#APISIX部署本次集群IP:192.168.1.41,192.168.1.42,192.168.1.43
#下载CFSSL软件
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.3/cfssl_1.6.3_linux_amd64
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.3/cfssl-certinfo_1.6.3_linux_amd64
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.3/cfssljson_1.6.3_linux_amd64
#只需上传到第一个etcd1节点的/opt/CFSSL下
mv /opt/CFSSL/cfssl_1.6.3_linux_amd64 /usr/local/bin/cfssl
mv /opt/CFSSL/cfssl-certinfo_1.6.3_linux_amd64 /usr/local/bin/cfssl-certinfo
mv /opt/CFSSL/cfssljson_1.6.3_linux_amd64 /usr/local/bin/cfssljson
chmod u+x /usr/local/bin/cfssl
chmod u+x /usr/local/bin/cfssl-certinfo
chmod u+x /usr/local/bin/cfssljson
#三个节点全部创建目录
mkdir -p /data/etcd/{bin,ssl,data}
#在第一个节点进行配置证书后复制到其他节点即可
cd /data/etcd/ssl
cat > ca-config.json <<EOF
{
"signing": {
"default": {
"expiry": "262800h"
},
"profiles": {
"etcd": {
"expiry": "262800h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
EOF
cat > ca-csr.json << EOF
{
"CN": "Etcd CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Beijing",
"L": "Beijing",
"O": "Etcd CA",
"OU": "Etcd CA"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
cat > server-csr.json << EOF
{
"CN": "etcd-server",
"hosts": [
"localhost",
"127.0.0.1",
"192.168.1.41",
"192.168.1.42",
"192.168.1.43"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Beijing",
"L": "Beijing",
"O": "Etcd Server",
"OU": "Etcd Server"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=etcd server-csr.json | cfssljson -bare server
scp *.pem root@192.168.1.42:/data/etcd/ssl
scp *.pem root@192.168.1.43:/data/etcd/ssl
#etcd下载地址wget https://github.com/etcd-io/etcd/releases/download/v3.5.4/etcd-v3.5.4-linux-amd64.tar.gz
#上传etcd安装包至/opt下
cd /opt && tar -xvf etcd-v3.5.4-linux-amd64.tar.gz
cp /opt/etcd-v3.5.4-linux-amd64/etcd* /data/etcd/bin/
echo "export PATH=/data/etcd/bin:\$PATH" > /etc/profile.d/etcd.sh
source /etc/profile.d/etcd.sh
#配置etcd集群配置,每个节点都要更改相应的配置,黄色部分都必须配置定义
cat > /usr/lib/systemd/system/etcd.service << EOF
[Unit]
Description=Etcd Service
After=network.target
[Service]
Type=notify
ExecStart=/data/etcd/bin/etcd \
--name=etcd1 \
--cert-file=/data/etcd/ssl/server.pem \
--key-file=/data/etcd/ssl/server-key.pem \
--peer-cert-file=/data/etcd/ssl/server.pem \
--peer-key-file=/data/etcd/ssl/server-key.pem \
--trusted-ca-file=/data/etcd/ssl/ca.pem \
--peer-trusted-ca-file=/data/etcd/ssl/ca.pem \
--peer-client-cert-auth \
--client-cert-auth \
--initial-advertise-peer-urls=https://192.168.1.41:2380 \
--listen-peer-urls=https://192.168.1.41:2380 \
--listen-client-urls=https://192.168.1.41:2379,https://127.0.0.1:2379 \
--advertise-client-urls=https://192.168.1.41:2379 \
--initial-cluster-token=etcd-cluster-1 \
--initial-cluster=etcd1=https://192.168.1.41:2380,etcd2=https://192.168.1.42:2380,etcd3=https://192.168.1.43:2380 \
--initial-cluster-state=new \
--data-dir=/data/etcd/data
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
#配置命令到这里结束
systemctl start etcd
systemctl enable etcd
#查看etcd集群状态
etcdctl --endpoints=https://192.168.1.41:2379,https://192.168.1.42:2379,https://192.168.1.43:2379 \
--cacert=/data/etcd/ssl/ca.pem \
--cert=/data/etcd/ssl/server.pem \
--key=/data/etcd/ssl/server-key.pem \
endpoint health
#安装apisix
cd /opt && mkdir -p apisix
yum install -y https://repos.apiseven.com/packages/centos/apache-apisix-repo-1.0-1.noarch.rpm
yum clean all && yum makecache
yum install -y yum-utils
yumdownloader apisix-3.1.0 --resolve --destdir=./apisix
#下载完成安装包及依赖包,其他环境上传apisix目录即可上传离线包
#安装apisix
yum install ./apisix/*.rpm -y
mkdir -p /usr/local/apisix/etcd/ssl
cp /data/etcd/ssl/*.pem /usr/local/apisix/etcd/ssl/
mv /usr/local/apisix/conf/config.yaml /usr/local/apisix/conf/config.yaml.bak
#配置apisix
cat > /usr/local/apisix/conf/config.yaml << EOF
apisix:
ssl:
ssl_trusted_certificate: /usr/local/apisix/etcd/ssl/ca.pem
deployment:
role: traditional
role_traditional:
config_provider: etcd
admin:
admin_key:
- name: admin
key: edd1c9f034335f136f87ad84b625c8f2
role: admin
etcd:
host:
- "https://192.168.1.41:2379"
- "https://192.168.1.42:2379"
- "https://192.168.1.43:2379"
prefix: /apisix
timeout: 30
watch_timeout: 50
startup_retry: 2
tls:
cert: /usr/local/apisix/etcd/ssl/server.pem
key: /usr/local/apisix/etcd/ssl/server-key.pem
verify: false
EOF
systemctl start apisix
systemctl enable apisix
#安装apisix-dashboard
#下载https://raw.gitcode.com/Universal-Tool/4af5d/blobs/61c8fd208217abdf378cf088d6581cf8794d28f0/apisix-dashboard-3.0.1-0.el7.x86_64.zip
#下载后解压成apisix-dashboard-3.0.1-0.el7.x86_64.rpm
#上传到部署服务器/opt目录下
yum install -y /opt/apisix-dashboard-3.0.1-0.el7.x86_64.rpm
vim /usr/local/apisix/dashboard/conf/conf.yaml
#修改以下部分
conf:
listen:
host: 192.168.1.41
port: 80
etcd:
endpoints:
- 192.168.1.41:2379
- 192.168.1.42:2379
- 192.168.1.43:2379
#allow_list:
#- 127.0.0.1
#- ::1
mtls:
key_file: "/data/etcd/ssl/server-key.pem"
cert_file: "/data/etcd/ssl/server.pem"
ca_file: "/data/etcd/ssl/ca.pem"
users:
- username: admin
password: diablo2025
#启动
systemctl start apisix-dashboard
#apisix也提供了Prometheus接口,apisix-dashbroad外加Prometheus节点和Grafana节点实现可视化监控,可自行根据需求安装
2487

被折叠的 条评论
为什么被折叠?



