K8S集群安装 之 安装主控节点etcd服务
发表于:2024-10-27 作者:千家信息网编辑
千家信息网最后更新 2024年10月27日,一、在根证书服务器上创建基于根证书的config配置文件200 certs]# cd /opt/certs/200 certs]# vi /opt/certs/ca-config.json{ "
千家信息网最后更新 2024年10月27日K8S集群安装 之 安装主控节点etcd服务
一、在根证书服务器上创建基于根证书的config配置文件
200 certs]# cd /opt/certs/200 certs]# vi /opt/certs/ca-config.json{ "signing": { "default": { "expiry": "175200h" }, "profiles": { "server": { "expiry": "175200h", "usages": [ "signing", "key encipherment", "server auth" ] }, "client": { "expiry": "175200h", "usages": [ "signing", "key encipherment", "client auth" ] }, "peer": { "expiry": "175200h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] } } }}
二、创建etcd自签证书签名请求csr的json配置文件
200 certs]# vi etcd-peer-csr.json{ "CN": "k8s-etcd", "hosts": [ "10.3.153.212", "10.3.153.221", "10.3.153.222" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "beijing", "L": "beijing", "O": "od", "OU": "ops" } ]}200 certs]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer etcd-peer-csr.json |cfssl-json -bare etcd-peer[root@test-operator certs]# ll | grep etcd-peer-rw-r--r-- 1 root root 1062 Feb 1 00:19 etcd-peer.csr-rw-r--r-- 1 root root 375 Feb 1 00:15 etcd-peer-csr.json-rw------- 1 root root 1675 Feb 1 00:19 etcd-peer-key.pem #证书私钥-rw-r--r-- 1 root root 1428 Feb 1 00:19 etcd-peer.pem #证书文件
三、分别在三台主机上安装etcd服务
# 212/221/222机器:~]# mkdir /opt/src~]# cd /opt/src/src]# useradd -s /sbin/nologin -M etcdsrc]# id etcd# 到GitHub下载或者直接用我给得安装包 https://github.com/etcd-io/etcd/tagssrc]# tar xf etcd-v3.1.20-linux-amd64.tar.gz -C /optopt]# mv etcd-v3.1.20-linux-amd64/ etcd-v3.1.20opt]# ln -s /opt/etcd-v3.1.20/ /opt/etcdopt]# cd etcd~~~~~~# 212/221/222机器:etcd]# mkdir -p /opt/etcd/certs /data/etcd /data/logs/etcd-serveretcd]# cd certs/certs]# scp 10.3.153.200:/opt/certs/ca.pem .# 输入200虚机密码certs]# scp 10.3.153.200:/opt/certs/etcd-peer.pem .certs]# scp 10.3.153.200:/opt/certs/etcd-peer-key.pem .certs]# cd ..etcd]# vi /opt/etcd/etcd-server-startup.sh# 注意,如果是21机器,这下面得12都得改成21,initial-cluster则是全部机器都有,不需要改,一共5处#!/bin/sh./etcd --name etcd-server-7-12 \ --data-dir /data/etcd/etcd-server \ --listen-peer-urls https://10.3.153.212:2380 \ --listen-client-urls https://10.3.153.212:2379,http://127.0.0.1:2379 \ --quota-backend-bytes 8000000000 \ --initial-advertise-peer-urls https://10.3.153.212:2380 \ --advertise-client-urls https://10.4.7.12:2379,http://127.0.0.1:2379 \ --initial-cluster etcd-server-7-12=https://10.3.153.212:2380,etcd-server-7-21=https://10.3.153.221:2380,etcd-server-7-22=https://10.3.153.222:2380 \ --ca-file ./certs/ca.pem \ --cert-file ./certs/etcd-peer.pem \ --key-file ./certs/etcd-peer-key.pem \ --client-cert-auth \ --trusted-ca-file ./certs/ca.pem \ --peer-ca-file ./certs/ca.pem \ --peer-cert-file ./certs/etcd-peer.pem \ --peer-key-file ./certs/etcd-peer-key.pem \ --peer-client-cert-auth \ --peer-trusted-ca-file ./certs/ca.pem \ --log-output stdoutetcd]# chmod +x etcd-server-startup.shetcd]# chown -R etcd.etcd /opt/etcd-v3.1.20/etcd]# chown -R etcd.etcd /data/etcd/etcd]# chown -R etcd.etcd /data/logs/etcd-server/~~~~~~# 212/221/222机器:etcd]# yum install supervisor -y #用于把服务以后台服务启动etcd]# systemctl start supervisord etcd]# systemctl enable supervisordetcd]# vi /etc/supervisord.d/etcd-server.ini# 注意修改下面得7-12,对应上机器,如21机器就是7-21,一共一处[program:etcd-server-7-12]command=/opt/etcd/etcd-server-startup.sh ; the program (relative uses PATH, can take args)numprocs=1 ; number of processes copies to start (def 1)directory=/opt/etcd ; directory to cwd to before exec (def no cwd)autostart=true ; start at supervisord start (default: true)autorestart=true ; retstart at unexpected quit (default: true)startsecs=30 ; number of secs prog must stay running (def. 1)startretries=3 ; max # of serial start failures (default 3)exitcodes=0,2 ; 'expected' exit codes for process (default 0,2)stopsignal=QUIT ; signal used to kill process (default TERM)stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10)user=etcd ; setuid to this UNIX account to run the programredirect_stderr=true ; redirect proc stderr to stdout (default false)stdout_logfile=/data/logs/etcd-server/etcd.stdout.log ; stdout log path, NONE for none; default AUTOstdout_logfile_maxbytes=64MB ; max # logfile bytes b4 rotation (default 50MB)stdout_logfile_backups=4 ; # of stdout logfile backups (default 10)stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)stdout_events_enabled=false ; emit events on stdout writes (default false)12 etcd]# supervisorctl update# out:etcd-server-7-21: added process group12 etcd]# supervisorctl status# out: etcd-server-7-12 RUNNING pid 16582, uptime 0:00:5912 etcd]# netstat -luntp|grep etcd# 必须是监听了2379和2380这两个端口才算成功12 etcd]# etcd-server-7-12: added process group~~~~~~# 任意节点检测集群健康状态的两种方法22 etcd]# ./etcdctl cluster-health[root@test-nodes1 etcd]# ./etcdctl cluster-healthmember 3657c30473e13ab3 is healthy: got healthy result from http://127.0.0.1:2379member 6cbe98b6a135fd14 is healthy: got healthy result from http://127.0.0.1:2379member b7ffbb00070336e7 is healthy: got healthy result from http://127.0.0.1:2379cluster is healthy22 etcd]# ./etcdctl member list[root@test-nodes1 etcd]# ./etcdctl member list3657c30473e13ab3: name=etcd-server-7-12 peerURLs=https://10.3.153.212:2380 clientURLs=http://127.0.0.1:2379,https://10.3.153.212:2379 isLeader=false6cbe98b6a135fd14: name=etcd-server-7-21 peerURLs=https://10.3.153.221:2380 clientURLs=http://127.0.0.1:2379,https://10.3.153.221:2379 isLeader=falseb7ffbb00070336e7: name=etcd-server-7-22 peerURLs=https://10.3.153.222:2380 clientURLs=http://127.0.0.1:2379,https://10.3.153.222:2379 isLeader=true
机器
服务
证书
文件
配置
节点
集群
健康
成功
两个
主机
口才
后台
密码
就是
方法
服务器
状态
签证
虚机
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
部队军营网络安全宣传
淮安定制软件开发报价
药物综合数据库如何免费试用
网络安全表演形式
软件开发友好界面设计
江阴代办网络技术工作室
中国数据库发展水平
服务器集群与云计算
美国小学网络安全
监控中心网络安全实施方案
车载网络技术考题
病理图像数据库
安全狗服务器流量
不用的旧手机怎么做服务器
河南搜游网络技术
原神价值查询服务器被挤爆
网络安全彩铅漫画
网络安全运维资质有哪些
ea工具 软件开发
江西唯艾互联网科技有限公司
数据库引号未闭合
数据库软件能否导出表格
石家庄网络技术工程师前景
中国科技刊数据库 工业b
宝能服务器
软件开发工具的特征
网络安全相声稿
qq炫舞唱歌断开服务器
mc宝可梦服务器进入手机版教程
我的世界网易版服务器雪球回城指令