当前位置:网站首页>部署static pod方式部署etcd集群
部署static pod方式部署etcd集群
2022-06-12 20:11:00 【段帅星】
规划
| ip地址 | 端口 |
|---|---|
| 192.168.86.52 | 27017 |
| 192.168.86.53 | 27017 |
| 192.168.86.54 | 27017 |
步骤
1、生成证书(多写几个ip备用)
install_cfssl(){
curl -L https://ghproxy.com/https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64 -o /usr/local/bin/cfssl
curl -L https://ghproxy.com/https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64 -o /usr/local/bin/cfssljson
curl -L https://ghproxy.com/https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl-certinfo_1.6.1_linux_amd64 -o /usr/local/bin/cfssl-certinfo
chmod a+x /usr/local/bin/cfssl*
}
create_ca(){
cat<<EOF>ca-config.json
{
"signing": {
"default": {
"expiry": "876000h"
},
"profiles": {
"www": {
"expiry": "876000h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
EOF
cat<<EOF>ca-csr.json
{
"CN": "etcd CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
}
create_etcd_ssl(){
cat<<EOF>server-csr.json
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
"192.168.86.51",
"192.168.86.52",
"192.168.86.53",
"192.168.86.54",
"192.168.86.55"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server
}
main(){
#install_cfssl
create_ca
create_etcd_ssl
}
main
2、传证书到对应节点
scp ca.pem server.pem server-key.pem [email protected]:/var/lib/etcd-0/pki/
scp ca.pem server.pem server-key.pem [email protected]:/var/lib/etcd-1/pki/
scp ca.pem server.pem server-key.pem [email protected]:/var/lib/etcd-2/pki/
3、部署yaml
1>/etc/kubernetes/manifests/etcd-0.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
labels:
app: etcd
name: etcd-0
spec:
containers:
- command:
- etcd
- --name=etcd-0
- --initial-cluster=etcd-0=https://192.168.86.52:2380,etcd-1=https://192.168.86.53:2380,etcd-2=https://192.168.86.54:2380
- --initial-cluster-state=new
- --listen-client-urls=https://192.168.86.52:2379,http://127.0.0.1:2379
- --listen-metrics-urls=http://192.168.86.52:12379
- --advertise-client-urls=https://192.168.86.52:2379
- --client-cert-auth
- --listen-peer-urls=https://192.168.86.52:2380
- --initial-advertise-peer-urls=https://192.168.86.52:2380
- --peer-client-cert-auth
- --cert-file=/var/lib/etcd/pki/server.pem
- --key-file=/var/lib/etcd/pki/server-key.pem
- --trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --peer-cert-file=/var/lib/etcd/pki/server.pem
- --peer-key-file=/var/lib/etcd/pki/server-key.pem
- --peer-trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --data-dir=/var/lib/etcd
- --auto-compaction-retention=1
- --quota-backend-bytes=8589934592
- --heartbeat-interval=500
- --election-timeout=5000
image: registry.baidubce.com/quay.io/coreos/etcd:v3.5.4
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /health
port: 2379
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
name: etcd
resources:
limits:
memory: "2Gi"
cpu: 1000m
requests:
memory: "1Gi"
cpu: 1000m
volumeMounts:
- mountPath: /etc/ssl/certs
name: certs
- mountPath: /var/lib/etcd
name: etcd
hostNetwork: true
hostname: etcd-0
subdomain: etcd
volumes:
- hostPath:
path: /etc/ssl/certs
name: certs
- hostPath:
path: /var/lib/etcd-0
name: etcd
2>/etc/kubernetes/manifests/etcd-1.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
labels:
app: etcd
name: etcd-1
spec:
containers:
- command:
- etcd
- --name=etcd-1
- --initial-cluster=etcd-0=https://192.168.86.52:2380,etcd-1=https://192.168.86.53:2380,etcd-2=https://192.168.86.54:2380
- --initial-cluster-state=new
- --listen-client-urls=https://192.168.86.53:2379,http://127.0.0.1:2379
- --listen-metrics-urls=http://192.168.86.53:12379
- --advertise-client-urls=https://192.168.86.53:2379
- --client-cert-auth
- --listen-peer-urls=https://192.168.86.53:2380
- --initial-advertise-peer-urls=https://192.168.86.53:2380
- --peer-client-cert-auth
- --cert-file=/var/lib/etcd/pki/server.pem
- --key-file=/var/lib/etcd/pki/server-key.pem
- --trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --peer-cert-file=/var/lib/etcd/pki/server.pem
- --peer-key-file=/var/lib/etcd/pki/server-key.pem
- --peer-trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --data-dir=/var/lib/etcd
- --auto-compaction-retention=1
- --quota-backend-bytes=8589934592
- --heartbeat-interval=500
- --election-timeout=5000
image: registry.baidubce.com/quay.io/coreos/etcd:v3.5.4
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /health
port: 2379
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
name: etcd
resources:
limits:
memory: "2Gi"
cpu: 1000m
requests:
memory: "1Gi"
cpu: 1000m
volumeMounts:
- mountPath: /etc/ssl/certs
name: certs
- mountPath: /var/lib/etcd
name: etcd
hostNetwork: true
hostname: etcd-1
subdomain: etcd
volumes:
- hostPath:
path: /etc/ssl/certs
name: certs
- hostPath:
path: /var/lib/etcd-1
name: etcd
3>/etc/kubernetes/manifests/etcd-2.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
labels:
app: etcd
name: etcd-2
spec:
containers:
- command:
- etcd
- --name=etcd-2
- --initial-cluster=etcd-0=https://192.168.86.52:2380,etcd-1=https://192.168.86.53:2380,etcd-2=https://192.168.86.54:2380
- --initial-cluster-state=new
- --listen-client-urls=https://192.168.86.54:2379,http://127.0.0.1:2379
- --listen-metrics-urls=http://192.168.86.54:12379
- --advertise-client-urls=https://192.168.86.54:2379
- --client-cert-auth
- --listen-peer-urls=https://192.168.86.54:2380
- --initial-advertise-peer-urls=https://192.168.86.54:2380
- --peer-client-cert-auth
- --cert-file=/var/lib/etcd/pki/server.pem
- --key-file=/var/lib/etcd/pki/server-key.pem
- --trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --peer-cert-file=/var/lib/etcd/pki/server.pem
- --peer-key-file=/var/lib/etcd/pki/server-key.pem
- --peer-trusted-ca-file=/var/lib/etcd/pki/ca.pem
- --data-dir=/var/lib/etcd
- --auto-compaction-retention=1
- --quota-backend-bytes=8589934592
- --heartbeat-interval=500
- --election-timeout=5000
image: registry.baidubce.com/quay.io/coreos/etcd:v3.5.4
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /health
port: 2379
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
name: etcd
resources:
limits:
memory: "2Gi"
cpu: 1000m
requests:
memory: "1Gi"
cpu: 1000m
volumeMounts:
- mountPath: /etc/ssl/certs
name: certs
- mountPath: /var/lib/etcd
name: etcd
hostNetwork: true
hostname: etcd-0
subdomain: etcd
volumes:
- hostPath:
path: /etc/ssl/certs
name: certs
- hostPath:
path: /var/lib/etcd-2
name: etcd
3、检查集群
ETCDCTL_API=3 etcdctl --cert server.pem --key server-key.pem --endpoints https://192.168.86.52:2379,https://192.168.86.53:2379,https://192.168.86.54:2379 --insecure-skip-tls-verify endpoint status --write-out=table
边栏推荐
- MySQL - the execution order of an SQL statement
- 登錄mysql
- 1. Getting to know R
- The joint empowerment plan of Baidu PaddlePaddle large enterprise open innovation center was launched! Help Pudong to upgrade its industry intelligently
- Detailed explanation of IO flow basic knowledge -- file and IO flow principle
- Alipay payment Episode 12: Crazy God and Feige Alipay payment configuration code (free resources, no thanks for taking them away)
- Reading small program based on wechat e-book graduation design (4) opening report
- Storage system overview
- Optimization of SQL statements
- JDBC interface summary
猜你喜欢
Viewpoint sharing | Li Wei, an expert of Gewu titanium intelligent technology products: underlying logic and scenario practice of unstructured data platform
Parameter meaning of random forest randomforestclassifier in sklearn
torch 网络模型转换onnx格式,并可视化
First build green, then build city
7 R read / write data
Demand and business model innovation - demand 2- demand basis
Demand and business model analysis-3-design
Torch network model is converted to onnx format and visualized
Download and configuration of nuitka packaging tutorial
华尔街备忘单(Wall Street Cheat Sheet)
随机推荐
系统 日志
MySQL - the execution order of an SQL statement
First build green, then build city
QT knowledge: QT widgets widget class [01]
Alipay payment episode 11: monitoring after successful payment callback
MySQL日志
Overview of object detection
Axure RP 9 for Mac(交互式产品原型设计工具)中文版
Bsn-ddc basic network introduction, technical features, unique advantages, application scenarios and platform access
What does MySQL full value match mean
Demand and business model analysis-3-design
Using / developing private plug-ins in traifik proxy 2.5 (traifik official blog)
Installation of xv6 system
PostgreSQL database replication - background first-class citizen process walreceiver PG_ stat_ wal_ Receiver view
The latest Ningxia construction safety officer simulation question bank and answers in 2022
Understanding of data in memory
Explain
The execution results of i+=2 and i++ i++ under synchronized are different
[games101] class note 8 - shading (shading frequency, graphics pipeline, texture mapping)
SPI one master and many slaves