master節點安裝與配置AST
- kubernetes叢集證書期限修改(三)
- ElasticSearch 6.6.0叢集安裝Elasticsearch
- Hadoop叢集安裝配置Hadoop
- Elasticsearch 叢集安裝部署Elasticsearch
- kubernetes實踐之三十八:Pod排程
- kubernetes實踐之三十三:基本概念
- kubernetes實踐之三十: SonarQube和SonarQube Runner
- Kubernetes-高可用叢集證書更新
- kubernetes實踐之三十七:Pod健康檢查
- kubernetes實踐之三十二:Jenkins和SonarQube整合Jenkins
- ZooKeeper叢集安裝和部署
- elasticsearch叢集安裝(3臺)Elasticsearch
- Flink(四)叢集安裝(二)
- 手動驗證 TLS 證書TLS
- kubernetes實踐之三十五:Pod配置管理ConfigMap
- Kafka叢集安裝Version2.10Kafka
- redis cluster 4.0.9 叢集安裝搭建Redis
- Zookeeper介紹與叢集安裝
- k8s 叢集安裝K8S
- WAS中介軟體垂直叢集安裝
- WAS中介軟體水平叢集安裝
- 螞蟻大規模 Sigma 叢集 Etcd 拆分實踐
- 超穩攻略!Rancher 2.3手動輪換證書,保護叢集安全!