APISIX+Dashboard集群部署

#APISIX部署本次集群IP:192.168.1.41,192.168.1.42,192.168.1.43

#下载CFSSL软件

wget https://github.com/cloudflare/cfssl/releases/download/v1.6.3/cfssl_1.6.3_linux_amd64

wget https://github.com/cloudflare/cfssl/releases/download/v1.6.3/cfssl-certinfo_1.6.3_linux_amd64

wget https://github.com/cloudflare/cfssl/releases/download/v1.6.3/cfssljson_1.6.3_linux_amd64

#只需上传到第一个etcd1节点的/opt/CFSSL下

mv /opt/CFSSL/cfssl_1.6.3_linux_amd64 /usr/local/bin/cfssl

mv /opt/CFSSL/cfssl-certinfo_1.6.3_linux_amd64  /usr/local/bin/cfssl-certinfo

mv /opt/CFSSL/cfssljson_1.6.3_linux_amd64 /usr/local/bin/cfssljson

chmod u+x /usr/local/bin/cfssl

chmod u+x /usr/local/bin/cfssl-certinfo

chmod u+x /usr/local/bin/cfssljson

#三个节点全部创建目录

mkdir -p /data/etcd/{bin,ssl,data}

#在第一个节点进行配置证书后复制到其他节点即可

cd /data/etcd/ssl

cat > ca-config.json <<EOF

{

    "signing": {

        "default": {

            "expiry": "262800h"

        },

        "profiles": {

            "etcd": {

                "expiry": "262800h",

                "usages": [

                    "signing",

                    "key encipherment",

                    "server auth",

                    "client auth"

                ]

            }

        }

    }

}

EOF

cat > ca-csr.json << EOF

{

    "CN": "Etcd CA",

    "key": {

        "algo": "rsa",

        "size": 2048

    },

    "names": [

        {

            "C": "CN",

            "ST": "Beijing",

            "L": "Beijing",

            "O": "Etcd CA",

            "OU": "Etcd CA"

        }

    ]

}

EOF

cfssl gencert -initca ca-csr.json | cfssljson -bare ca

cat > server-csr.json << EOF

{

    "CN": "etcd-server",

    "hosts": [

        "localhost",

        "127.0.0.1",

        "192.168.1.41",

        "192.168.1.42",

        "192.168.1.43"

    ],

    "key": {

        "algo": "rsa",

        "size": 2048

    },

    "names": [

        {

            "C": "CN",

            "ST": "Beijing",

            "L": "Beijing",

            "O": "Etcd Server",

            "OU": "Etcd Server"

        }

    ]

}

EOF

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=etcd server-csr.json | cfssljson -bare server

scp *.pem root@192.168.1.42:/data/etcd/ssl

scp *.pem root@192.168.1.43:/data/etcd/ssl

#etcd下载地址wget https://github.com/etcd-io/etcd/releases/download/v3.5.4/etcd-v3.5.4-linux-amd64.tar.gz

#上传etcd安装包至/opt下

cd /opt && tar -xvf etcd-v3.5.4-linux-amd64.tar.gz

cp /opt/etcd-v3.5.4-linux-amd64/etcd* /data/etcd/bin/

echo "export PATH=/data/etcd/bin:\$PATH" > /etc/profile.d/etcd.sh

source /etc/profile.d/etcd.sh

#配置etcd集群配置,每个节点都要更改相应的配置,黄色部分都必须配置定义

cat > /usr/lib/systemd/system/etcd.service << EOF

[Unit]

Description=Etcd Service

After=network.target

[Service]

Type=notify

ExecStart=/data/etcd/bin/etcd \

--name=etcd1 \

--cert-file=/data/etcd/ssl/server.pem \

--key-file=/data/etcd/ssl/server-key.pem \

--peer-cert-file=/data/etcd/ssl/server.pem \

--peer-key-file=/data/etcd/ssl/server-key.pem \

--trusted-ca-file=/data/etcd/ssl/ca.pem \

--peer-trusted-ca-file=/data/etcd/ssl/ca.pem \

--peer-client-cert-auth \

--client-cert-auth \

--initial-advertise-peer-urls=https://192.168.1.41:2380 \

--listen-peer-urls=https://192.168.1.41:2380 \

--listen-client-urls=https://192.168.1.41:2379,https://127.0.0.1:2379 \

--advertise-client-urls=https://192.168.1.41:2379 \

--initial-cluster-token=etcd-cluster-1 \

--initial-cluster=etcd1=https://192.168.1.41:2380,etcd2=https://192.168.1.42:2380,etcd3=https://192.168.1.43:2380 \

--initial-cluster-state=new \

--data-dir=/data/etcd/data

Restart=on-failure

RestartSec=5

[Install]

WantedBy=multi-user.target

EOF

#配置命令到这里结束

systemctl start etcd

systemctl enable etcd

#查看etcd集群状态

etcdctl --endpoints=https://192.168.1.41:2379,https://192.168.1.42:2379,https://192.168.1.43:2379 \

  --cacert=/data/etcd/ssl/ca.pem \

  --cert=/data/etcd/ssl/server.pem \

  --key=/data/etcd/ssl/server-key.pem \

  endpoint health

#安装apisix

cd /opt && mkdir -p apisix

yum install -y https://repos.apiseven.com/packages/centos/apache-apisix-repo-1.0-1.noarch.rpm

yum clean all && yum makecache

yum install -y yum-utils

yumdownloader apisix-3.1.0 --resolve --destdir=./apisix

#下载完成安装包及依赖包,其他环境上传apisix目录即可上传离线包

#安装apisix

yum install ./apisix/*.rpm -y

mkdir -p /usr/local/apisix/etcd/ssl

cp /data/etcd/ssl/*.pem /usr/local/apisix/etcd/ssl/

mv /usr/local/apisix/conf/config.yaml /usr/local/apisix/conf/config.yaml.bak

#配置apisix

cat > /usr/local/apisix/conf/config.yaml << EOF

apisix:

  ssl:

    ssl_trusted_certificate: /usr/local/apisix/etcd/ssl/ca.pem

deployment:

  role: traditional

  role_traditional:

    config_provider: etcd

  admin:

    admin_key:

      - name: admin

        key: edd1c9f034335f136f87ad84b625c8f2

        role: admin

  etcd:

    host:                       

      - "https://192.168.1.41:2379"

      - "https://192.168.1.42:2379"

      - "https://192.168.1.43:2379"

    prefix: /apisix          

    timeout: 30

    watch_timeout: 50

    startup_retry: 2

    tls:

      cert: /usr/local/apisix/etcd/ssl/server.pem

      key: /usr/local/apisix/etcd/ssl/server-key.pem

      verify: false

EOF

systemctl start apisix

systemctl enable apisix

#安装apisix-dashboard

#下载https://raw.gitcode.com/Universal-Tool/4af5d/blobs/61c8fd208217abdf378cf088d6581cf8794d28f0/apisix-dashboard-3.0.1-0.el7.x86_64.zip

#下载后解压成apisix-dashboard-3.0.1-0.el7.x86_64.rpm

#上传到部署服务器/opt目录下

yum install -y /opt/apisix-dashboard-3.0.1-0.el7.x86_64.rpm

vim /usr/local/apisix/dashboard/conf/conf.yaml

#修改以下部分

conf:

  listen:

    host: 192.168.1.41

    port: 80  

  etcd:

    endpoints:

      - 192.168.1.41:2379

      - 192.168.1.42:2379

      - 192.168.1.43:2379

  #allow_list:

    #- 127.0.0.1

    #- ::1

    mtls:

      key_file: "/data/etcd/ssl/server-key.pem"

      cert_file: "/data/etcd/ssl/server.pem"

      ca_file: "/data/etcd/ssl/ca.pem"

  users:

    - username: admin

      password: diablo2025

#启动

systemctl start apisix-dashboard

#apisix也提供了Prometheus接口,apisix-dashbroad外加Prometheus节点和Grafana节点实现可视化监控,可自行根据需求安装

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值