kubernetes中ETCD TLS证书集群如何安装

这篇文章主要为大家展示了“kubernetes中ETCD TLS证书集群如何安装”，内容简而易懂，条理清晰，希望能够帮助大家解决疑惑，下面让小编带领大家一起研究并学习一下“kubernetes中ETCD TLS证书集群如何安装”这篇文章吧。

一：前言

kuberntes 系统使用etcd 存储所有数据，部署一个三节点的etcd 集群，需要为 etcd 集群创建加密通信的 TLS 证书，复制以前创建的kubernetes 证书。cp ca.pem kubernetes-key.pem kubernetes.pem /etc/kubernetes/ssl。

iZwz95trb3stk6afg8oozuZ ：10.116.137.196
iZwz96e1vc35er68nlrcauZ ：10.116.82.28
iZwz96e1vc35er68nlrcatZ ：10.116.36.57

二：ETCD 安装

点击(此处)折叠或打开

1. wget https://GitHub.com/coreos/etcd/releases/download/v3.3.2/etc
   

2. d-v3.3.2-linux-amd64.tar.gz
   

3. tar -xvf etcd-v3.3.2-linux-amd64.tar.gz
   

4. mv etcd-v3.3.2-linux-amd64/etcd* /usr/local/bin

三：创建 etcd 的 systemd unit 文件
/usr/lib/systemd/system/etcd.service

点击(此处)折叠或打开

1. [Unit]
   

2. Description=Etcd Server
   

3. After=network.target
   

4. After=network-online.target
   

5. Wants=network-online.target
   

7. [Service]
   

8. Type=notify
   

9. WorkingDirectory=/var/lib/etcd/
   

10. EnvironmentFile=/etc/etcd/etcd.conf
    

11. ExecStart=/bin/bash -c "GoMAXPROCS=$(nproc) /usr/bin/etcd --name=\"${ETCD_NAME}\" --cert-file=\"${ETCD_CERT_FILE}\" --key-file=\"${ETCD_KEY_FILE}\" --trusted-ca-file=\"${ETCD_TRUSTED_CA_FILE}\" --peer-cert-file=\"${ETCD_PEER_CERT_FILE}\" --peer-key-file=\"${ETCD_PEER_KEY_FILE}\" --peer-trusted-ca-file=\"${ETCD_PEER_TRUSTED_CA_FILE}\" --data-dir=\"${ETCD_DATA_DIR}\" --listen-client-urls=\"${ETCD_LISTEN_CLIENT_URLS}\" --listen-peer-urls=\"${ETCD_LISTEN_PEER_URLS}\" --advertise-client-urls=\"${ETCD_ADVERTISE_CLIENT_URLS}\" --initial-advertise-peer-urls=\"${ETCD_INITIAL_ADVERTISE_PEER_URLS}\" --initial-cluster=\"${ETCD_INITIAL_CLUSTER}\" --initial-cluster-state=\"${ETCD_INITIAL_CLUSTER_STATE}\""
    

12. Restart=on-failure
    

13. LimitNOFILE=65536
    

15. [Install]
    

16. WantedBy=multi-user.target

四：环境变量配置文件 /etc/etcd/etcd.conf

点击(此处)折叠或打开

1. # [member]
   

2. ETCD_NAME=iZwz96e1vc35er68nlrcauZ
   

3. ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
   

4. ETCD_LISTEN_PEER_URLS="Https://10.116.82.28:2380"
   

5. ETCD_LISTEN_CLIENT_URLS="https://10.116.82.28:2379,https://127.0.0.1:2379"
   

7. # [cluster]
   

8. ETCD_INITIAL_ADVERTISE_PEER_URLS="https://10.116.82.28:2380"
   

9. ETCD_INITIAL_CLUSTER="iZwz95trb3stk6afg8oozuZ=https://10.116.137.196:2380,iZwz96e1vc35er68nlrcauZ=https://10.116.82.28:2380,iZwz96e1vc35er68nlrcatZ=https://10.116.36.57:2380"
   

10. ETCD_INITIAL_CLUSTER_STATE="new"
    

11. ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"
    

12. ETCD_ADVERTISE_CLIENT_URLS="https://10.116.82.28:2379"
    

14. # [security]
    

15. ETCD_CERT_FILE="/etc/kubernetes/ssl/kubernetes.pem"
    

16. ETCD_KEY_FILE="/etc/kubernetes/ssl/kubernetes-key.pem"
    

17. ETCD_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
    

18. ETCD_PEER_CERT_FILE="/etc/kubernetes/ssl/kubernetes.pem"
    

19. ETCD_PEER_KEY_FILE="/etc/kubernetes/ssl/kubernetes-key.pem"
    

20. ETCD_PEER_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"

五：启动 etcd 服务

systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
systemctl status etcd

六：验证服务
etcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem  --endpoints=https://127.0.0.1:2379 cluster-health

以上是“kubernetes中ETCD TLS证书集群如何安装”这篇文章的所有内容，感谢各位的阅读！相信大家都有了一定的了解，希望分享的内容对大家有所帮助，如果还想学习更多知识，欢迎关注编程网精选频道！