这篇文章主要为大家展示了“kubernetes中ETCD TLS证书集群如何安装”,内容简而易懂,条理清晰,希望能够帮助大家解决疑惑,下面让小编带领大家一起研究并学习一下“kubernetes中ETCD TLS证书集群如何安装”这篇文章吧。 一:前言
kuberntes 系统使用etcd 存储所有数据,部署一个三节点的etcd 集群,需要为 etcd 集群创建加密通信的 TLS 证书,复制以前创建的kubernetes 证书。cp ca.pem kubernetes-key.pem kubernetes.pem /etc/kubernetes/ssl。
iZwz95trb3stk6afg8oozuZ :10.116.137.196
iZwz96e1vc35er68nlrcauZ :10.116.82.28
iZwz96e1vc35er68nlrcatZ :10.116.36.57
二:ETCD 安装
点击(此处)折叠或打开wget http 香港云主机s://github.com/coreos/etcd/releases/download/v3.3.2/etc
d-v3.3.2-linux-amd64.tar.gz
tar -xvf etcd-v3.3.2-linux-amd64.tar.gz
mv etcd-v3.3.2-linux-amd64/etcd* /usr/local/bin三:创建 etcd 的 systemd unit 文件
/usr/lib/systemd/system/etcd.service
点击(此处)折叠或打开[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
EnvironmentFile=/etc/etcd/etcd.conf
ExecStart=/bin/bash -c “GOMAXPROCS=$(nproc) /usr/bin/etcd –name=”${ETCD_NAME}” –cert-file=”${ETCD_CERT_FILE}” –key-file=”${ETCD_KEY_FILE}” –trusted-ca-file=”${ETCD_TRUSTED_CA_FILE}” –peer-cert-file=”${ETCD_PEER_CERT_FILE}” –peer-key-file=”${ETCD_PEER_KEY_FILE}” –peer-trusted-ca-file=”${ETCD_PEER_TRUSTED_CA_FILE}” –data-dir=”${ETCD_DATA_DIR}” –listen-client-urls=”${ETCD_LISTEN_CLIENT_URLS}” –listen-peer-urls=”${ETCD_LISTEN_PEER_URLS}” –advertise-client-urls=”${ETCD_ADVERTISE_CLIENT_URLS}” –initial-advertise-peer-urls=”${ETCD_INITIAL_ADVERTISE_PEER_URLS}” –initial-cluster=”${ETCD_INITIAL_CLUSTER}” –initial-cluster-state=”${ETCD_INITIAL_CLUSTER_STATE}””
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target四:环境变量配置文件 /etc/etcd/etcd.conf
点击(此处)折叠或打开# [member]
ETCD_NAME=iZwz96e1vc35er68nlrcauZ
ETCD_DATA_DIR=”/var/lib/etcd/default.etcd”
ETCD_LISTEN_PEER_URLS=”https://10.116.82.28:2380″
ETCD_LISTEN_CLIENT_URLS=”https://10.116.82.28:2379,https://127.0.0.1:2379″
# [cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS=”https://10.116.82.28:2380″
ETCD_INITIAL_CLUSTER=”iZwz95trb3stk6afg8oozuZ=https://10.116.137.196:2380,iZwz96e1vc35er68nlrcauZ=https://10.116.82.28:2380,iZwz96e1vc35er68nlrcatZ=https://10.116.36.57:2380″
ETCD_INITIAL_CLUSTER_STATE=”new”
ETCD_INITIAL_CLUSTER_TOKEN=”k8s-etcd-cluster”
ETCD_ADVERTISE_CLIENT_URLS=”https://10.116.82.28:2379″
# [security]
ETCD_CERT_FILE=”/etc/kubernetes/ssl/kubernetes.pem”
ETCD_KEY_FILE=”/etc/kubernetes/ssl/kubernetes-key.pem”
ETCD_TRUSTED_CA_FILE=”/etc/kubernetes/ssl/ca.pem”
ETCD_PEER_CERT_FILE=”/etc/kubernetes/ssl/kubernetes.pem”
ETCD_PEER_KEY_FILE=”/etc/kubernetes/ssl/kubernetes-key.pem”
ETCD_PEER_TRUSTED_CA_FILE=”/etc/kubernetes/ssl/ca.pem”
五:启动 etcd 服务
systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
systemctl status etcd
六:验证服务
etcdctl –ca-file=/etc/kubernetes/ssl/ca.pem –cert-file=/etc/kubernetes/ssl/kubernetes.pem –key-file=/etc/kubernetes/ssl/kubernetes-key.pem –endpoints=https://127.0.0.1:2379 cluster-health
以上是“kubernetes中ETCD TLS证书集群如何安装”这篇文章的所有内容,感谢各位的阅读!相信大家都有了一定的了解,希望分享的内容对大家有所帮助,如果还想学习更多知识,欢迎关注开发云行业资讯频道!
本篇内容主要讲解“怎么用python pkuseg生成云词”,感兴趣的朋友不妨来看看。本文介绍的方法操作简单快捷,实用性强。下面就让小编来带大家学习“怎么用python pkuseg生成云词”吧!第一步是将演讲内容下载下来,保存到一个txt文件 香港云主机中,…
免责声明:本站发布的图片视频文字,以转载和分享为主,文章观点不代表本站立场,本站不承担相关法律责任;如果涉及侵权请联系邮箱:360163164@qq.com举报,并提供相关证据,经查实将立刻删除涉嫌侵权内容。
微信扫一扫 
