etcd搭建带证书集群
- etcd简介
etcd是一个非常可靠的kv存储系统,常在分布式系统中存储着关键的数据如:kubernetes。
具备以下特点:
-简单:提供定义明确且面向用户的API
安全:支持SSL证书验证
性能:基准压测支持1w+/sec写入
可靠:采用Raft协议保证分布式系统数据的可用性和一致性。
- 这里使用etcd v3.5.4 版本
主机:
k8snode1: 192.168.8.203
k8snode2: 192.168.8.204
k8snode3: 192.168.8.205
etcd下载地址:https://github.com/etcd-io/etcd/releases
cfssl下载地址:https://github.com/cloudflare/cfssl/releases
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64 -o cfssl
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64 -o cfssl
# 生成etcd证书和etcd证书的key
cat > ca-config.json << EOF
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"kubernetes": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
EOF
cat > ca-csr.json << EOF
{
"CN": "etcd CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"