k8s二进制部署系列04-部署etcd集群

2018年7月16日13:06:47 发表评论 784 views

1.1 准备安装etcd环境

chmod 644 /etc/ssl/etcd-key.pem
useradd -s /sbin/nologin -M etcd
mkdir -p /var/lib/etcd/
chown -R etcd:etcd /var/lib/etcd/

1.2 二进制安装及分发etcd

cd /server/tools/
tar xf etcd-v3.3.7-linux-amd64.tar.gz
cd etcd-v3.3.7-linux-amd64/
cp etcd etcdctl /usr/bin/

scp etcd etcdctl 192.168.10.154:/usr/bin/
scp etcd etcdctl 192.168.10.155:/usr/bin/
scp etcd etcdctl 192.168.10.156:/usr/bin/

1.3 配置etcd启动文件

1.3.1 etcd01节点

cat > /usr/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
User=etcd
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \\
  --data-dir=/var/lib/etcd \\
  --name=etcd01 \\
  --cert-file=/etc/ssl/etcd.pem \\
  --key-file=/etc/ssl/etcd-key.pem \\
  --trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-cert-file=/etc/ssl/etcd.pem \\
  --peer-key-file=/etc/ssl/etcd-key.pem \\
  --peer-trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-client-cert-auth \\
  --client-cert-auth \\
  --listen-peer-urls=https://192.168.10.154:2380 \\
  --initial-advertise-peer-urls=https://192.168.10.154:2380 \\
  --listen-client-urls=https://192.168.10.154:2379,http://127.0.0.1:2379 \\
  --advertise-client-urls=https://192.168.10.154:2379 \\
  --initial-cluster-token=etcd-cluster-0 \\
  --initial-cluster=etcd01=https://192.168.10.154:2380,etcd02=https://192.168.10.155:2380,etcd03=https://192.168.10.156:2380 \\
  --initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

  • 说明:
  • User:指定以 k8s 账户运行
  • WorkingDirectory、--data-dir:指定工作目录和数据目录为/var/lib/etcd,需在启动服务前创建这个目录
  • --name:指定节点名称,当--initial-cluster-state 值为 new 时,--name 的参数值必须位于 --initial-cluster 列表中
  • --cert-file、--key-file:etcd server 与 client 通信时使用的证书和私钥
  • --trusted-ca-file:签名 client 证书的 CA 证书,用于验证 client 证书
  • --peer-cert-file、--peer-key-file:etcd 与 peer 通信使用的证书和私钥
  • --peer-trusted-ca-file:签名 peer 证书的 CA 证书,用于验证 peer 证书

1.3.2 etcd02节点

cat > /usr/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
User=etcd
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \\
  --data-dir=/var/lib/etcd \\
  --name=etcd02 \\
  --cert-file=/etc/ssl/etcd.pem \\
  --key-file=/etc/ssl/etcd-key.pem \\
  --trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-cert-file=/etc/ssl/etcd.pem \\
  --peer-key-file=/etc/ssl/etcd-key.pem \\
  --peer-trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-client-cert-auth \\
  --client-cert-auth \\
  --listen-peer-urls=https://192.168.10.155:2380 \\
  --initial-advertise-peer-urls=https://192.168.10.155:2380 \\
  --listen-client-urls=https://192.168.10.155:2379,http://127.0.0.1:2379 \\
  --advertise-client-urls=https://192.168.10.155:2379 \\
  --initial-cluster-token=etcd-cluster-0 \\
  --initial-cluster=etcd01=https://192.168.10.154:2380,etcd02=https://192.168.10.155:2380,etcd03=https://192.168.10.156:2380 \\
  --initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

1.3.3 etcd03节点

cat > /usr/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
User=etcd
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \\
  --data-dir=/var/lib/etcd \\
  --name=etcd03 \\
  --cert-file=/etc/ssl/etcd.pem \\
  --key-file=/etc/ssl/etcd-key.pem \\
  --trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-cert-file=/etc/ssl/etcd.pem \\
  --peer-key-file=/etc/ssl/etcd-key.pem \\
  --peer-trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-client-cert-auth \\
  --client-cert-auth \\
  --listen-peer-urls=https://192.168.10.156:2380 \\
  --initial-advertise-peer-urls=https://192.168.10.156:2380 \\
  --listen-client-urls=https://192.168.10.156:2379,http://127.0.0.1:2379 \\
  --advertise-client-urls=https://192.168.10.156:2379 \\
  --initial-cluster-token=etcd-cluster-0 \\
  --initial-cluster=etcd01=https://192.168.10.154:2380,etcd02=https://192.168.10.155:2380,etcd03=https://192.168.10.156:2380 \\
  --initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

1.4 启动etcd服务

systemctl daemon-reload
systemctl enable etcd
systemctl restart etcd
systemctl status etcd

1.5 检查集群状态

[root@etcd01 ~]# etcdctl --endpoints=https://192.168.10.154:2379,https://192.168.10.155:2379,https://192.168.10.156:2379 \
        --cert-file=/etc/ssl/etcd.pem \
        --ca-file=/etc/ssl/ca.pem \
        --key-file=/etc/ssl/etcd-key.pem \
        cluster-health

member 681e4ff9726c6fcc is healthy: got healthy result from https://192.168.10.154:2379
member 85c5f993576bf5ec is healthy: got healthy result from https://192.168.10.156:2379
member f53fe2a3dd43a313 is healthy: got healthy result from https://192.168.10.155:2379
cluster is healthy

weinxin
我的微信
如果有技术上的问题可以扫一扫我的微信
版权声明
1. 本网站名称:Leon的博客
2. 本站永久网址:https://blog.leonshadow.cn
3. 本网站的文章部分内容可能来源于网络,仅供大家学习与参考,如有侵权,请联系站长QQ632113590进行删除处理。
4. 本站一切资源不代表本站立场,并不代表本站赞同其观点和对其真实性负责。
5. 本站一律禁止以任何方式发布或转载任何违法的相关信息,访客发现请向站长举报
6. 本站资源大多存储在云盘,如发现链接失效,请联系我们我们会第一时间更新。
liyang