k8s二进制部署系列04-部署etcd集群|leon的博客

1.1 准备安装etcd环境

chmod 644 /etc/ssl/etcd-key.pem
useradd -s /sbin/nologin -M etcd
mkdir -p /var/lib/etcd/
chown -R etcd:etcd /var/lib/etcd/

1.2 二进制安装及分发etcd

cd /server/tools/
tar xf etcd-v3.3.7-linux-amd64.tar.gz
cd etcd-v3.3.7-linux-amd64/
cp etcd etcdctl /usr/bin/

scp etcd etcdctl 192.168.10.154:/usr/bin/
scp etcd etcdctl 192.168.10.155:/usr/bin/
scp etcd etcdctl 192.168.10.156:/usr/bin/

1.3 配置etcd启动文件

1.3.1 etcd01节点

cat > /usr/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
User=etcd
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \\
  --data-dir=/var/lib/etcd \\
  --name=etcd01 \\
  --cert-file=/etc/ssl/etcd.pem \\
  --key-file=/etc/ssl/etcd-key.pem \\
  --trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-cert-file=/etc/ssl/etcd.pem \\
  --peer-key-file=/etc/ssl/etcd-key.pem \\
  --peer-trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-client-cert-auth \\
  --client-cert-auth \\
  --listen-peer-urls=https://192.168.10.154:2380 \\
  --initial-advertise-peer-urls=https://192.168.10.154:2380 \\
  --listen-client-urls=https://192.168.10.154:2379,http://127.0.0.1:2379 \\
  --advertise-client-urls=https://192.168.10.154:2379 \\
  --initial-cluster-token=etcd-cluster-0 \\
  --initial-cluster=etcd01=https://192.168.10.154:2380,etcd02=https://192.168.10.155:2380,etcd03=https://192.168.10.156:2380 \\
  --initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

说明：
User：指定以 k8s 账户运行
WorkingDirectory、–data-dir：指定工作目录和数据目录为/var/lib/etcd，需在启动服务前创建这个目录
–name：指定节点名称，当–initial-cluster-state 值为 new 时，–name 的参数值必须位于 –initial-cluster 列表中
–cert-file、–key-file：etcd server 与 client 通信时使用的证书和私钥
–trusted-ca-file：签名 client 证书的 CA 证书，用于验证 client 证书
–peer-cert-file、–peer-key-file：etcd 与 peer 通信使用的证书和私钥
–peer-trusted-ca-file：签名 peer 证书的 CA 证书，用于验证 peer 证书

1.3.2 etcd02节点

cat > /usr/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
User=etcd
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \\
  --data-dir=/var/lib/etcd \\
  --name=etcd02 \\
  --cert-file=/etc/ssl/etcd.pem \\
  --key-file=/etc/ssl/etcd-key.pem \\
  --trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-cert-file=/etc/ssl/etcd.pem \\
  --peer-key-file=/etc/ssl/etcd-key.pem \\
  --peer-trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-client-cert-auth \\
  --client-cert-auth \\
  --listen-peer-urls=https://192.168.10.155:2380 \\
  --initial-advertise-peer-urls=https://192.168.10.155:2380 \\
  --listen-client-urls=https://192.168.10.155:2379,http://127.0.0.1:2379 \\
  --advertise-client-urls=https://192.168.10.155:2379 \\
  --initial-cluster-token=etcd-cluster-0 \\
  --initial-cluster=etcd01=https://192.168.10.154:2380,etcd02=https://192.168.10.155:2380,etcd03=https://192.168.10.156:2380 \\
  --initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

1.3.3 etcd03节点

cat > /usr/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
User=etcd
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \\
  --data-dir=/var/lib/etcd \\
  --name=etcd03 \\
  --cert-file=/etc/ssl/etcd.pem \\
  --key-file=/etc/ssl/etcd-key.pem \\
  --trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-cert-file=/etc/ssl/etcd.pem \\
  --peer-key-file=/etc/ssl/etcd-key.pem \\
  --peer-trusted-ca-file=/etc/ssl/ca.pem \\
  --peer-client-cert-auth \\
  --client-cert-auth \\
  --listen-peer-urls=https://192.168.10.156:2380 \\
  --initial-advertise-peer-urls=https://192.168.10.156:2380 \\
  --listen-client-urls=https://192.168.10.156:2379,http://127.0.0.1:2379 \\
  --advertise-client-urls=https://192.168.10.156:2379 \\
  --initial-cluster-token=etcd-cluster-0 \\
  --initial-cluster=etcd01=https://192.168.10.154:2380,etcd02=https://192.168.10.155:2380,etcd03=https://192.168.10.156:2380 \\
  --initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

1.4 启动etcd服务

systemctl daemon-reload
systemctl enable etcd
systemctl restart etcd
systemctl status etcd

1.5 检查集群状态

[root@etcd01 ~]# etcdctl --endpoints=https://192.168.10.154:2379,https://192.168.10.155:2379,https://192.168.10.156:2379 \
        --cert-file=/etc/ssl/etcd.pem \
        --ca-file=/etc/ssl/ca.pem \
        --key-file=/etc/ssl/etcd-key.pem \
        cluster-health

member 681e4ff9726c6fcc is healthy: got healthy result from https://192.168.10.154:2379
member 85c5f993576bf5ec is healthy: got healthy result from https://192.168.10.156:2379
member f53fe2a3dd43a313 is healthy: got healthy result from https://192.168.10.155:2379
cluster is healthy

温馨提示：本文最后更新于2022-12-20 20:57:47，已超过487天没有更新。某些文章具有时效性，若文章内容或图片资源有错误或已失效，请联系站长。谢谢！
转载请注明本文链接：https://blog.leonshadow.cn/763482/1189.html

1. 本网站名称：Leon的博客
2. 本站永久网址：https://blog.leonshadow.cn
3. 本网站的文章部分内容可能来源于网络，仅供大家学习与参考，如有侵权，请联系站长QQ632113590进行删除处理。
4. 本站一切资源不代表本站立场，并不代表本站赞同其观点和对其真实性负责。
5. 本站一律禁止以任何方式发布或转载任何违法的相关信息，访客发现请向站长举报
6. 本站资源大多存储在云盘，如发现链接失效，请联系我们我们会第一时间更新。

THE END