zoukankan      html  css  js  c++  java
  • etcd TLS 部署 flanneld

    1.首先使用cfssl 生成相关证书文件

    参考 

    https://coreos.com/os/docs/latest/generate-self-signed-certificates.html

    2.etcd.service文件

    [Unit]
    Description=Etcd Server
    [Service]
    Type=notify
    #WorkingDirectory=/home/etcd_data
    #EnvironmentFile=-/root/etcd-v3.3.9-linux-amd64/etcd.conf
    ExecStart=/root/etcd-v3.3.9-linux-amd64/etcd --name infra0 
            --initial-advertise-peer-urls https://xxx.xxx.xxx.xxx:2380 
            --listen-peer-urls https://xxx.xxx.xxx.xxx:2380 
            --listen-client-urls https://xxx.xxx.xxx.xxx:2379,https://127.0.0.1:2379 
            --advertise-client-urls https://xxx.xxx.xxx.xxx:2379 
            --initial-cluster infra0=https://xxx.xxx.xxx.xxx:2380,infra1=https://xxx.xxx.xxx.xxx:2380,infra2=https://xxx.xxx.xxx.xxx2380 
            --initial-cluster-token etcd-cluster-0 
            --initial-cluster-state new 
            --data-dir=/home/etcd_data 
            --debug=true 
            --client-cert-auth 
            --trusted-ca-file=/root/etcd_ssl/ca.pem
            --cert-file=/root/etcd_ssl/server.pem 
            --key-file=/root/etcd_ssl/server-key.pem 
            --peer-client-cert-auth 
            --peer-trusted-ca-file=/root/etcd_ssl/ca.pem 
            --peer-cert-file=/root/etcd_ssl/infra0.pem 
            --peer-key-file=/root/etcd_ssl/infra0-key.pem
    
    Restart=on-failure
    RestartSec=5
    LimitNOFILE=65536
    [Install]
    WantedBy=multi-user.target
    

      

    启动etcd服务

    3. flanneld.service文件

    [Unit]
    Description=flannel
    After=network.target
    After=network-online.target
    Wants=network-online.target
    After=etcd.service
    Before=docker.service
    [Service]
    ExecStart=/opt/flannel/flanneld --ip-masq=true --iface=eno1 --etcd-endpoints=https://xxx.xxx.xxx.xxx:2379,https://xx.xxx.xxx.xxx:2379,https://xx.xxx.xxx.xxx:2379 --etcd-keyfile=/root/etcd_ssl/client-key.pem --etcd-certfile=/root/etcd_ssl/client.pem --etcd-cafile=/root/etcd_ssl/ca.pem
    [Install]
    WantedBy=multi-user.target
    RequiredBy=docker.service
    

      

    4. 编写etcdctl_ssl 文件

    ETCDCTL_API=2 ./etcdctl     --endpoints https://10.110.158.181:2379,https://10.110.158.182:2379,https://10.110.158.183:2379 --ca-file /root/etcd_ssl/ca.pem --cert-file  /root/etcd_ssl/client.pem  --key-file /root/etcd_ssl/client-key.pem  $@
    

      

    注意 flanneld  --ip-masq=true  

          dockerd  --ip-masq=false

          这样可以避免程序中拿到的 ip 是 x.x.x.0 的情况

  • 相关阅读:
    PAT 天梯赛 L2-003. 月饼 【贪心】
    PAT 天梯赛 L2-015. 互评成绩 【排序】
    PAT 天梯赛 L1-046. 整除光棍 【模拟除法】
    PAT 天梯赛 L1-006. 连续因子 【循环】
    PAT 天梯赛 L1-009. N个数求和 【模拟】
    HackerRank
    ZOJ 3961 Let's Chat 【水】
    ZOJ 3960 What Kind of Friends Are You? 【状态标记】
    ZOJ 3959 Problem Preparation 【水】
    ZOJ 3958 Cooking Competition 【水】
  • 原文地址:https://www.cnblogs.com/xuchenCN/p/10943436.html
Copyright © 2011-2022 走看看