欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

etcd安装

程序员文章站 2022-07-13 22:44:40
...

签发etcd证书

配置etcd-peer-csr.json文件

{
    "CN": "etce-peer",
    "hosts": [
	"172.16.0.8",
	"172.16.0.15",
	"172.16.0.16",
	"172.16.16.17"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "GuiZhou",
            "ST": "GuiZhou"
        }
    ]
}

生成证书

cfssl gencert -ca=../ca.pem -ca-key=../ca-key.pem -config=../ca-config.json -profile=peer etcd-peer-csr.json | cfssl-json -bare etcd-peer

创建etcd用户

useradd -s /sbin/nologin -M etcd

下载etcd

wget https://github.com/etcd-io/etcd/releases/download/v3.4.8/etcd-v3.4.8-linux-amd64.tar.gz

解压

tar zxvf etcd-v3.4.8-linux-amd64.tar.gz

创建目录

mkdir -p /data/etcd /data/logs/etcd-server

分配目录用户

chown -R etcd.etcd /data/etcd /data/logs/etcd-server/

创建etcd的证书目录

mkdir -p /opt/etcd/certs

主机上生成的ca.pem、etcd-peer-key.pem、etcd-peer.pem拷贝到/opt/etcd/certs目录中,注意私钥文件权限600

[[email protected]_0_8_centos certs]# ll
total 12
-rw-r--r-- 1 root root 1281 May 19 14:42 ca.pem
-rw------- 1 root root 1675 May 19 14:41 etcd-peer-key.pem
-rw-r--r-- 1 root root 1363 May 19 14:41 etcd-peer.pem

给/opt/etcd/certs文件分配etcd用户

chown -R etcd.etcd /opt/etcd/certs/
相关标签: k8s 运维