k8s二进制部署系列04-部署etcd集群

1.1 准备安装etcd环境

chmod 644 /etc/ssl/etcd-key.pem
useradd -s /sbin/nologin -M etcd
mkdir -p /var/lib/etcd/
chown -R etcd:etcd /var/lib/etcd/

1.2 二进制安装及分发etcd

cd /server/tools/
tar xf etcd-v3.3.7-linux-amd64.tar.gz
cd etcd-v3.3.7-linux-amd64/
cp etcd etcdctl /usr/bin/

scp etcd etcdctl 192.168.10.154:/usr/bin/
scp etcd etcdctl 192.168.10.155:/usr/bin/
scp etcd etcdctl 192.168.10.156:/usr/bin/

1.3 配置etcd启动文件

1.3.1 etcd01节点

cat > /usr/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
User=etcd
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \\
  --data-dir=/var/lib/etcd \\
  --name=etcd01 \\
  --cert-file=/etc/ssl/etcd.pem \\
  --key-file=/etc/ssl/etcd-key.pem \\
  --trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-cert-file=/etc/ssl/etcd.pem \\
  --peer-key-file=/etc/ssl/etcd-key.pem \\
  --peer-trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-client-cert-auth \\
  --client-cert-auth \\
  --listen-peer-urls=https://192.168.10.154:2380 \\
  --initial-advertise-peer-urls=https://192.168.10.154:2380 \\
  --listen-client-urls=https://192.168.10.154:2379,http://127.0.0.1:2379 \\
  --advertise-client-urls=https://192.168.10.154:2379 \\
  --initial-cluster-token=etcd-cluster-0 \\
  --initial-cluster=etcd01=https://192.168.10.154:2380,etcd02=https://192.168.10.155:2380,etcd03=https://192.168.10.156:2380 \\
  --initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF
  • 说明:
  • User:指定以 k8s 账户运行
  • WorkingDirectory、–data-dir:指定工作目录和数据目录为/var/lib/etcd,需在启动服务前创建这个目录
  • –name:指定节点名称,当–initial-cluster-state 值为 new 时,–name 的参数值必须位于 –initial-cluster 列表中
  • –cert-file、–key-file:etcd server 与 client 通信时使用的证书和私钥
  • –trusted-ca-file:签名 client 证书的 CA 证书,用于验证 client 证书
  • –peer-cert-file、–peer-key-file:etcd 与 peer 通信使用的证书和私钥
  • –peer-trusted-ca-file:签名 peer 证书的 CA 证书,用于验证 peer 证书

1.3.2 etcd02节点

cat > /usr/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
User=etcd
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \\
  --data-dir=/var/lib/etcd \\
  --name=etcd02 \\
  --cert-file=/etc/ssl/etcd.pem \\
  --key-file=/etc/ssl/etcd-key.pem \\
  --trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-cert-file=/etc/ssl/etcd.pem \\
  --peer-key-file=/etc/ssl/etcd-key.pem \\
  --peer-trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-client-cert-auth \\
  --client-cert-auth \\
  --listen-peer-urls=https://192.168.10.155:2380 \\
  --initial-advertise-peer-urls=https://192.168.10.155:2380 \\
  --listen-client-urls=https://192.168.10.155:2379,http://127.0.0.1:2379 \\
  --advertise-client-urls=https://192.168.10.155:2379 \\
  --initial-cluster-token=etcd-cluster-0 \\
  --initial-cluster=etcd01=https://192.168.10.154:2380,etcd02=https://192.168.10.155:2380,etcd03=https://192.168.10.156:2380 \\
  --initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

1.3.3 etcd03节点

cat > /usr/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
User=etcd
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \\
  --data-dir=/var/lib/etcd \\
  --name=etcd03 \\
  --cert-file=/etc/ssl/etcd.pem \\
  --key-file=/etc/ssl/etcd-key.pem \\
  --trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-cert-file=/etc/ssl/etcd.pem \\
  --peer-key-file=/etc/ssl/etcd-key.pem \\
  --peer-trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-client-cert-auth \\
  --client-cert-auth \\
  --listen-peer-urls=https://192.168.10.156:2380 \\
  --initial-advertise-peer-urls=https://192.168.10.156:2380 \\
  --listen-client-urls=https://192.168.10.156:2379,http://127.0.0.1:2379 \\
  --advertise-client-urls=https://192.168.10.156:2379 \\
  --initial-cluster-token=etcd-cluster-0 \\
  --initial-cluster=etcd01=https://192.168.10.154:2380,etcd02=https://192.168.10.155:2380,etcd03=https://192.168.10.156:2380 \\
  --initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

1.4 启动etcd服务

systemctl daemon-reload
systemctl enable etcd
systemctl restart etcd
systemctl status etcd

1.5 检查集群状态

[root@etcd01 ~]# etcdctl --endpoints=https://192.168.10.154:2379,https://192.168.10.155:2379,https://192.168.10.156:2379 \
        --cert-file=/etc/ssl/etcd.pem \
        --ca-file=/etc/ssl/ca.pem \
        --key-file=/etc/ssl/etcd-key.pem \
        cluster-health

member 681e4ff9726c6fcc is healthy: got healthy result from https://192.168.10.154:2379
member 85c5f993576bf5ec is healthy: got healthy result from https://192.168.10.156:2379
member f53fe2a3dd43a313 is healthy: got healthy result from https://192.168.10.155:2379
cluster is healthy
温馨提示:本文最后更新于2022-12-20 20:57:47,已超过523天没有更新。某些文章具有时效性,若文章内容或图片资源有错误或已失效,请联系站长。谢谢!
转载请注明本文链接:https://blog.leonshadow.cn/763482/1189.html
© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享