#[Member]
#ETCD_CORS=""
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_WAL_DIR=""
ETCD_LISTEN_PEER_URLS="https://192.168.10.202:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.10.202:2379,http://127.0.0.1:2379"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
ETCD_NAME="k8s11"
#ETCD_SNAPSHOT_COUNT="100000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
#ETCD_QUOTA_BACKEND_BYTES="0"
#ETCD_MAX_REQUEST_BYTES="1572864"
#ETCD_GRPC_KEEPALIVE_MIN_TIME="5s"
#ETCD_GRPC_KEEPALIVE_INTERVAL="2h0m0s"
#ETCD_GRPC_KEEPALIVE_TIMEOUT="20s"
#
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.10.202:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.10.202:2379"
#ETCD_DISCOVERY=""
#ETCD_DISCOVERY_FALLBACK="proxy"
#ETCD_DISCOVERY_PROXY=""
#ETCD_DISCOVERY_SRV=""
ETCD_INITIAL_CLUSTER="k8s11=https://192.168.10.202:2380,k8s12=https://192.168.10.203:2380,k8s13=https://192.168.10.204:2380,"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
#ETCD_STRICT_RECONFIG_CHECK="true"
#ETCD_ENABLE_V2="true"
#
#[Proxy]
#ETCD_PROXY="off"
#ETCD_PROXY_FAILURE_WAIT="5000"
#ETCD_PROXY_REFRESH_INTERVAL="30000"
#ETCD_PROXY_DIAL_TIMEOUT="1000"
#ETCD_PROXY_WRITE_TIMEOUT="5000"
#ETCD_PROXY_READ_TIMEOUT="0"
#
#[Security]
ETCD_CERT_FILE="/etc/etcd/ssl/etcd.pem"
ETCD_KEY_FILE="/etc/etcd/ssl/etcd-key.pem"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_TRUSTED_CA_FILE="/etc/etcd/ssl/etcd-root-ca.pem"
ETCD_AUTO_TLS="true"
ETCD_PEER_CERT_FILE="/etc/etcd/ssl/etcd.pem"
ETCD_PEER_KEY_FILE="/etc/etcd/ssl/etcd-key.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_TRUSTED_CA_FILE="/etc/etcd/ssl/etcd-root-ca.pem"
ETCD_PEER_AUTO_TLS="true"
#
#[Logging]
#ETCD_DEBUG="false"
#ETCD_LOG_PACKAGE_LEVELS=""
#ETCD_LOG_OUTPUT="default"
#
#[Unsafe]
#ETCD_FORCE_NEW_CLUSTER="false"
#
#[Version]
#ETCD_VERSION="false"
#ETCD_AUTO_COMPACTION_RETENTION="0"
#
#[Profiling]
#ETCD_ENABLE_PPROF="false"
#ETCD_METRICS="basic"
#
#[Auth]
#ETCD_AUTH_TOKEN="simple"

etcdctl   --endpoints=https://192.168.10.202:2379,https://192.168.10.203:2379,https://192.168.10.204:2379   --ca-file=/etc/etcd/ssl/ca.pem   --cert-file=/etc/etcd/ssl/etcd.pem   --key-file=/etc/etcd/ssl/etcd-key.pem   cluster-health

#! Configuration File for keepalived
 
global_defs {
   notification_email {
      bbotte@163.com
   }
   router_id LVS_k8s
}
 
vrrp_script CheckK8sMaster {
    script "curl -k https://192.168.10.207:6443"  #VIP
    interval 3
    timeout 9
    fall 2
    rise 2
}
 
vrrp_instance VI_1 {
    state MASTER            #MASTER/SLAVE
    interface eth0      
    virtual_router_id 51
    priority 100           
    advert_int 1
    # local host ip
    mcast_src_ip 192.168.10.202
    authentication {
        auth_type PASS
        auth_pass bbotte_k8s
    }
    unicast_peer {
        192.168.10.203
        192.168.10.204
    }
    virtual_ipaddress {
        192.168.10.207/24
    }
    track_script {
        CheckK8sMaster    
    }
}
#! Configuration File for keepalived
 
global_defs {
   notification_email {
      bbotte@163.com
   }
   router_id LVS_k8s
}
 
vrrp_script CheckK8sMaster {
    script "curl -k https://192.168.10.207:6443"  #VIP
    interval 3
    timeout 9
    fall 2
    rise 2
}
 
vrrp_instance VI_1 {
    state BACKUP            #MASTER/SLAVE
    interface eth0      
    virtual_router_id 51
    priority 99           
    advert_int 1
    # local host ip
    mcast_src_ip 192.168.10.203
    authentication {
        auth_type PASS
        auth_pass bbotte_k8s
    }
    unicast_peer {
        192.168.10.202
        192.168.10.204
    }
    virtual_ipaddress {
        192.168.10.207/24
    }
    track_script {
        CheckK8sMaster    
    }
}

 

[root@k8s11 ~]# cat /etc/kubernetes/config.yaml 
apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
etcd:
  endpoints:
  - https://192.168.10.202:2379    
  - https://192.168.10.203:2379
  - https://192.168.10.204:2379
  caFile: /etc/etcd/ssl/ca.pem  
  certFile: /etc/etcd/ssl/etcd.pem 
  keyFile: /etc/etcd/ssl/etcd-key.pem
  dataDir: /var/lib/etcd
networking:
  podSubnet: 10.244.0.0/16
kubernetesVersion: 1.9.4
api:
  advertiseAddress: "192.168.10.207"  
token: "4bdbca.6e3531d0ec698d96"
tokenTTL: "0s"
apiServerCertSANs:
- k8s1
- k8s2
- k8s3
- 192.168.10.202
- 192.168.10.203
- 192.168.10.204
- 192.168.10.207
featureGates:
  CoreDNS: true

 

Logo
K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 |  韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号​前言台湾作家林清玄在接受记者采访的时候,如此评价自己 30 多年写作生涯:“第一个十年我才华横溢,‘贼光闪现’,令周边黯然失色;第二个十年,我终于‘宝光现形’,不再去抢风头,反而与身边的美丽相得益彰;进入第三个十年,繁华落尽见真醇,我进入了‘醇光初现’的阶段,真正体味到了境界之美”。​长夜有穷,真水无香。领略过了 K8s“身在江

avatar K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台?

作者 | 孙健波(天元)导读:当前云原生 DevOps 体系现状如何?面临哪些挑战?如何通过 OAM 解决云原生 DevOps 场景下的诸多问题?云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答,并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps?为什么基于 Kub

avatar K8S/Kubernetes

k8s 火了!

2020,上云之年,产品云端化成为一种趋势。在一线城市,很多公司都已经构建了自己的私有云环境,比如阿里云、网易云、华为云等。而Kubernetes 作为基于容器编排领域的王者,具备扩展...

avatar K8S/Kubernetes