Kubernetes production installation and deployment of etcd cluster based Kubernetes v1.14.0

Enterprise 2019-05-31 17:12:43 views: null

Description: There is no clear indication in a server are completed in k8s-operation work K8S node server nodes greater than 2000 nodes

k8s-operation planning directory, the working directory / apps / work / k8s directory domain niuke.local used cluster operation

etcd cluster ready

1, etcd server configuration

etcd center cluster
Foreign ip address k8s cluster connection ip address cpu RAM hard disk
192.168.2.247 172.172.0.1 16 32 120G
192.168.2.248 172.172.0.2 16 32 120G
192.168.2.249 172.172.0.3 16 32 120G

etcd event cluster

Foreign ip address k8s cluster connection ip address cpu RAM hard disk
192.168.2.250 172.172.0.4 16 32 120G
192.168.2.251 172.172.0.5 16 32 120G
192.168.2.252 172.172.0.6 16 32 120G

2, etcd binary ready

cd /apps/work/k8s
mkdir etcd
cd etcd
wgte https://github.com/etcd-io/etcd/releases/download/v3.3.12/etcd-v3.3.12-linux-arm64.tar.gz
tar -xvf etcd-v3.3.12-linux-arm64.tar.gz
mkdir bin conf data ssl
mv etcd* bin/
rm -f etcd-v3.3.12-linux-arm64.tar.gz

3, etcd certificate ready

3.1 Creating a Certificate Profile

mkdir -p /apps/work/k8s/cfssl/ && \
cat << EOF | tee /apps/work/k8s/cfssl/ca-config.json
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"kubernetes": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "87600h"
}
}
}
}
EOF

3.2 Creating etcd ca certificate configuration

mkdir -p /apps/work/k8s/cfssl/etcd
cat << EOF | tee /apps/work/k8s/cfssl/etcd/etcd-ca-csr.json
{
"CN": "etcd",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "GuangDong",
"L": "GuangZhou",
"O": "niuke",
"OU": "niuke"
}
]
}
EOF

ETCD CA certificate and private key generation

mkdir -p /apps/work/k8s/cfssl/pki/etcd
cfssl gencert -initca /apps/work/k8s/cfssl/etcd/etcd-ca-csr.json | cfssljson -bare /apps/work/k8s/cfssl/pki/etcd/etcd-ca

Creating ETCD Server 3.3 cluster center certificate

3.3.1 Creating ETCD Server configuration file

export ETCD_SERVER_IPS=" \
\"172.172.0.1\", \
\"172.172.0.2\", \
\"172.172.0.3\" \
" && \
export ETCD_SERVER_HOSTNAMES=" \
\"etcd01\", \
\"etcd02\", \
\"etcd03\" \
" && \
cat << EOF | tee /apps/work/k8s/cfssl/etcd/etcd_server.json
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
${ETCD_SERVER_IPS},
${ETCD_SERVER_HOSTNAMES}
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "GuangDong",
"L": "GuangZhou",
"O": "niuke",
"OU": "niuke"
}
]
}
EOF

ETCD Server certificate and private key generation

cfssl gencert \
-ca=/apps/work/k8s/cfssl/pki/etcd/etcd-ca.pem \
-ca-key=/apps/work/k8s/cfssl/pki/etcd/etcd-ca-key.pem \
-config=/apps/work/k8s/cfssl/ca-config.json \
-profile=kubernetes \
/apps/work/k8s/cfssl/etcd/etcd_server.json | \
cfssljson -bare /apps/work/k8s/cfssl/pki/etcd/etcd_server

3.4 Creating ETCD Member Certificate Center Cluster

3.4.1 Creating ETCD Member 1 profiles

export ETCD_MEMBER_1_IP=" \
\"172.172.0.1\" \
" && \
export ETCD_MEMBER_1_HOSTNAMES="etcd01\
" && \
cat << EOF | tee /apps/work/k8s/cfssl/etcd/${ETCD_MEMBER_1_HOSTNAMES}.json
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
${ETCD_MEMBER_1_IP},
"${ETCD_MEMBER_1_HOSTNAMES}"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "GuangDong",
"L": "GuangZhou",
"O": "niuke",
"OU": "niuke"
}
]
}
EOF

Generate ETCD Member 1 certificate and private key

cfssl gencert \
-ca=/apps/work/k8s/cfssl/pki/etcd/etcd-ca.pem \
-ca-key=/apps/work/k8s/cfssl/pki/etcd/etcd-ca-key.pem \
-config=/apps/work/k8s/cfssl/ca-config.json \
-profile=kubernetes \
/apps/work/k8s/cfssl/etcd/${ETCD_MEMBER_1_HOSTNAMES}.json | \
cfssljson -bare /apps/work/k8s/cfssl/pki/etcd/etcdmember${ETCD_MEMBER_1_HOSTNAMES}

3.4.2 Creating ETCD Member 2 profiles

export ETCD_MEMBER_2_IP=" \
\"172.172.0.2\" \
" && \
export ETCD_MEMBER_2_HOSTNAMES=etcd02\
" && \
cat << EOF | tee /apps/work/k8s/cfssl/etcd/${ETCD_MEMBER_2_HOSTNAMES}.json
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
${ETCD_MEMBER_2_IP},
"${ETCD_MEMBER_2_HOSTNAMES}"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "GuangDong",
"L": "GuangZhou",
"O": "niuke",
"OU": "niuke"
}
]
}
EOF

Generating a certificate and private key ETCD Member 2

cfssl gencert \
-ca=/apps/work/k8s/cfssl/pki/etcd/etcd-ca.pem \
-ca-key=/apps/work/k8s/cfssl/pki/etcd/etcd-ca-key.pem \
-config=/apps/work/k8s/cfssl/ca-config.json \
-profile=kubernetes \
/apps/work/k8s/cfssl/etcd/${ETCD_MEMBER_2_HOSTNAMES}.json | \
cfssljson -bare /apps/work/k8s/cfssl/pki/etcd/etcdmember${ETCD_MEMBER_2_HOSTNAMES}

3.4.3 Creating ETCD Member 3 profiles

export ETCD_MEMBER_3_IP=" \
\"172.172.0.3\" \
" && \
export ETCD_MEMBER_3_HOSTNAMES="etcd03\
" && \
cat << EOF | tee /apps/work/k8s/cfssl/etcd/${ETCD_MEMBER_3_HOSTNAMES}.json
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
${ETCD_MEMBER_3_IP},
"${ETCD_MEMBER_3_HOSTNAMES}"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "GuangDong",
"L": "GuangZhou",
"O": "niuke",
"OU": "niuke"
}
]
}
EOF

Generate ETCD Member 3 certificates and private keys

cfssl gencert \
-ca=/apps/work/k8s/cfssl/pki/etcd/etcd-ca.pem \
-ca-key=/apps/work/k8s/cfssl/pki/etcd/etcd-ca-key.pem \
-config=/apps/work/k8s/cfssl/ca-config.json \
-profile=kubernetes \
/apps/work/k8s/cfssl/etcd/${ETCD_MEMBER_3_HOSTNAMES}.json | \
cfssljson -bare /apps/work/k8s/cfssl/pki/etcd/etcdmember${ETCD_MEMBER_3_HOSTNAMES}

3.5 Creating ETCD EVENTS Server Certificate

3.5.1 Creating ETCD EVENTS Server configuration file

export ETCD_EVENTS_IPS=" \
\"172.172.0.4\", \
\"172.172.0.5\", \
\"172.172.0.6\" \
" && \
export ETCD_EVENTS_HOSTNAMES=" \
\"etcd-even01\", \
\"etcd-even02\", \
\"etcd-even03\" \
" && \
cat << EOF | tee /apps/work/k8s/cfssl/etcd/etcd_events.json
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
${ETCD_EVENTS_IPS},
${ETCD_EVENTS_HOSTNAMES}
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "GuangDong",
"L": "GuangZhou",
"O": "niuke",
"OU": "niuke"
}
]
}
EOF

Certificate and private key generation ETCD EVENTS

cfssl gencert \
-ca=/apps/work/k8s/cfssl/pki/etcd/etcd-ca.pem \
-ca-key=/apps/work/k8s/cfssl/pki/etcd/etcd-ca-key.pem \
-config=/apps/work/k8s/cfssl/ca-config.json \
-profile=kubernetes \
/apps/work/k8s/cfssl/etcd/etcd_events.json | \
cfssljson -bare /apps/work/k8s/cfssl/pki/etcd/etcd_events

3.5.2 Creating ETCD EVENTS Member 1 profiles

export ETCD_EVENTS_MEMBER_1_IP=" \
\"172.172.0.4\" \
" && \
export ETCD_EVENTS_MEMBER_1_HOSTNAMES="etcd-even01\
" && \
cat << EOF | tee /apps/work/k8s/cfssl/etcd/"$ETCD_EVENTS_MEMBER_1_HOSTNAMES".json
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
${ETCD_EVENTS_MEMBER_1_IP},
"${ETCD_EVENTS_MEMBER_1_HOSTNAMES}"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "GuangDong",
"L": "GuangZhou",
"O": "niuke",
"OU": "niuke"
}
]
}
EOF

Generate ETCD EVENTS Member 1 certificate and private key

cfssl gencert \
-ca=/apps/work/k8s/cfssl/pki/etcd/etcd-ca.pem \
-ca-key=/apps/work/k8s/cfssl/pki/etcd/etcd-ca-key.pem \
-config=/apps/work/k8s/cfssl/ca-config.json \
-profile=kubernetes \
/apps/work/k8s/cfssl/etcd/${ETCD_EVENTS_MEMBER_1_HOSTNAMES}.json | \
cfssljson -bare /apps/work/k8s/cfssl/pki/etcd/etcdevents${ETCD_EVENTS_MEMBER_1_HOSTNAMES}

3.5.3 Creating ETCD EVENTS Member 2 profiles

export ETCD_EVENTS_MEMBER_2_IP=" \
\"172.172.0.5\" \
" && \
export ETCD_EVENTS_MEMBER_2_HOSTNAMES="etcd-even02\
" && \
cat << EOF | tee /apps/work/k8s/cfssl/etcd/"${ETCD_EVENTS_MEMBER_2_HOSTNAMES}".json
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
${ETCD_EVENTS_MEMBER_2_IP},
"${ETCD_EVENTS_MEMBER_2_HOSTNAMES}"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "GuangDong",
"L": "GuangZhou",
"O": "niuke",
"OU": "niuke"
}
]
}
EOF

Generating ETCD EVENTS Member 2 certificates and private keys

cfssl gencert \
-ca=/apps/work/k8s/cfssl/pki/etcd/etcd-ca.pem \
-ca-key=/apps/work/k8s/cfssl/pki/etcd/etcd-ca-key.pem \
-config=/apps/work/k8s/cfssl/ca-config.json \
-profile=kubernetes \
/apps/work/k8s/cfssl/etcd/${ETCD_EVENTS_MEMBER_2_HOSTNAMES}.json | \
cfssljson -bare /apps/work/k8s/cfssl/pki/etcd/etcdevents${ETCD_EVENTS_MEMBER_2_HOSTNAMES}

3.5.4 Creating ETCD EVENTS Member 3 profiles

export ETCD_EVENTS_MEMBER_3_IP=" \
\"172.172.0.6\" \
" && \
export ETCD_EVENTS_MEMBER_3_HOSTNAMES="etcd-even03\
" && \
cat << EOF | tee /apps/work/k8s/cfssl/etcd/${ETCD_EVENTS_MEMBER_3_HOSTNAMES}.json
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
${ETCD_EVENTS_MEMBER_3_IP},
"${ETCD_EVENTS_MEMBER_3_HOSTNAMES}"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "GuangDong",
"L": "GuangZhou",
"O": "niuke",
"OU": "niuke"
}
]
}
EOF

Generate ETCD EVENTS Member 3 certificates and private keys

cfssl gencert \
-ca=/apps/work/k8s/cfssl/pki/etcd/etcd-ca.pem \
-ca-key=/apps/work/k8s/cfssl/pki/etcd/etcd-ca-key.pem \
-config=/apps/work/k8s/cfssl/ca-config.json \
-profile=kubernetes \
/apps/work/k8s/cfssl/etcd/${ETCD_EVENTS_MEMBER_3_HOSTNAMES}.json | \
cfssljson -bare /apps/work/k8s/cfssl/pki/etcd/etcdevents${ETCD_EVENTS_MEMBER_3_HOSTNAMES}

3.6 Creating ETCD Client Profile

cat << EOF | tee /apps/work/k8s/cfssl/etcd/etcd_client.json
{
"CN": "client",
"hosts": [""],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "GuangDong",
"L": "GuangZhou",
"O": "niuke",
"OU": "niuke"
}
]
}
EOF

ETCD Client certificate and private key generation

cfssl gencert \
-ca=/apps/work/k8s/cfssl/pki/etcd/etcd-ca.pem \
-ca-key=/apps/work/k8s/cfssl/pki/etcd/etcd-ca-key.pem \
-config=/apps/work/k8s/cfssl/ca-config.json \
-profile=kubernetes \
/apps/work/k8s/cfssl/etcd/etcd_client.json | \
cfssljson -bare /apps/work/k8s/cfssl/pki/etcd/etcd_client

3.7 cp certificate to the distribution directory / apps / work / k8s / etcd / ssl

cp -pdr /apps/work/k8s/cfssl/pki/etcd/ /apps/work/k8s/etcd/ssl

4. Create etcd startup configuration file to write only one other example of a reference node

 cd /apps/work/k8s/etcd/conf
 vim etcd
 ETCD_OPTS="--name=etcd01 \
       --data-dir=/apps/etcd/data/default.etcd \
       --listen-peer-urls=https://172.172.0.1:2380 \
       --listen-client-urls=https://172.172.0.1:2379,https://127.0.0.1:2379 \
       --advertise-client-urls=https://172.172.0.1:2379 \
       --initial-advertise-peer-urls=https://172.172.0.1:2380 \
       --initial-cluster=etcd01=https://172.172.0.1:2380,etcd02=https://172.172.0.2:2380,etcd03=https://172.172.0.3:2380 \
       --initial-cluster-token=etcd01=https://172.172.0.1:2380,etcd02=https://172.172.0.2:2380,etcd03=https:/172.172.0.3:2380 \
       --initial-cluster-state=new \
       --heartbeat-interval=6000 \
       --election-timeout=30000 \
       --snapshot-count=5000 \
       --auto-compaction-retention=1 \
       --max-request-bytes=33554432 \
       --quota-backend-bytes=17179869184 \
       --trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem \
       --cert-file=/apps/etcd/ssl/etcd_server.pem \
       --key-file=/apps/etcd/ssl/etcd_server-key.pem \
       --peer-cert-file=/apps/etcd/ssl/etcd_member_etcd01.pem \
       --peer-key-file=/apps/etcd/ssl/etcd_member_etcd01-key.pem \
       --peer-client-cert-auth \
       --peer-trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem"

5. Create etcd.service

vim etcd.service

 [Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
LimitNOFILE=1024000
LimitNPROC=1024000
LimitCORE=infinity
LimitMEMLOCK=infinity
User=etcd
Group=etcd

EnvironmentFile=-/apps/etcd/conf/etcd
ExecStart=/apps/etcd/bin/etcd $ETCD_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target

6. ansible distribute ETCD to etcd cluster

6.1 Create a remote server etcd account host file write etcd cluster ip

ansible -i host etcd -m shell -a "useradd etcd -s /sbin/nologin -M"

6.2 distribute files to etcd cluster etcd

ansible -i host etcd -m copy -a "src=etcd/ dest=/apps/etcd"

6.3 Distribution etcd etcd.service

ansible -i host etcd -m copy -a "src=etcd.service dest=/usr/lib/systemd/system/etcd.service"

6.3 modify the remote server etcd Directory Permissions

ansible -i host etcd -m shell -a "chown -R etcd:etcd /apps/etcd"

6.4 executable permissions set etcd

ansible -i host etcd -m shell -a "chmod +x /apps/etcd/bin/*"

6.5 Distribution / apps / work / k8s / conf / etcd configure each server can be configured to different etcd-hostname and distribution

ansible -i 192.168.2.247, all -m copy -a "src=etcd/etcd-etcd01 dest=/apps/etcd/conf/etcd"

Start Cluster 6.6 etcd

ansible -i host etcd -m shell -a "systemctl daemon-reload"
ansible -i host etcd -m shell -a "systemctl start etcd"
ansible -i host etcd -m shell -a "systemctl enable etcd"

6.7 etcd check whether a successful start

ansible -i host etcd -m shell -a "systemctl status etcd"

6.8 2 etcd any cluster service checks etcd cluster success

设置环境变量使etcd 集群支持v3版本
vim /etc/profile
export ETCDCTL_API=3
export ENDPOINTS=https://172.172.0.1:2379,https://172.172.0.2:2379,https://172.172.0.3:2379
vim ~/.bashrc
alias etcdctl='/apps/etcd/bin/etcdctl --endpoints=${ENDPOINTS} --cacert=/apps/etcd/ssl/etcd-ca.pem'
etcdctl endpoint health
[root@etcd01 ~]# etcdctl endpoint health
https://172.172.0.1:2379 is healthy: successfully committed proposal: took = 1.879627ms
https://172.172.0.2:2379 is healthy: successfully committed proposal: took = 2.504475ms
https://172.172.0.3:2379 is healthy: successfully committed proposal: took = 2.389547ms
etcdctl endpoint status
[root @ etcd01 ~] # etcdctl Endpoint Status
https://172.172.0.1:2379 , 7b98f2ed4d780753, 3.3.12, 290 MB, to true, 37627, 22,396,898
https://172.172.0.2:2379 , 47fa5d2eb78a7751, 3.3.12, MB 289, false, 37627, 22,396,898
https://172.172.0.3:2379 , 76c6cd81499cf7ba, 3.3.12, 289 MB, false, 37627, 22,396,898
second cluster use the same method to check to see if normal

7. Personal etcd cluster playbook

cd /apps/work/k8s
mkdir -p roles/etcd/{defaults,files,handlers,meta,tasks,templates,vars}
host 配置
[etcd]
192.168.2.249
192.168.2.248
192.168.2.247
[events]
192.168.2.250
192.168.2.251
192.168.2.252
[etcd:vars]
initial_cluster="etcd01=https://172.172.0.1:2380,etcd02=https://172.172.0.2:2380,etcd03=https:/172.172.0.3:2380"
cert_file=etcd_server
ca=etcd-ca
ETCD_PATH=/apps
[events:vars]
initial_cluster="etcd-even01=https://172.172.0.4:2380,etcd-even02=https://172.172.0.5:2380,etcd-even03=https:/172.172.0.6:2380"
cert_file=etcd_events
ca=etcd-ca
ETCD_PATH=/apps

Directory Structure

cd /apps/work/k8s/roles/etcd

[root@jenkins etcd]# tree
.
├── defaults
├── files
│   ├── bin
│   │   ├── etcd
│   │   └── etcdctl
│   └── ssl
│   ├── etcd-ca.csr
│   ├── etcd-ca-key.pem
│   ├── etcd-ca.pem
│   ├── etcd_client.csr
│   ├── etcd_client-key.pem
│   ├── etcd_client.pem
│   ├── etcd_events_ceph-2-57.csr
│   ├── etcd_events_ceph-2-57-key.pem
│   ├── etcd_events_ceph-2-57.pem
│   ├── etcd_events_ceph-2-91.csr
│   ├── etcd_events_ceph-2-91-key.pem
│   ├── etcd_events_ceph-2-91.pem
│   ├── etcd_events_ceph-2-92.csr
│   ├── etcd_events_ceph-2-92-key.pem
│   ├── etcd_events_ceph-2-92.pem
│   ├── etcd_events.csr
│   ├── etcd_events-key.pem
│   ├── etcd_events_member01.csr
│   ├── etcd_events_member01-key.pem
│   ├── etcd_events_member01.pem
│   ├── etcd_events_member02.csr
│   ├── etcd_events_member02-key.pem
│   ├── etcd_events_member02.pem
│   ├── etcd_events_member03.csr
│   ├── etcd_events_member03-key.pem
│   ├── etcd_events_member03.pem
│   ├── etcd_events.pem
│   ├── etcd_member01.csr
│   ├── etcd_member01-key.pem
│   ├── etcd_member01.pem
│   ├── etcd_member02.csr
│   ├── etcd_member02-key.pem
│   ├── etcd_member02.pem
│   ├── etcd_member03.csr
│   ├── etcd_member03-key.pem
│   ├── etcd_member03.pem
│   ├── etcd_server.csr
│   ├── etcd_server-key.pem
│   └── etcd_server.pem
├── handlers
├── meta
├── tasks
│   └── main.yml
├── templates
│   ├── etcd
│   └── etcd.service
└── vars

Tasks / main.yml

- name: create groupadd etcd
  group: name=etcd
- name: create name etcd
  user: name=etcd shell="/sbin/nologin etcd" group=etcd
- name: mkdir {{ ETCD_PATH }}
  raw: mkdir -p {{ ETCD_PATH }}/etcd/{conf,ssl,bin} && mkdir -p {{ ETCD_PATH }}/etcd/data/default.etcd
- name: copy etcd
  copy: src=bin dest={{ ETCD_PATH }}/etcd/ owner=root group=root mode=755
- name: copy etcd ssl
  copy: src=ssl dest={{ ETCD_PATH }}/etcd/
- name: src=etcd dest={{ ETCD_PATH }}/etcd/conf
  template: src=etcd dest={{ ETCD_PATH }}/etcd/conf
- name: copy etcd.service
  template: src=etcd.service  dest=/usr/lib/systemd/system/
- name: chown -R etcd:etcd {{ ETCD_PATH }}/etcd/
  shell: chown -R etcd:etcd {{ ETCD_PATH }}/etcd/
- name: systemctl daemon-reload
  shell: systemctl daemon-reload
- name: systemctl enable etcd && systemctl start etcd
  shell: systemctl enable etcd && systemctl start etcd

templates/etcd

DESCRIPTION ansible_default_ipv4.address be modified according to the situation where the server ip address card can be used ansible setup module acquires

ETCD_OPTS="--name={{ ansible_hostname }} \
           --data-dir={{ ETCD_PATH }}/etcd/data/default.etcd \
           --listen-peer-urls=https://{{ ansible_default_ipv4.address }}:2380 \
           --listen-client-urls=https://{{ ansible_default_ipv4.address }}:2379,https://127.0.0.1:2379 \
           --advertise-client-urls=https://{{ ansible_default_ipv4.address }}:2379 \
           --initial-advertise-peer-urls=https://{{ ansible_default_ipv4.address }}:2380 \
           --initial-cluster={{ initial_cluster }} \
           --initial-cluster-token={{ initial_cluster }} \
           --initial-cluster-state=new \
           --heartbeat-interval=6000 \
           --election-timeout=30000 \
           --snapshot-count=5000 \
           --auto-compaction-retention=1 \
           --max-request-bytes=33554432 \
           --quota-backend-bytes=17179869184 \
           --trusted-ca-file={{ ETCD_PATH }}/etcd/ssl/{{ ca }}.pem \
           --cert-file={{ ETCD_PATH }}/etcd/ssl/{{ cert_file }}.pem \
           --key-file={{ ETCD_PATH }}/etcd/ssl/{{ cert_file }}-key.pem \
           --peer-cert-file={{ ETCD_PATH }}/etcd/ssl/etcd_events_{{ ansible_hostname }}.pem \
           --peer-key-file={{ ETCD_PATH }}/etcd/ssl/etcd_events_{{ ansible_hostname }}-key.pem \
           --peer-client-cert-auth \
           --peer-trusted-ca-file={{ ETCD_PATH }}/etcd/ssl/{{ ca }}.pem"

templates/etcd.service

[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
LimitNOFILE=1024000
LimitNPROC=1024000
LimitCORE=infinity
LimitMEMLOCK=infinity
User=etcd
Group=etcd

EnvironmentFile=-{{ ETCD_PATH }}/etcd/conf/etcd
ExecStart={{ ETCD_PATH }}/etcd/bin/etcd $ETCD_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target

Kubernetes production installation to deploy based on Kubernetes v1.14.0 cluster deployment of kube-apiserver

Guess you like

Origin blog.51cto.com/juestnow/2403075
Recommended
Ranking
Déploiement de consul autonome
Flutter uses the running "flutter pub get" command to freeze solution-window practice solution
Helmet wearing detection - from data processing, training data to model deployment (with data set, training code, C++ model deployment code that can use GPU)
idea 2020 common configuration
Figure bed test
To_Heart—游记——CSP-2021
【Go Actual | E-commerce Platform】(9) Display Products
Try to play Sekiro with DQN (pytorch framework)
rubygems switching mirror to solve the problem of pod to download the update download
Wireless communication technology basics
Daily
More
2024-07-02(0)
2024-07-01(0)
2024-06-30(0)
2024-06-29(0)
2024-06-28(0)
2024-06-27(0)
2024-06-26(0)
2024-06-25(0)
2024-06-24(0)
2024-06-23(0)

Code World

© 2018 codetd.com