kubernetes中ETCD TLS证书集群如何安装

这篇文章主要为大家展示了“kubernetes中ETCD TLS证书集群如何安装”，内容简而易懂，条理清晰，希望能够帮助大家解决疑惑，下面让小编带领大家一起研究并学习一下“kubernetes中ETCD TLS证书集群如何安装”这篇文章吧。

一：前言

kuberntes 系统使用etcd 存储所有数据，部署一个三节点的etcd 集群，需要为 etcd 集群创建加密通信的 TLS 证书，复制以前创建的kubernetes 证书。cp ca.pem kubernetes-key.pem kubernetes.pem /etc/kubernetes/ssl。

iZwz95trb3stk6afg8oozuZ ：10.116.137.196
iZwz96e1vc35er68nlrcauZ ：10.116.82.28
iZwz96e1vc35er68nlrcatZ ：10.116.36.57

二：ETCD 安装

点击(此处)折叠或打开

1. wget https://github.com/coreos/etcd/releases/download/v3.3.2/etc

2. d-v3.3.2-linux-amd64.tar.gz

3. tar -xvf etcd-v3.3.2-linux-amd64.tar.gz

4. mv etcd-v3.3.2-linux-amd64/etcd* /usr/local/bin

三：创建 etcd 的 systemd unit 文件
/usr/lib/systemd/system/etcd.service

点击(此处)折叠或打开

1. [Unit]

2. Description=Etcd Server

3. After=network.target

4. After=network-online.target

5. Wants=network-online.target

7. [Service]

8. Type=notify

9. WorkingDirectory=/var/lib/etcd/

10. EnvironmentFile=/etc/etcd/etcd.conf

11. ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/bin/etcd –name=/"${ETCD_NAME}/" –cert-file=/"${ETCD_CERT_FILE}/" –key-file=/"${ETCD_KEY_FILE}/" –trusted-ca-file=/"${ETCD_TRUSTED_CA_FILE}/" –peer-cert-file=/"${ETCD_PEER_CERT_FILE}/" –peer-key-file=/"${ETCD_PEER_KEY_FILE}/" –peer-trusted-ca-file=/"${ETCD_PEER_TRUSTED_CA_FILE}/" –data-dir=/"${ETCD_DATA_DIR}/" –listen-client-urls=/"${ETCD_LISTEN_CLIENT_URLS}/" –listen-peer-urls=/"${ETCD_LISTEN_PEER_URLS}/" –advertise-client-urls=/"${ETCD_ADVERTISE_CLIENT_URLS}/" –initial-advertise-peer-urls=/"${ETCD_INITIAL_ADVERTISE_PEER_URLS}/" –initial-cluster=/"${ETCD_INITIAL_CLUSTER}/" –initial-cluster-state=/"${ETCD_INITIAL_CLUSTER_STATE}/""

12. Restart=on-failure

13. LimitNOFILE=65536

15. [Install]

16. WantedBy=multi-user.target

四：环境变量配置文件 /etc/etcd/etcd.conf

点击(此处)折叠或打开

1. # [member]

2. ETCD_NAME=iZwz96e1vc35er68nlrcauZ

3. ETCD_DATA_DIR="/var/lib/etcd/default.etcd"

4. ETCD_LISTEN_PEER_URLS="https://10.116.82.28:2380"

5. ETCD_LISTEN_CLIENT_URLS="https://10.116.82.28:2379,https://127.0.0.1:2379"

7. # [cluster]

8. ETCD_INITIAL_ADVERTISE_PEER_URLS="https://10.116.82.28:2380"

9. ETCD_INITIAL_CLUSTER="iZwz95trb3stk6afg8oozuZ=https://10.116.137.196:2380,iZwz96e1vc35er68nlrcauZ=https://10.116.82.28:2380,iZwz96e1vc35er68nlrcatZ=https://10.116.36.57:2380"

10. ETCD_INITIAL_CLUSTER_STATE="new"

11. ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"

12. ETCD_ADVERTISE_CLIENT_URLS="https://10.116.82.28:2379"

14. # [security]

15. ETCD_CERT_FILE="/etc/kubernetes/ssl/kubernetes.pem"

16. ETCD_KEY_FILE="/etc/kubernetes/ssl/kubernetes-key.pem"

17. ETCD_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"

18. ETCD_PEER_CERT_FILE="/etc/kubernetes/ssl/kubernetes.pem"

19. ETCD_PEER_KEY_FILE="/etc/kubernetes/ssl/kubernetes-key.pem"

20. ETCD_PEER_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"

五：启动 etcd 服务

systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
systemctl status etcd

六：验证服务
etcdctl –ca-file=/etc/kubernetes/ssl/ca.pem –cert-file=/etc/kubernetes/ssl/kubernetes.pem –key-file=/etc/kubernetes/ssl/kubernetes-key.pem  –endpoints=https://127.0.0.1:2379 cluster-health

以上是“kubernetes中ETCD TLS证书集群如何安装”这篇文章的所有内容，感谢各位的阅读！相信大家都有了一定的了解，希望分享的内容对大家有所帮助，如果还想学习更多知识，欢迎关注亿速云行业资讯频道！