一、etcd下载地址
https://github.com/coreos/etcd/releases
二、etcd
新建kubernetes目录
mkdir -p /opt/kubernetes/{bin,cfg,ssl}
解压etcd压缩包,并复制到指定目录
cp etcd /opt/kubernetes/bin/
cp etcdctl /opt/kubernetes/bin/
把pem文件复制到ssl目录下
cp *.pem /opt/kubernetes/ssl
自签证书详见https://blog.csdn.net/a791846/article/details/113176355
三、新建etcd配置文件
cd /opt/kubernetes/cfg/
vi etcd
#[Member]
ETCD_NAME="etcd01"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.112.134:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.112.134:2379,http://127.0.0.1:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.112.134:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.112.134:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.112.134:2380,etcd02=https://192.168.112.137:2380,etcd03=https://192.168.112.138:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_ENABLE_V2="true"
vi /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=/opt/kubernetes/cfg/etcd
ExecStart=/opt/kubernetes/bin/etcd \
--cert-file=/opt/kubernetes/ssl/server.pem \
--key-file=/opt/kubernetes/ssl/server-key.pem \
--peer-cert-file=/opt/kubernetes/ssl/server.pem \
--peer-key-file=/opt/kubernetes/ssl/server-key.pem \
--trusted-ca-file=/opt/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem
--enable-v2=true
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
四、修改全局变量
vi /etc/profile
PATH=$PATH:/opt/kubernetes/bin
ETCDCTL_API=2
ETCD_ENABLE_V2=true
重新加载配置
source /etc/profile
五、启动etcd
systemctl daemon-reload
systemctl restart etcd
systemctl enable etcd
六、部署其他服务器的etcd
只要修改/opt/kubernetes/cfg/etcd配置文件
ETCD_NAME
ETCD_LISTEN_PEER_URLS
ETCD_LISTEN_CLIENT_URLS
ETCD_INITIAL_ADVERTISE_PEER_URLS
ETCD_ADVERTISE_CLIENT_URLS
七、检测etcd健康状态
cd /opt/kubernetes/ssl/
v3
/opt/kubernetes/bin/etcdctl --cacert=ca.pem --cert=server.pem --key=server-key.pem --endpoints="https://192.168.112.134:2379,https://192.168.112.137:2379,https://192.168.112.138:2379" endpoint health
v2
ETCDCTL_API=2 etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.112.134:2379,https://192.168.112.137:2379,https://192.168.112.138:2379" cluster-health
如果没通,先确认是否关掉selinux和防火墙
八、问题-etcd 3.4注意事项
- ETCD3.4版本ETCDCTL_API=3 etcdctl 和 etcd --enable-v2=false 成为了默认配置,如要使用v2版本,执行etcdctl时候需要设置ETCDCTL_API环境变量,例如:ETCDCTL_API=2 etcdctl
- ETCD3.4版本会自动读取环境变量的参数,所以EnvironmentFile文件中有的参数,不需要再次在ExecStart启动参数中添加,二选一,如同时配置,会触发以下类似报错“etcd: conflicting environment variable “ETCD_NAME” is shadowed by corresponding command-line flag (either unset environment variable or disable flag)”
- flannel操作etcd使用的是v2的API,而kubernetes操作etcd使用的v3的API