etcd yaml部署

编程语言 2019-01-27 18:35:03 阅读次数: 0
  1. statefulset容器IP地址的变化不可控,所以证书必须实时生成,当前的做法是将一个自认证的证书打包进etcd镜像,起pod时自己生成,而访问etcd所需的证书也需要从容器中获取。
  2. 当前三台机器都只对某一块nas盘有访问权限,所以每个pod的落点都是固定的,如etcd-0对应100.68.34.8,若有偏差只能手动调整。

etcd参数只使用了最基本的参数,docker打包镜像的代码和部署文件已添加在附件

环境在

[root@ecam40931 etcd]# kubectl get pod -o wide|grep etcd
etcd-0                                      1/1       Running   0          16m       172.1.50.2   100.68.34.8
etcd-1                                      1/1       Running   0          16m       172.1.34.2   100.68.34.9
etcd-2                                      1/1       Running   0          16m       172.1.95.2   100.68.34.10

当前已经可使用加密方式正常访问

[root@ecam40931 etcd]# kubectl exec -it etcd-0 -- sh
/ # etcdctl --ca-file /etc/etcd/ssl/ca.pem --key-file /etc/etcd/ssl/etcd-key.pem --cert-file /etc/etcd/ssl/etcd.pem --endpoints=https://172.1.34.2:2379 cluster-health
member 1293bb6c66f7bfa1 is healthy: got healthy result from https://172.1.34.2:2379
member 5fefc8eefc1469cb is healthy: got healthy result from https://172.1.50.2:2379
member e38762190fc12c09 is healthy: got healthy result from https://172.1.95.2:2379
cluster is healthy
apiVersion: v1
kind: PersistentVolume
metadata:
    name: pv0001
spec:
    capacity:
      storage: 100Gi
    accessModes:
      - ReadWriteOnce
    persistentVolumeReclaimPolicy: Recycle
    storageClassName: nas-etcd
    nfs:
      path: /csp_csmp_id100020_vol1004_prd
      server: 100.68.21.4
---
apiVersion: v1
kind: PersistentVolume
metadata:
    name: pv0002
spec:
    capacity:
      storage: 100Gi
    accessModes:
      - ReadWriteOnce
    persistentVolumeReclaimPolicy: Recycle
    storageClassName: nas-etcd
    nfs:
      path: /csp_csmp_id100020_vol1005_prd
      server: 100.68.21.4
---
apiVersion: v1
kind: PersistentVolume
metadata:
    name: pv0003
spec:
    capacity:
      storage: 100Gi
    accessModes:
      - ReadWriteOnce
    persistentVolumeReclaimPolicy: Recycle
    storageClassName: nas-etcd
    nfs:
      path: /csp_csmp_id100020_vol1006_prd
      server: 100.68.21.4         
---
apiVersion: v1
kind: Service
metadata:
  name: etcd
  namespace: kube-system
spec:
  selector:
    app: etcd
  clusterIP: None
  ports:
  ports:
  - port: 2379
    targetPort: 2379
    name: port2379
  - port: 2380
    targetPort: 2380
    name: port2380
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: etcd
  namespace: kube-system
spec:
  serviceName: "etcd"
  replicas: 3
  template:
    metadata:
      labels:
        app: etcd
    spec:
      terminationGracePeriodSeconds: 10
      nodeSelector:
        caas_cluster: storage
#        host_name: ecam41060
      containers:
      - name: etcd
        image: hub.yun.paic.com.cn/etcd:test
        ports:
        - containerPort: 2379
          name: port2379
          containerPort: 2380
          name: port2380
        volumeMounts:
          - name: datadir
            mountPath: /var/lib/etcd
  volumeClaimTemplates:
  - metadata:
      name: datadir
      namespace: etcd
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 10Gi
      storageClassName: nas-etcd

猜你喜欢

转载自yq.aliyun.com/articles/689052
今日推荐
基于大语言模型的开源知识库问答系统 MaxKB GitHub Star 数量突破 5,000 个!
美国拟限制 AI 大模型出口中国和俄罗斯
苹果将与 OpenAI 达成协议,将 ChatGPT 应用于 iPhone
openKylin 社区生态委员会第六次会议圆满召开
阿里云正式发布通义千问 2.5
Python 3.13 发布首个 Beta:实验性自由线程模式和 JIT、改进交互式解释器
Stack Overflow 拿我的代码去训练 AI 大模型,还封了我的账号
Pop!_OS 的 COSMIC 桌面完成 App Store 上架工作
《2024 年一季度互联网投融资运行情况》研究报告
报告:Django 仍然是 74% 开发者的首选
15 年前上了“FFmpeg 耻辱柱”,今天他还得谢谢咱——腾讯QQPlayer一雪前耻?
TIOBE 5 月榜单:Fortran “复活”进入 Top 10
周排行
记一下去大梅沙的准备(2018-05-26)
Spring 注解 事务
基于HTTP协议的客户端缓存
阿里云rds 备份和还原
[PHP] 几个拖慢 PHP 程序/API 运行速度的点
python 代码风格------------PEP8规则
js控制json生成菜单——自制菜单(一)
将字符串: 'k:1|k1:2|k2:3|k3:4 ' ,处理成 python 字典: {'k':1, 'k1':2, ...}
微信小程序转支付宝小程序
Qt551.窗口滚动条
每日归档
更多
2024-05-13(18)
2024-05-12(0)
2024-05-11(38)
2024-05-10(38)
2024-05-09(35)
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022