当前位置:网站首页>Deploy etcd cluster in static pod mode
Deploy etcd cluster in static pod mode
2022-06-12 20:18:00 【Duanshuaixing】
planning
| ip Address | port |
|---|---|
| 192.168.86.52 | 27017 |
| 192.168.86.53 | 27017 |
| 192.168.86.54 | 27017 |
step
1、 Generate Certificate ( Write more ip spare )
install_cfssl(){
curl -L https://ghproxy.com/https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64 -o /usr/local/bin/cfssl
curl -L https://ghproxy.com/https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64 -o /usr/local/bin/cfssljson
curl -L https://ghproxy.com/https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl-certinfo_1.6.1_linux_amd64 -o /usr/local/bin/cfssl-certinfo
chmod a+x /usr/local/bin/cfssl*
}
create_ca(){
cat<<EOF>ca-config.json
{
"signing": {
"default": {
"expiry": "876000h"
},
"profiles": {
"www": {
"expiry": "876000h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
EOF
cat<<EOF>ca-csr.json
{
"CN": "etcd CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
}
create_etcd_ssl(){
cat<<EOF>server-csr.json
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
"192.168.86.51",
"192.168.86.52",
"192.168.86.53",
"192.168.86.54",
"192.168.86.55"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server
}
main(){
#install_cfssl
create_ca
create_etcd_ssl
}
main
2、 Transfer the certificate to the corresponding node
scp ca.pem server.pem server-key.pem [email protected]:/var/lib/etcd-0/pki/
scp ca.pem server.pem server-key.pem [email protected]:/var/lib/etcd-1/pki/
scp ca.pem server.pem server-key.pem [email protected]:/var/lib/etcd-2/pki/
3、 Deploy yaml
1>/etc/kubernetes/manifests/etcd-0.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
labels:
app: etcd
name: etcd-0
spec:
containers:
- command:
- etcd
- --name=etcd-0
- --initial-cluster=etcd-0=https://192.168.86.52:2380,etcd-1=https://192.168.86.53:2380,etcd-2=https://192.168.86.54:2380
- --initial-cluster-state=new
- --listen-client-urls=https://192.168.86.52:2379,http://127.0.0.1:2379
- --listen-metrics-urls=http://192.168.86.52:12379
- --advertise-client-urls=https://192.168.86.52:2379
- --client-cert-auth
- --listen-peer-urls=https://192.168.86.52:2380
- --initial-advertise-peer-urls=https://192.168.86.52:2380
- --peer-client-cert-auth
- --cert-file=/var/lib/etcd/pki/server.pem
- --key-file=/var/lib/etcd/pki/server-key.pem
- --trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --peer-cert-file=/var/lib/etcd/pki/server.pem
- --peer-key-file=/var/lib/etcd/pki/server-key.pem
- --peer-trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --data-dir=/var/lib/etcd
- --auto-compaction-retention=1
- --quota-backend-bytes=8589934592
- --heartbeat-interval=500
- --election-timeout=5000
image: registry.baidubce.com/quay.io/coreos/etcd:v3.5.4
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /health
port: 2379
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
name: etcd
resources:
limits:
memory: "2Gi"
cpu: 1000m
requests:
memory: "1Gi"
cpu: 1000m
volumeMounts:
- mountPath: /etc/ssl/certs
name: certs
- mountPath: /var/lib/etcd
name: etcd
hostNetwork: true
hostname: etcd-0
subdomain: etcd
volumes:
- hostPath:
path: /etc/ssl/certs
name: certs
- hostPath:
path: /var/lib/etcd-0
name: etcd
2>/etc/kubernetes/manifests/etcd-1.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
labels:
app: etcd
name: etcd-1
spec:
containers:
- command:
- etcd
- --name=etcd-1
- --initial-cluster=etcd-0=https://192.168.86.52:2380,etcd-1=https://192.168.86.53:2380,etcd-2=https://192.168.86.54:2380
- --initial-cluster-state=new
- --listen-client-urls=https://192.168.86.53:2379,http://127.0.0.1:2379
- --listen-metrics-urls=http://192.168.86.53:12379
- --advertise-client-urls=https://192.168.86.53:2379
- --client-cert-auth
- --listen-peer-urls=https://192.168.86.53:2380
- --initial-advertise-peer-urls=https://192.168.86.53:2380
- --peer-client-cert-auth
- --cert-file=/var/lib/etcd/pki/server.pem
- --key-file=/var/lib/etcd/pki/server-key.pem
- --trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --peer-cert-file=/var/lib/etcd/pki/server.pem
- --peer-key-file=/var/lib/etcd/pki/server-key.pem
- --peer-trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --data-dir=/var/lib/etcd
- --auto-compaction-retention=1
- --quota-backend-bytes=8589934592
- --heartbeat-interval=500
- --election-timeout=5000
image: registry.baidubce.com/quay.io/coreos/etcd:v3.5.4
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /health
port: 2379
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
name: etcd
resources:
limits:
memory: "2Gi"
cpu: 1000m
requests:
memory: "1Gi"
cpu: 1000m
volumeMounts:
- mountPath: /etc/ssl/certs
name: certs
- mountPath: /var/lib/etcd
name: etcd
hostNetwork: true
hostname: etcd-1
subdomain: etcd
volumes:
- hostPath:
path: /etc/ssl/certs
name: certs
- hostPath:
path: /var/lib/etcd-1
name: etcd
3>/etc/kubernetes/manifests/etcd-2.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
labels:
app: etcd
name: etcd-2
spec:
containers:
- command:
- etcd
- --name=etcd-2
- --initial-cluster=etcd-0=https://192.168.86.52:2380,etcd-1=https://192.168.86.53:2380,etcd-2=https://192.168.86.54:2380
- --initial-cluster-state=new
- --listen-client-urls=https://192.168.86.54:2379,http://127.0.0.1:2379
- --listen-metrics-urls=http://192.168.86.54:12379
- --advertise-client-urls=https://192.168.86.54:2379
- --client-cert-auth
- --listen-peer-urls=https://192.168.86.54:2380
- --initial-advertise-peer-urls=https://192.168.86.54:2380
- --peer-client-cert-auth
- --cert-file=/var/lib/etcd/pki/server.pem
- --key-file=/var/lib/etcd/pki/server-key.pem
- --trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --peer-cert-file=/var/lib/etcd/pki/server.pem
- --peer-key-file=/var/lib/etcd/pki/server-key.pem
- --peer-trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --data-dir=/var/lib/etcd
- --auto-compaction-retention=1
- --quota-backend-bytes=8589934592
- --heartbeat-interval=500
- --election-timeout=5000
image: registry.baidubce.com/quay.io/coreos/etcd:v3.5.4
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /health
port: 2379
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
name: etcd
resources:
limits:
memory: "2Gi"
cpu: 1000m
requests:
memory: "1Gi"
cpu: 1000m
volumeMounts:
- mountPath: /etc/ssl/certs
name: certs
- mountPath: /var/lib/etcd
name: etcd
hostNetwork: true
hostname: etcd-0
subdomain: etcd
volumes:
- hostPath:
path: /etc/ssl/certs
name: certs
- hostPath:
path: /var/lib/etcd-2
name: etcd
3、 Inspection cluster
ETCDCTL_API=3 etcdctl --cert server.pem --key server-key.pem --endpoints https://192.168.86.52:2379,https://192.168.86.53:2379,https://192.168.86.54:2379 --insecure-skip-tls-verify endpoint status --write-out=table
边栏推荐
- MySQL日志
- Deep feature synthesis and genetic feature generation, comparison of two automatic feature generation strategies
- QT knowledge: QT widgets widget class [01]
- Demand and business model innovation-5-process
- MySQL Basics
- MySQL installation and Application
- Fcpx tutorial, how to export video graphics and text in Final Cut Pro?
- [games101] class note 8 - shading (shading frequency, graphics pipeline, texture mapping)
- 【splishsplash】自定义导出器
- 【生成对抗网络学习 其三】BiGAN论文阅读笔记及其原理理解
猜你喜欢
华尔街备忘单(Wall Street Cheat Sheet)
The latest Ningxia construction safety officer simulation question bank and answers in 2022
User and group permissions
进程会计、进程时间、守护进程
Axure RP 9 for MAC (interactive product prototyping tool) Chinese version
牛客网:三数之和
The Milvus graphical management tool Attu is coming!
PostgreSQL database replication - background first-class citizen process walreceiver PG_ stat_ wal_ Receiver view
Illustrator tutorial, how to recolor artwork in illustrator?
What is a federated index?
随机推荐
Microsoft Word tutorial, how to insert a header or footer in word?
Kyma application connectivity feature introduction
Macro definitions and functions
Solve NPM compilation times node_ modules/optipng-bin/vendor/optipng ENOENT
Ctfshow-web265 (deserialization)
【无标题】
Unsupported class file major version 60
Explain
Microsoft Word tutorial, how to insert page numbers and table of contents in word?
MySQL Basics
Detailed explanation of SQL exists usage
测试必备:推荐一款跨平台App性能专项测试工具!
Centos7 installing MySQL 5.7
Index optimization principle
[leetcode 7 solution] integer inversion
How mysterious is "PIP not an internal or external command, nor a runnable program or batch file"
检测当前系统语言
Golden, silver and four job hopping season, teach you these tips to improve the interview success rate
In 2022, 20 cities with the largest number of college students in China
Handwritten promise