标签:1.20 ssl -- app pem etcd 172.31 k8s
1、部署etcd文件
cd /data/app/k8s-ssl/ cp ca.pem kubernetes-key.pem kubernetes.pem /data/app/etcd/ssl/
2、 创建etcd服务配置文件
vim etcd.sh
ETCD_NAME=`hostname` INTERNAL_IP=`hostname -i` INITIAL_CLUSTER=zy-nph-skg-fat-channel-redis-yace01=https://172.31.170.15:2380,zy-nph-skg-fat-channel-redis-yace02=https://172.31.170.16:2380,zy-nph-skg-fat-channel-redis-yace03=https://172.31.170.17:2380 SSL_PATH=/data/app/etcd/ssl cat << EOF | sudo tee /etc/systemd/system/etcd.service [Unit] Description=etcd Documentation=https://github.com/coreos [Service] ExecStart=/usr/local/bin/etcd \\ --name ${ETCD_NAME} \\ --cert-file=${SSL_PATH}/kubernetes.pem \\ --key-file=${SSL_PATH}/kubernetes-key.pem \\ --peer-cert-file=${SSL_PATH}/kubernetes.pem \\ --peer-key-file=${SSL_PATH}/kubernetes-key.pem \\ --trusted-ca-file=${SSL_PATH}/ca.pem \\ --peer-trusted-ca-file=${SSL_PATH}/ca.pem \\ --peer-client-cert-auth \\ --client-cert-auth \\ --initial-advertise-peer-urls https://${INTERNAL_IP}:2380 \\ --listen-peer-urls https://${INTERNAL_IP}:2380 \\ --listen-client-urls https://${INTERNAL_IP}:2379,https://127.0.0.1:2379 \\ --advertise-client-urls https://${INTERNAL_IP}:2379 \\ --initial-cluster-token etcd-cluster-0 \\ --initial-cluster ${INITIAL_CLUSTER} \\ --initial-cluster-state new \\ --data-dir=/data/app/etcd/data Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target EOF
3、 启动etcd集群服务
systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
4、 验证etcd集群服务
export ETCDCTL_API=3 etcdctl --endpoints="172.31.170.15:2379,172.31.170.16:2379,172.31.170.17:2379" --cacert=/data/app/etcd/ssl/ca.pem --cert=/data/app/etcd/ssl/kubernetes.pem --key=/data/app/etcd/ssl/kubernetes-key.pem endpoint status --write-out=table etcdctl --endpoints="172.31.170.15:2379,172.31.170.16:2379,172.31.170.17:2379" --cacert=/data/app/etcd/ssl/ca.pem --cert=/data/app/etcd/ssl/kubernetes.pem --key=/data/app/etcd/ssl/kubernetes-key.pem endpoint health --write-out=table
标签:1.20,ssl,--,app,pem,etcd,172.31,k8s 来源: https://www.cnblogs.com/linjiangCN/p/16226779.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。