二进制安装k8s - 0.4 ETCD 单节点安装
创建目录 & 拷贝文件
[root@master ~]# mkdir -p /data/etcd/{bin,ssl}
[root@master ~]# mv /data/k8s/bin/etcd* /data/etcd/bin/
创建etcd证书请求
创建证书文件
[root@master data]# cd /data/etcd/ssl
[root@master data]# vim /data/etcd/ssl/etcd-csr.json
{
"CN": "etcd",
"hosts": [
"{{ host }}",
"127.0.0.1"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "SiChuan",
"L": "ChengDu",
"O": "k8s",
"OU": "Lswzw"
}
]
}
注:我这里的 host 为 192.168.100.59 把 {{ host }} 替换即可
生成etcd证书和私钥
/data/etcd/ssl
cfssl gencert \
-ca=/data/k8s/cert/ca.pem \
-ca-key=/data/k8s/cert/ca-key.pem \
-config=/data/k8s/cert/ca-config.json \
-profile=kubernetes etcd-csr.json | cfssljson -bare etcd
[root@master ssl]# ll
total 16
-rw-r--r-- 1 root root 1045 May 15 15:22 etcd.csr
-rw-r--r-- 1 root root 258 May 15 15:22 etcd-csr.json
-rw------- 1 root root 1675 May 15 15:22 etcd-key.pem
-rw-r--r-- 1 root root 1419 May 15 15:22 etcd.pem
配置启动文件
[root@master ~]# vim /etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
WorkingDirectory=/data/etcd/
ExecStart=/data/etcd/bin/etcd \
--name={{ NODE_NAME }} \
--cert-file=/data/etcd/ssl/etcd.pem \
--key-file=/data/etcd/ssl/etcd-key.pem \
--peer-cert-file=/data/etcd/ssl/etcd.pem \
--peer-key-file=/data/etcd/ssl/etcd-key.pem \
--trusted-ca-file=/data/k8s/cert/ca.pem \
--peer-trusted-ca-file=/data/k8s/cert/ca.pem \
--initial-advertise-peer-urls=https://{{ Host_IP }}:2380 \
--listen-peer-urls=https://{{ Host_IP }}:2380 \
--listen-client-urls=https://{{ Host_IP }}:2379,http://127.0.0.1:2379 \
--advertise-client-urls=https://{{ Host_IP }}:2379 \
--initial-cluster-token=etcd-cluster-0 \
--initial-cluster={{ ETCD_NODES }} \
--initial-cluster-state=new \
--data-dir=/data/etcd \
--snapshot-count=50000 \
--auto-compaction-retention=1 \
--max-request-bytes=10485760 \
--quota-backend-bytes=8589934592
Restart=always
RestartSec=15
LimitNOFILE=65536
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
注: {{ NODE_NAME }} 集群部署 须填写多个。 我这里只有1个可以替换为 etcd0
{{ Host_IP }} 为etcd 部署主机ip。 我这里为 192.168.100.59
{{ ETCD_NODES }} 我这里只有1个为 etcd0=https://192.168.100.59:2380
开启ETCD
systemctl daemon-reload
systemctl start etcd
systemctl enable etcd
# 检查服务状态
systemctl status etcd.service
[root@master ssl]# ss -ntl | egrep "2379|2380"
LISTEN 0 128 192.168.100.59:2379 *:*
LISTEN 0 128 127.0.0.1:2379 *:*
LISTEN 0 128 192.168.100.59:2380 *:*