etcd 集群部署

最新推荐文章于 2024-04-17 05:09:30 发布
最新推荐文章于 2024-04-17 05:09:30 发布
阅读量934 收藏 2
点赞数
分类专栏: kubernetes 文章标签: k8s Kubernetes
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/zhanghua850127/article/details/100511960
版权

Etcd 是 CoreOS 基于 Raft 开发的分布式 key-value 存储,可用于服务发现、共享配置以及一致性保障(如数据库选主、分布式锁等)。

Etcd 主要功能

基本的 key-value 存储
监听机制
key 的过期及续约机制,用于监控和服务发现
原子 CAS 和 CAD,用于分布式锁和 leader 选举

环境准备

操作系统IP 地址HostName
CentOS7.x-86_x6410.0.52.13k8s.master
CentOS7.x-86_x6410.0.52.14k8s.node1
CentOS7.x-86_x6410.0.52.6k8s.node2

etcd 部署

官方文档

https://github.com/etcd-io/etcd

下载地址

https://github.com/etcd-io/etcd/releases/download/v3.3.10/etcd-v3.3.10-linux-amd64.tar.gz

安装必要软件

本次实验你将会安装一些实用的命令行工具,这包括 cfsslcfssljson

安装 CFSSL

cfssl 下载地址:
链接:https://pan.baidu.com/s/1NVnjpgnO7sTBf4frvuNWKA
提取码:dawo

chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64
mv cfssl_linux-amd64 /usr/local/bin/cfssl
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
mv cfssl-certinfo_linux-amd64 /usr/bin/cfssl-certinfo

验证 cfssl 的版本为 1.2.0 或是更高

[root@k8s ~]# cfssl version
Version: 1.2.0
Revision: dev
Runtime: go1.6

配置 CA 并创建 TLS 证书

我们将使用 CloudFlare’s PKI 工具 cfssl 来配置 PKI Infrastructure,然后使用它去创建 Certificate Authority(CA), 并为 etcd创建 TLS 证书。

  • 创建目录
mkdir /opt/etcd/{bin,cfg,ssl} -p
cd /opt/etcd/ssl/
  • etcd ca配置
cat << EOF | tee ca-config.json
{
  "signing": {
    "default": {
      "expiry": "87600h"
    },
    "profiles": {
      "etcd": {
         "expiry": "87600h",
         "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ]
      }
    }
  }
}
EOF
  • etcd ca证书
cat << EOF | tee ca-csr.json
{
    "CN": "etcd CA",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "Beijing",
            "ST": "Beijing"
        }
    ]
}
EOF
  • 生成 CA 凭证和私钥:
cfssl gencert -initca ca-csr.json | cfssljson -bare ca 

[root@k8s ssl]# ls
ca-config.json  ca-csr.json
[root@k8s ssl]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca
2019/05/23 10:17:05 [INFO] generating a new CA key and certificate from CSR
2019/05/23 10:17:05 [INFO] generate received request
2019/05/23 10:17:05 [INFO] received CSR
2019/05/23 10:17:05 [INFO] generating key: rsa-2048
2019/05/23 10:17:06 [INFO] encoded CSR
2019/05/23 10:17:06 [INFO] signed certificate with serial number 20205354135917049449942525304158394005878373639
[root@k8s ssl]# ls
ca-config.json  ca.csr  ca-csr.json  ca-key.pem  ca.pem
[root@k8s ssl]#

结果将生成以下两个文件:

ca-key.pem
ca.pem
  • etcd server证书
cat << EOF | tee server-csr.json
{
    "CN": "etcd",
    "hosts": [
    "10.0.52.14",
    "10.0.52.13",
    "10.0.52.6"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "Beijing",
            "ST": "Beijing"
        }
    ]
}
EOF
  • 生成server证书:
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=etcd server-csr.json | cfssljson -bare server

[root@k8s ssl]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=etcd server-csr.json | cfssljson -bare server
2019/05/23 10:23:47 [INFO] generate received request
2019/05/23 10:23:47 [INFO] received CSR
2019/05/23 10:23:47 [INFO] generating key: rsa-2048
2019/05/23 10:23:47 [INFO] encoded CSR
2019/05/23 10:23:47 [INFO] signed certificate with serial number 199680945753638449140210062880512592204940964699
2019/05/23 10:23:47 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@k8s ssl]# ls
ca-config.json  ca.csr  ca-csr.json  ca-key.pem  ca.pem  server.csr  server-csr.json  server-key.pem  server.pem
[root@k8s ssl]#

结果将生成以下两个文件:

server-key.pem
server.pem
  • etcd安装
  1. 解压缩
[root@k8s ~]# tar zxf etcd-v3.3.10-linux-amd64.tar.gz 
[root@k8s ~]# cd etcd-v3.3.10-linux-amd64
[root@k8s etcd-v3.3.10-linux-amd64]# ls
Documentation  etcd  etcdctl  README-etcdctl.md  README.md  READMEv2-etcdctl.md
[root@k8s etcd-v3.3.10-linux-amd64]# cp etcd etcdctl /opt/etcd/bin/
[root@k8s etcd-v3.3.10-linux-amd64]#
  1. 配置etcd主文件
cat << EOF | tee /opt/etcd/cfg/etcd.conf
#[Member]
ETCD_NAME="etcd01"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://10.0.52.13:2380"
ETCD_LISTEN_CLIENT_URLS="https://10.0.52.13:2379,http://127.0.0.1:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://10.0.52.13:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://10.0.52.13:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://10.0.52.13:2380,etcd02=https://10.0.52.14:2380,etcd03=https://10.0.52.6:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

#[Security]
ETCD_CERT_FILE="/opt/etcd/ssl/server.pem"
ETCD_KEY_FILE="/opt/etcd/ssl/server-key.pem"
ETCD_TRUSTED_CA_FILE="/opt/etcd/ssl/ca.pem"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_PEER_CERT_FILE="/opt/etcd/ssl/server.pem"
ETCD_PEER_KEY_FILE="/opt/etcd/ssl/server-key.pem"
ETCD_PEER_TRUSTED_CA_FILE="/opt/etcd/ssl/ca.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"
EOF
  1. 配置etcd启动文件
cat << EOF | tee /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=/opt/etcd/cfg/etcd.conf
ExecStart=/opt/etcd/bin/etcd \
--name=\${ETCD_NAME} \
--data-dir=\${ETCD_DATA_DIR} \
--listen-peer-urls=\${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=\${ETCD_LISTEN_CLIENT_URLS} \
--advertise-client-urls=\${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-advertise-peer-urls=\${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--initial-cluster=\${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=\${ETCD_INITIAL_CLUSTER_TOKEN} \
--initial-cluster-state=\${ETCD_INITIAL_CLUSTER_STATE}  \
--cert-file=\${ETCD_CERT_FILE} \
--key-file=\${ETCD_KEY_FILE} \
--peer-cert-file=\${ETCD_PEER_CERT_FILE} \
--peer-key-file=\${ETCD_PEER_KEY_FILE} \
--trusted-ca-file=\${ETCD_TRUSTED_CA_FILE} \
--client-cert-auth=\${ETCD_CLIENT_CERT_AUTH} \
--peer-client-cert-auth=\${ETCD_PEER_CLIENT_CERT_AUTH} \
--peer-trusted-ca-file=\${ETCD_PEER_TRUSTED_CA_FILE}
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF
  1. 启动
systemctl daemon-reload
systemctl enable etcd
systemctl restart etcd
  1. 其他节点重复如上操作,注意启动前etcd02、etcd03同样配置如下
etcd02
[root@k8s cfg]# cat etcd.conf 
#[Member]
ETCD_NAME="etcd02"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://10.0.52.14:2380"
ETCD_LISTEN_CLIENT_URLS="https://10.0.52.14:2379,http://127.0.0.1:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://10.0.52.14:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://10.0.52.14:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://10.0.52.13:2380,etcd02=https://10.0.52.14:2380,etcd03=https://10.0.52.6:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

#[Security]
ETCD_CERT_FILE="/opt/etcd/ssl/server.pem"
ETCD_KEY_FILE="/opt/etcd/ssl/server-key.pem"
ETCD_TRUSTED_CA_FILE="/opt/etcd/ssl/ca.pem"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_PEER_CERT_FILE="/opt/etcd/ssl/server.pem"
ETCD_PEER_KEY_FILE="/opt/etcd/ssl/server-key.pem"
ETCD_PEER_TRUSTED_CA_FILE="/opt/etcd/ssl/ca.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"

etcd03
[root@k8s cfg]# cat etcd.conf 
#[Member]
ETCD_NAME="etcd03"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://10.0.52.6:2380"
ETCD_LISTEN_CLIENT_URLS="https://10.0.52.6:2379,http://127.0.0.1:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://10.0.52.6:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://10.0.52.6:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://10.0.52.13:2380,etcd02=https://10.0.52.14:2380,etcd03=https://10.0.52.6:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

#[Security]
ETCD_CERT_FILE="/opt/etcd/ssl/server.pem"
ETCD_KEY_FILE="/opt/etcd/ssl/server-key.pem"
ETCD_TRUSTED_CA_FILE="/opt/etcd/ssl/ca.pem"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_PEER_CERT_FILE="/opt/etcd/ssl/server.pem"
ETCD_PEER_KEY_FILE="/opt/etcd/ssl/server-key.pem"
ETCD_PEER_TRUSTED_CA_FILE="/opt/etcd/ssl/ca.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"
  1. 服务检查
[root@k8s cfg]# /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://10.0.52.13:2379,https://10.0.52.14:2379,https://10.0.52.6:2379" cluster-health
member 11babd38de9e1f0f is healthy: got healthy result from https://10.0.52.13:2379
member 22436a037c5adb3b is healthy: got healthy result from https://10.0.52.14:2379
member a5e80429e983b681 is healthy: got healthy result from https://10.0.52.6:2379
cluster is healthy


[root@k8s cfg]# /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://10.0.52.13:2379,https://10.0.52.14:2379,https://10.0.52.6:2379" member list
11babd38de9e1f0f: name=etcd01 peerURLs=https://10.0.52.13:2380 clientURLs=https://10.0.52.13:2379 isLeader=false
22436a037c5adb3b: name=etcd02 peerURLs=https://10.0.52.14:2380 clientURLs=https://10.0.52.14:2379 isLeader=true
a5e80429e983b681: name=etcd03 peerURLs=https://10.0.52.6:2380 clientURLs=https://10.0.52.6:2379 isLeader=false

可能遇到的问题

  1. 各个主机应该关闭firewalld服务,否则会出现类似提示无法获取某个节点健康状态的提示:
[root@k8s cfg]#  /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --endpoints="https://10.0.52.13:2379,https://10.0.52.14:2379,https://10.0.52.6:2379" cluster-health
member 11babd38de9e1f0f is healthy: got healthy result from https://10.0.52.13:2379
failed to check the health of member 22436a037c5adb3b on https://10.0.52.14:2379: Get https://10.0.52.14:2379/health: dial tcp 10.0.52.14:2379: i/o timeout
member 22436a037c5adb3b is unreachable: [https://10.0.52.14:2379] are all unreachable
member a5e80429e983b681 is healthy: got healthy result from https://10.0.52.6:2379
  1. request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
[root@k8s cfg]# journalctl -u etcd -f
-- Logs begin at Thu 2019-05-23 14:29:05 CST. --
May 23 15:59:09 k8s.master etcd[13366]: request sent was ignored (cluster ID mismatch: peer[102b996c4aa7e55a]=4fb7ed98f0f6d1a7, local=4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request sent was ignored (cluster ID mismatch: peer[102b996c4aa7e55a]=4fb7ed98f0f6d1a7, local=4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request sent was ignored (cluster ID mismatch: peer[102b996c4aa7e55a]=4fb7ed98f0f6d1a7, local=4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request sent was ignored (cluster ID mismatch: peer[102b996c4aa7e55a]=4fb7ed98f0f6d1a7, local=4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request sent was ignored (cluster ID mismatch: peer[102b996c4aa7e55a]=4fb7ed98f0f6d1a7, local=4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request sent was ignored (cluster ID mismatch: peer[102b996c4aa7e55a]=4fb7ed98f0f6d1a7, local=4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request sent was ignored (cluster ID mismatch: peer[102b996c4aa7e55a]=4fb7ed98f0f6d1a7, local=4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request sent was ignored (cluster ID mismatch: peer[102b996c4aa7e55a]=4fb7ed98f0f6d1a7, local=4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:09 k8s.master etcd[13366]: publish error: etcdserver: request timed out
May 23 15:59:10 k8s.master etcd[13366]: request sent was ignored (cluster ID mismatch: peer[102b996c4aa7e55a]=4fb7ed98f0f6d1a7, local=4c0b05dc1b530742)
May 23 15:59:10 k8s.master etcd[13366]: request sent was ignored (cluster ID mismatch: peer[102b996c4aa7e55a]=4fb7ed98f0f6d1a7, local=4c0b05dc1b530742)
May 23 15:59:10 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:10 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:10 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)
May 23 15:59:10 k8s.master etcd[13366]: request cluster ID mismatch (got 4fb7ed98f0f6d1a7 want 4c0b05dc1b530742)

解决办法: 删除缓存,并重启etcd
[root@k8s cfg]# rm -rf /var/lib/etcd/default.etcd
[root@k8s cfg]# systemctl restart etcd
  1. rejected connection from “10.0.52.14:45458” (error “x509: certificate is valid for 10.0.52.12, 10.0.52.13, 10.0.52.6, not 10.0.52.14”, ServerName “”, IPAddresses [“10.0.52.12” “10.0.52.13” “10.0.52.6”], DNSNames [])
出现 x509的错误,请检查证书配置,上面的错误是,证书设置成了10.0.52.12,改成10.0.52.14即可.修改之后
systemctl daemon-reload
systemctl restart etcd

谢谢

zhanghua850127
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
Kubernetes集群部署教程-ETCD集群部署
guting18893110463的博客
04-10 1038
Etcd 是一个分布式键值存储系统,Kubernetes使用Etcd进行数据存储,所以先准备一个Etcd数据库,为解决Etcd单点故障,应采用集群方式部署
etcd 集群部署包 TLS.tar.gz
06-29
k8s etcd 集群部署
etcd走https协议集群搭建
weixin_60092693的博客
10-06 896
学习实验
etcd初始化集群
土豆
02-03 1463
准备条件 2台linux系统的虚拟机作etcd集群节点,其ip地址能够互相ping通(本文使用的镜像为:CentOS-8.2.2004-x86_64-minimal.iso) 集群节点分别安装好etcd服务(本文使用的rpm包为:etcd-3.2.21-2.el8.x86_64.rpm) 创建集群 配置文件的修改 etcd集群的创建通过修改配置文件/etc/etcd/etcd.conf实现,修改项主要包括 1.ETCD_DATA_DIR ...
Etcd教程 — 第一章 Etcd简介、Etcd单机安装_etcd 安装(1)
最新发布
2401_84281588的博客
04-17 741
export GOPATH=/root/go/GOPATH #GOPATH是工作目录的位置。这个是自己创建的,想放在哪都行。export GOROOT=/usr/local/go #GOROOT是系统上安装Go软件包的位置。(img-7vg66asL-1713301758938)]加完后按esc键退出编辑模式,输入:wq保存退出。:需要将etcd加入到环境变量中,否则会在。将etcd环境变量添加到文件末尾。Q1: 提示仓库里没有。安装Etcd的命令(2)
Etcd集群搭建
ZouChengli的博客
09-30 537
前言: 前面我提到k8s的高可用搭建,于是后面有人评论etcd用的master自己的还是外部的etcd集群。我回答是用master自带的,今天为了解决那个朋友提出的问题,我这里给搭建演示如何搭建一个外部etcd集群!好了废话不多说了,直接上干活。 准备三台虚拟机或实体机(CentOS7) IP HOSTNAME CPU/MEM/DISK OS ETCD VERSION 172.16.0.160 etcd00 4C/4G/16G CentOS7
ETCD集群部署
小单的博客专栏
03-13 4539
ETCD集群部署+flannel 附件 /opt/soft/etcd/etcd-v3.4.4-linux-amd64.tar.gz 下载地址:https://github.com/etcd-io/etcd/releases 服务器 192.168.1.54、192.168.1.65、192.168.1.105 安装 1、解压包(每台机器) ETCD_VER=v3.4.4 cd /opt/soft/...
etcd集群部署安装
qq_42048263的博客
03-18 926
在每个节点上创建etcd的system unit文件/usr/lib/systemd/system/etcd.service,注意替换ETCD_NAME和INTERNAL_IP变量的值。注意上面配置 hosts 字段中制定授权使用该证书的 IP 和域名列表,因为现在要生成的证书需要被 etcd 集群各个节点使用,所以这里指定了各个节点的 IP 和 hostname。signing表示此CA证书可以用于签名其他证书,ca.pem中的CA=TRUE。利用cfssl生成etcd所需的相关证书。
etcd集群部署
40kuai的博客
01-21 416
文章目录ectd介绍证书配置新建ETCD CA证书配置文件ca-config.json新建ETCD CA证书凭证签发配置文件ca-csr.json生成CA证书和私钥生成服务器证书etcd服务配置启动服务 ectd介绍 正式的ectd端口是 2379 用于客户端连接,而 2380 用于伙伴通讯。etcd 端口可以设置为接受 TLS 通讯,non-TLS 通讯,或者同时有 TLS 和 non-TLS 通讯。 启动etcd集群有三种机制: 静态(我们使用这种方式部署etcd 发现 DNS 发现 证书配置
etcd集群部署详解
hai330的博客
06-30 5990
简介 Etcd是一个高可用的 Key/Value 存储系统,主要用于分享配置和服务发现。 ● 简单:支持 curl 方式的用户 API (HTTP+JSON) ● 安全:可选 SSL 客户端证书认证 ● 快速:单实例可达每秒1000次写操作 ● 可靠:使用 Raft 实现分布式 环境: node IP OS etcd_version etcd0 10.1.2.61 CentOS7.0 etcd3.0.14 etcd1 10.1.2.172 cent
Docker搭建etcd集群
01-27
etcd是CoreOS团队发起的一个开源项目(Go语言,其实很多这类项目都是Go语言实现的,只能说很强大),实现了分布式键值存储和服务发现,etcd 和ZooKeeper/Consul非常相似,都提供了类似的功能,以及RESTAPI的访问操作...
kubernetes部署etcd集群
01-20
etcd是一个高可用的键值存储系统,kubernetes使用它来存储各个资源的状态,从而实现了Restful的API。 服务器IP/主机名 用途 192.168.122.134/k8s-master1 etcd、kube-apiserver、kube-controller-manager、...
Etcd3静态集群部署
03-19
etcd比较多的应用场景是用于服务发现与配置共享,值得注意的是,分布式系统中的数据分为控制数据和...与其他数据库和缓存服务不同的是,用于配置管理的etcd服务会运行在集群每一个节点上(有些可能处于“代理模式”)。
rancher+k8s+etcd集群
08-18
使用RKE构建企业生产Kubernetes集群 内容包含: 1.集群主机准备 2.daocker部署 3.docker compose安装 4.添加rancher用户 5.生成ssh证书用户部署集群 6.rke工具下载 7.初始化rke配置文件 ....
kubeadmin 快速部署k8s集群
zhanghua850127的专栏
09-03 2471
安装要求 在开始之前,部署Kubernetes集群机器需要满足以下几个条件: 一台或多台机器,操作系统 CentOS7.x-86_x64 硬件配置:2GB或更多RAM,2个CPU或更多CPU,硬盘30GB或更多 集群中所有机器之间网络互通 可以访问外网,需要拉取镜像 禁止swap分区 学习目标 在所有节点上安装Docker和kubeadm 部署Kubernetes Master 部署容器网络...
Flannel 安装部署
zhanghua850127的专栏
09-03 1615
Flannel Flannel是 CoreOS 团队针对 Kubernetes 设计的一个覆盖网络(Overlay Network)工具,其目的在于帮助每一个使用 Kuberentes 的 CoreOS 主机拥有一个完整的子网。这次的分享内容将从Flannel的介绍、工作原理及安装和配置三方面来介绍这个工具的使用方法。 Flannel通过给每台宿主机分配一个子网的方式为容器提供虚拟网络,它基于Li...
Kubernetes addons 之 coredns部署
zhanghua850127的专栏
09-03 838
DNS 是 Kubernetes 的核心功能之一,通过 kube-dns 或 CoreDNS 作为集群的必备扩展来提供命名服务。 Kubernetes基于DNS的服务发现 在Kubernetes集群推荐使用Service Name作为服务的访问地址,因此需要一个Kubernetes集群范围的DNS服务实现从Service Name到Cluster Ip的解析,这就是Kubernetes基于DNS的...
在centos中etcd集群部署
05-29
好的,下面是在 CentOS 中部署 etcd 集群的步骤: 1. 下载 etcd 安装包 可以从 etcd 官网下载最新版的 etcd 安装包,下载地址为:https://github.com/etcd-io/etcd/releases 2. 解压安装包 将下载的 etcd 安装包...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值