ETCD增加节点与删除节点(衔接上篇文章做了安装认证)
查看现在状态
查看文件
[root@uat-master02 ssl]# pwd
/data/etcd/ssl
[root@uat-master02 ssl]# ls
ca-config.json ca-csr.json ca.pem client.json client.pem peer.csr peer.pem server-key.pem
ca.csr ca-key.pem client.csr client-key.pem etcd.json peer-key.pem server.csr server.pem
查看状态
# 命令:
etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem \ # 这是证书的位置
--endpoints="https://192.168.100.241:2379" \ # 这里只用填写一个可用节点地址即可
member list # 这是具体执行命令
[root@uat-master02 ssl]# ../bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.100.241:2379" member list
3c76e8c4b45726d7: name=etcd3 peerURLs=https://192.168.100.243:2380 clientURLs=https://192.168.100.243:2379 isLeader=false
95f01613d6ad24f5: name=etcd2 peerURLs=https://192.168.100.242:2380 clientURLs=https://192.168.100.242:2379 isLeader=true
a44b7472fb6879b5: name=etcd1 peerURLs=https://192.168.100.241:2380 clientURLs=https://192.168.100.241:2379 isLeader=false
[root@uat-master02 ssl]# ../bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.100.241:2379" cluster-health
member 3c76e8c4b45726d7 is healthy: got healthy result from https://192.168.100.243:2379
member 95f01613d6ad24f5 is healthy: got healthy result from https://192.168.100.242:2379
member a44b7472fb6879b5 is healthy: got healthy result from https://192.168.100.241:2379
cluster is healthy
重新生成server证书
因为在创建旧集群时etcd.json里面写了证书认证的hosts要添加新节点须添加进去。重新生成证书
vim etcd.json
{
"CN": "etcd",
"hosts": [
"192.168.100.241",
"192.168.100.242",
"192.168.100.243",
"192.168.100.244", # 这下面为新添加(一次把要添加的都写上)
"192.168.100.245"
],
"key": {
"algo": "ecdsa",
"size": 256
},
"names": [
{
"C": "CN",
"L": "BJ",
"ST": "BJ"
}
]
}
生成新证书
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server etcd.json | cfssljson -bare server
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer etcd.json | cfssljson -bare peer
复制证书到所有节点
scp -r /data/etcd/ssl 192.168.100.242:/data/etcd/ssl
scp -r /data/etcd/ssl 192.168.100.243:/data/etcd/ssl
scp -r /data/etcd/ssl 192.168.100.244:/data/etcd/ssl
重启现有节点etcd
systemctl restart etcd
开始添加节点
etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem \
--endpoints="https://192.168.100.241:2379" \
member add etcd4 https://192.168.100.244
Added member named etcd4 with ID e4af0c810ebe26da to cluster
ETCD_NAME="etcd4"
ETCD_INITIAL_CLUSTER="etcd1=https://192.168.100.241:2380,etcd2=https://192.168.100.242:2380,etcd3=https://192.168.100.243:2380,etcd4=https://192.168.100.244:2380"
ETCD_INITIAL_CLUSTER_STATE="existing"
修改新节点配置并启动
启动新节点, 注意新节点必须指定 --initial-cluster-state
--initial-cluster-state=existing
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
WorkingDirectory=/data/etcd/
ExecStart=/data/etcd/bin/etcd \
--name=etcd2 \
--cert-file=/data/etcd/ssl/server.pem \
--key-file=/data/etcd/ssl/server-key.pem \
--peer-cert-file=/data/etcd/ssl/peer.pem \
--peer-key-file=/data/etcd/ssl/peer-key.pem \
--trusted-ca-file=/data/etcd/ssl/ca.pem \
--peer-trusted-ca-file=/data/etcd/ssl/ca.pem \
--initial-advertise-peer-urls=https://192.168.100.244:2380 \
--listen-peer-urls=https://192.168.100.244:2380 \
--listen-client-urls=https://192.168.100.244:2379 \
--advertise-client-urls=https://192.168.100.244:2379 \
--initial-cluster-token=etcd-cluster-0 \
--initial-cluster=etcd1=https://192.168.100.241:2380,etcd2=https://192.168.100.242:2380,etcd3=https://192.168.100.243:2380,etcd4=https://192.168.100.244:2380, \
--initial-cluster-state=existing \
--data-dir=/data/etcd \
--snapshot-count=50000 \
--auto-compaction-retention=1 \
--max-request-bytes=10485760 \
--quota-backend-bytes=8589934592
Restart=always
RestartSec=15
LimitNOFILE=65536
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
启动
systemctl start etcd
systemctl enable etcd
查看
[root@uat-master02 ssl]# ../bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.100.241:2379" member list
3c76e8c4b45726d7: name=etcd3 peerURLs=https://192.168.100.243:2380 clientURLs=https://192.168.100.243:2379 isLeader=false
95f01613d6ad24f5: name=etcd2 peerURLs=https://192.168.100.242:2380 clientURLs=https://192.168.100.242:2379 isLeader=true
a44b7472fb6879b5: name=etcd1 peerURLs=https://192.168.100.241:2380 clientURLs=https://192.168.100.241:2379 isLeader=false
e4af0c810ebe26da: name=etcd4 peerURLs=https://192.168.100.244:2380 clientURLs=https://192.168.100.244:2379 isLeader=false
修改所有节点启动文件
所有节点启动文件都修改–initial-cluster
把所有节点都添加进去,以后重启服务还能直接生效
删除节点
etcdctl member remove 988139385f78284
修改kube-apiserver
每个master都须要操作
vim /etc/kubernetes/manifests/kube-apiserver.yaml
- --etcd-servers=https://192.168.100.241:2379,https://192.168.100.242:2379,https://192.168.100.243:2379,https://192.168.100.244:2379
把刚加的节点ip信息添加到上面的地址里。
查看信息
[root@uat-master01 ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-2 Healthy {"health":"true"}
etcd-3 Healthy {"health":"true"}
etcd-1 Healthy {"health":"true"}
etcd-0 Healthy {"health":"true"}
4个etcd都可用