当前位置:网站首页>Deploy etcd cluster in static pod mode
Deploy etcd cluster in static pod mode
2022-06-12 20:18:00 【Duanshuaixing】
planning
| ip Address | port |
|---|---|
| 192.168.86.52 | 27017 |
| 192.168.86.53 | 27017 |
| 192.168.86.54 | 27017 |
step
1、 Generate Certificate ( Write more ip spare )
install_cfssl(){
curl -L https://ghproxy.com/https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64 -o /usr/local/bin/cfssl
curl -L https://ghproxy.com/https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64 -o /usr/local/bin/cfssljson
curl -L https://ghproxy.com/https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl-certinfo_1.6.1_linux_amd64 -o /usr/local/bin/cfssl-certinfo
chmod a+x /usr/local/bin/cfssl*
}
create_ca(){
cat<<EOF>ca-config.json
{
"signing": {
"default": {
"expiry": "876000h"
},
"profiles": {
"www": {
"expiry": "876000h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
EOF
cat<<EOF>ca-csr.json
{
"CN": "etcd CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
}
create_etcd_ssl(){
cat<<EOF>server-csr.json
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
"192.168.86.51",
"192.168.86.52",
"192.168.86.53",
"192.168.86.54",
"192.168.86.55"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server
}
main(){
#install_cfssl
create_ca
create_etcd_ssl
}
main
2、 Transfer the certificate to the corresponding node
scp ca.pem server.pem server-key.pem [email protected]:/var/lib/etcd-0/pki/
scp ca.pem server.pem server-key.pem [email protected]:/var/lib/etcd-1/pki/
scp ca.pem server.pem server-key.pem [email protected]:/var/lib/etcd-2/pki/
3、 Deploy yaml
1>/etc/kubernetes/manifests/etcd-0.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
labels:
app: etcd
name: etcd-0
spec:
containers:
- command:
- etcd
- --name=etcd-0
- --initial-cluster=etcd-0=https://192.168.86.52:2380,etcd-1=https://192.168.86.53:2380,etcd-2=https://192.168.86.54:2380
- --initial-cluster-state=new
- --listen-client-urls=https://192.168.86.52:2379,http://127.0.0.1:2379
- --listen-metrics-urls=http://192.168.86.52:12379
- --advertise-client-urls=https://192.168.86.52:2379
- --client-cert-auth
- --listen-peer-urls=https://192.168.86.52:2380
- --initial-advertise-peer-urls=https://192.168.86.52:2380
- --peer-client-cert-auth
- --cert-file=/var/lib/etcd/pki/server.pem
- --key-file=/var/lib/etcd/pki/server-key.pem
- --trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --peer-cert-file=/var/lib/etcd/pki/server.pem
- --peer-key-file=/var/lib/etcd/pki/server-key.pem
- --peer-trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --data-dir=/var/lib/etcd
- --auto-compaction-retention=1
- --quota-backend-bytes=8589934592
- --heartbeat-interval=500
- --election-timeout=5000
image: registry.baidubce.com/quay.io/coreos/etcd:v3.5.4
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /health
port: 2379
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
name: etcd
resources:
limits:
memory: "2Gi"
cpu: 1000m
requests:
memory: "1Gi"
cpu: 1000m
volumeMounts:
- mountPath: /etc/ssl/certs
name: certs
- mountPath: /var/lib/etcd
name: etcd
hostNetwork: true
hostname: etcd-0
subdomain: etcd
volumes:
- hostPath:
path: /etc/ssl/certs
name: certs
- hostPath:
path: /var/lib/etcd-0
name: etcd
2>/etc/kubernetes/manifests/etcd-1.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
labels:
app: etcd
name: etcd-1
spec:
containers:
- command:
- etcd
- --name=etcd-1
- --initial-cluster=etcd-0=https://192.168.86.52:2380,etcd-1=https://192.168.86.53:2380,etcd-2=https://192.168.86.54:2380
- --initial-cluster-state=new
- --listen-client-urls=https://192.168.86.53:2379,http://127.0.0.1:2379
- --listen-metrics-urls=http://192.168.86.53:12379
- --advertise-client-urls=https://192.168.86.53:2379
- --client-cert-auth
- --listen-peer-urls=https://192.168.86.53:2380
- --initial-advertise-peer-urls=https://192.168.86.53:2380
- --peer-client-cert-auth
- --cert-file=/var/lib/etcd/pki/server.pem
- --key-file=/var/lib/etcd/pki/server-key.pem
- --trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --peer-cert-file=/var/lib/etcd/pki/server.pem
- --peer-key-file=/var/lib/etcd/pki/server-key.pem
- --peer-trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --data-dir=/var/lib/etcd
- --auto-compaction-retention=1
- --quota-backend-bytes=8589934592
- --heartbeat-interval=500
- --election-timeout=5000
image: registry.baidubce.com/quay.io/coreos/etcd:v3.5.4
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /health
port: 2379
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
name: etcd
resources:
limits:
memory: "2Gi"
cpu: 1000m
requests:
memory: "1Gi"
cpu: 1000m
volumeMounts:
- mountPath: /etc/ssl/certs
name: certs
- mountPath: /var/lib/etcd
name: etcd
hostNetwork: true
hostname: etcd-1
subdomain: etcd
volumes:
- hostPath:
path: /etc/ssl/certs
name: certs
- hostPath:
path: /var/lib/etcd-1
name: etcd
3>/etc/kubernetes/manifests/etcd-2.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
labels:
app: etcd
name: etcd-2
spec:
containers:
- command:
- etcd
- --name=etcd-2
- --initial-cluster=etcd-0=https://192.168.86.52:2380,etcd-1=https://192.168.86.53:2380,etcd-2=https://192.168.86.54:2380
- --initial-cluster-state=new
- --listen-client-urls=https://192.168.86.54:2379,http://127.0.0.1:2379
- --listen-metrics-urls=http://192.168.86.54:12379
- --advertise-client-urls=https://192.168.86.54:2379
- --client-cert-auth
- --listen-peer-urls=https://192.168.86.54:2380
- --initial-advertise-peer-urls=https://192.168.86.54:2380
- --peer-client-cert-auth
- --cert-file=/var/lib/etcd/pki/server.pem
- --key-file=/var/lib/etcd/pki/server-key.pem
- --trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --peer-cert-file=/var/lib/etcd/pki/server.pem
- --peer-key-file=/var/lib/etcd/pki/server-key.pem
- --peer-trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --data-dir=/var/lib/etcd
- --auto-compaction-retention=1
- --quota-backend-bytes=8589934592
- --heartbeat-interval=500
- --election-timeout=5000
image: registry.baidubce.com/quay.io/coreos/etcd:v3.5.4
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /health
port: 2379
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
name: etcd
resources:
limits:
memory: "2Gi"
cpu: 1000m
requests:
memory: "1Gi"
cpu: 1000m
volumeMounts:
- mountPath: /etc/ssl/certs
name: certs
- mountPath: /var/lib/etcd
name: etcd
hostNetwork: true
hostname: etcd-0
subdomain: etcd
volumes:
- hostPath:
path: /etc/ssl/certs
name: certs
- hostPath:
path: /var/lib/etcd-2
name: etcd
3、 Inspection cluster
ETCDCTL_API=3 etcdctl --cert server.pem --key server-key.pem --endpoints https://192.168.86.52:2379,https://192.168.86.53:2379,https://192.168.86.54:2379 --insecure-skip-tls-verify endpoint status --write-out=table
边栏推荐
- P5076 【深基16.例7】普通二叉树(简化版)
- If you master these skills, you can also write a high score resume in the eyes of HR
- Demand and business model innovation-5-process
- Kyma application connectivity feature introduction
- The joint empowerment plan of Baidu PaddlePaddle large enterprise open innovation center was launched! Help Pudong to upgrade its industry intelligently
- MySQL index classification
- Centos7 installing MySQL 5.7
- Optimization of SQL statements
- User and group permissions
- 开源深度学习框架PlaidML安装及测试
猜你喜欢
The joint empowerment plan of Baidu PaddlePaddle large enterprise open innovation center was launched! Help Pudong to upgrade its industry intelligently
Wall Street cheat sheet
Alipay payment episode 11: monitoring after successful payment callback
How mysterious is "PIP not an internal or external command, nor a runnable program or batch file"
开源深度学习框架PlaidML安装及测试
What is a federated index?
解释器文件
【生成对抗网络学习 其三】BiGAN论文阅读笔记及其原理理解
Deep feature synthesis and genetic feature generation, comparison of two automatic feature generation strategies
2 R programming
随机推荐
The Milvus graphical management tool Attu is coming!
Wechat jsapi payment pit summary
[untitled]
I learned database at station B (10): View
Illustrator tutorial, how to recolor artwork in illustrator?
Detailed explanation of SQL exists usage
2 R programming
Kyma application connectivity feature introduction
Centos7 installing MySQL 5.7
QT知识:Qt Widgets小部件类【01】
Maximize tensorflow* CPU performance (shell)
system()
sklearn中随机森林RandomForestClassifier的参数含义
登錄mysql
CentOS7安装MySQL5.7操作说明
The execution results of i+=2 and i++ i++ under synchronized are different
P5076 【深基16.例7】普通二叉树(简化版)
MySQL - the execution order of an SQL statement
Demand and business model analysis-3-design
Experience Technology Department of ant group launched the 2023rd school recruitment