k8s(ectd集群)

其他 2019-08-22 15:51:25 阅读次数: 0

192.168.182.100 master

192.168.182.101  node1

192.168.182.102  node2

etcd集群+cfssl证书签名配置

1,iptables -F 防火墙 /etc/hosts
2,wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce
systemctl start docker
mkdir -p /opt/kubernetes/{cfg,bin,ssl,log}
3.vim /root/.bash_profile 设置环境变量
PATH=$PATH:$HOME/bin:/opt/kubernetes/bin
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。

手动制作CA证书

pkg.cfssl.org证书下载网址(自己找哦)
1,下载cfssl工具mv cfssl-certinfo_linux-amd64 /opt/kubernetes/bin/cfssl-certinfo && \
mv cfssljson_linux-amd64 /opt/kubernetes/bin/cfssljson && \
mv cfssl_linux-amd64 /opt/kubernetes/bin/cfssl 移动并改名
2,scp共享给node1 node2 多个节点
3,cfssl print-defaults config > config.json 模板证书文件
cfssl print-defaults csr > csr.json 模板证书文件
4.vim ca-config.json 证书改过的模板
{
"signing": {
"default": {
"expiry": "8760h"
},
"profiles": {
"kubernetes": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "8760h"
}
}
}
}
5,vim ca-csr.json 证书改过的模板
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
cfssl gencert -initca ca-csr.json | cfssljson -bare ca 生成证书文件
ca开头的全部要互相传递到node节点
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
部署etcd集群
wget https://github.com/coreos/etcd/releases/download/v3.2.18/etcd-v3.2.18-linux-amd64.tar.gz
把命令移到/opt/kuberneters/bin目录下 并且scp到node节点
vim etcd-csr.json
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
"10.0.3.225", #指定etcd节点的IP地址
"10.0.3.226",
"10.0.3.227"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}

cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
-ca-key=/opt/kubernetes/ssl/ca-key.pem \
-config=/opt/kubernetes/ssl/ca-config.json \
-profile=kubernetes etcd-csr.json | cfssljson -bare etcd 生成etcd*的文件4个并且移动到node节点

到目前ssl目录下一有 2+2+3+4个文件
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。


设置ETCD配置文件

扫描二维码关注公众号,回复: 7076414 查看本文章

vim /opt/kubernetes/cfg/etcd.conf
#[member]
ETCD_NAME="node1"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_SNAPSHOT_COUNTER="10000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
ETCD_LISTEN_PEER_URLS="https://192.168.182.100:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.182.100:2379,https://127.0.0.1:2379"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
#ETCD_CORS=""
#[cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.182.100:2380"
# if you use different ETCD_NAME (e.g. test),
# set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
ETCD_INITIAL_CLUSTER="node1=https://192.168.182.100:2380,node2=https://192.168.182.101:2380,node3=https://192.168.182.102:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.182.100:2379"
#[security]
CLIENT_CERT_AUTH="true"
ETCD_CA_FILE="/opt/kubernetes/ssl/ca.pem"
ETCD_CERT_FILE="/opt/kubernetes/ssl/etcd.pem"
ETCD_KEY_FILE="/opt/kubernetes/ssl/etcd-key.pem"
PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_CA_FILE="/opt/kubernetes/ssl/ca.pem"
ETCD_PEER_CERT_FILE="/opt/kubernetes/ssl/etcd.pem"
ETCD_PEER_KEY_FILE="/opt/kubernetes/ssl/etcd-key.pem"

分别有几个节点就改几处且ip名字唯一node节点需改。

vim /etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target

[Service]
Type=simple
WorkingDirectory=/var/lib/etcd
EnvironmentFile=-/opt/kubernetes/cfg/etcd.conf
# set GOMAXPROCS to number of processors
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /opt/kubernetes/bin/etcd"
Type=notify

[Install]
WantedBy=multi-user.target

启动文件每个节点都要传。写不来网上搜的。
、。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
最后每个节点
mkdir /var/lib/etcd
systemctl daemon-reload
systemctl enable etcd.service
systemctl start etcd
开启2379 2380端口
etcdctl --endpoints=https://192.168.182.100:2379 --ca-file=/opt/kubernetes/ssl/ca.pem --cert-file=/opt/kubernetes/ssl/etcd.pem /
--key-file=/opt/kubernetes/ssl/etcd-key.pem cluster-health
验证配置
member 9705e6fd1707eaf2 is healthy: got healthy result from https://192.168.182.101:2379
member 9876e6ddf0fbe284 is healthy: got healthy result from https://192.168.182.102:2379
member a7ab8ca7c3fe6ac5 is healthy: got healthy result from https://192.168.182.100:2379
cluster is healthy集群成功

猜你喜欢

转载自www.cnblogs.com/jianxgin/p/11394706.html
今日推荐
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
周排行
循环神经网络(rnn)讲解
Tigao教程四:单独的关节运动
金蝶K3WISE15.0-注册套打教程
如何在Mac上配置Kubernetes
Android应用结束自身进程的方法
SpringMVC学习 十三 拦截器栈
中国驻洛杉矶总领馆举行新春招待会
HttpClient get post 发送
11 - three.js 笔记 - 绘制三维字体模型
Mysql递归获取某个父节点下面的所有子节点和子节点上的所有父节点
每日归档
更多
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022