安装etcd
cd /usr/local/src
wget http://***/etcd-v3.4.9-linux-amd64.tar.gz
tar zxf etcd-v3.4.9-linux-amd64.tar.gz
cd etcd-v3.4.9-linux-amd64
cp etcd etcdctl /opt/kubernetes/bin/
如果集群部署 将上面的四个文件放到node节点的/opt/kubernetes/bin目录下
scp etcd etcdctl node_ip:/opt/kubernetes/bin/
创建etcd 使用的证书
cat > etcd-csr.json <<EOF
{
"CN":"etcd",
"hosts":[
"127.0.0.1",
"{{ip}}",
"k8s-master"
],
"key":{
"algo":"rsa",
"size":2048
},
"names":[
{
"C":"CN",
"ST":"ShangHai",
"L":"ShangHai",
"O":"k8s",
"OU":"System"
}
]
}
EOF
cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
-ca-key=/opt/kubernetes/ssl/ca-key.pem \
-config=/opt/kubernetes/ssl/ca-config.json \
-profile=kubernetes etcd-csr.json | cfssljson -bare etcd
cp etcd*.pem /opt/kubernetes/ssl
如果集群部署 将上面的文件放到node节点的/opt/kubernetes/ssl目录下
scp etcd*.pem node_ip:/opt/kubernetes/ssl
创建etcd配置文件
mkdir -p /opt/kubernetes/cfg/
cat > /opt/kubernetes/cfg/etcd.conf << EOF
#[Member]
ETCD_NAME="etcd-1"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://0.0.0.0:2380"
ETCD_LISTEN_CLIENT_URLS="https://0.0.0.0:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://{{ip}}:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://{{ip}}:2379"
ETCD_INITIAL_CLUSTER="etcd-1=https://{{ip}}:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
EOF
ETCD_NAME:节点名称,集群中唯一 ETCD_DATA_DIR:数据目录 ETCD_LISTEN_PEER_URLS:集群通信监听地址 ETCD_LISTEN_CLIENT_URLS:客户端访问监听地址 下面是集群设置 单机部署可以选择注释以下的参数 ETCD_INITIAL_ADVERTISE_PEER_URLS:集群通告地址(这里的ip为部署机器的ip) ETCD_ADVERTISE_CLIENT_URLS:客户端通告地址(同上) ETCD_INITIAL_CLUSTER:集群节点地址(格式为:ETCD_NAME=https://{{ip}}:2380,以逗号分隔) ETCD_INITIAL_CLUSTER_TOKEN:集群Token ETCD_INITIAL_CLUSTER_STATE:加入集群的当前状态,new是新集群,existing表示加入已有集群
使用system管理etcd
cat > /usr/lib/systemd/system/etcd.service << EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=/opt/kubernetes/cfg/etcd.conf
ExecStart=/opt/kubernetes/bin/etcd \
--cert-file=/opt/kubernetes/ssl/etcd.pem \
--key-file=/opt/kubernetes/ssl/etcd-key.pem \
--peer-cert-file=/opt/kubernetes/ssl/etcd.pem \
--peer-key-file=/opt/kubernetes/ssl/etcd-key.pem \
--trusted-ca-file=/opt/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem \
--logger=zap
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
scp /opt/kubernetes/cfg/etcd.conf node_ip:/opt/kubernetes/cfg/etcd.conf
scp /etc/systemd/system/etcd.service node_ip:/etc/systemd/system/etcd.service
每个节点启动etcd
systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
systemctl status etcd
验证etcd 集群是否完整
etcdctl --endpoints=https://{{ip}}:2379 \
--cacert=/opt/kubernetes/ssl/ca.pem \
--cert=/opt/kubernetes/ssl/etcd.pem \
--key=/opt/kubernetes/ssl/etcd-key.pem endpoint health/status
etcdctl --endpoints=https://{{ip}}:2379 \
--cacert=/opt/kubernetes/ssl/ca.pem \
--cert=/opt/kubernetes/ssl/etcd.pem \
--key=/opt/kubernetes/ssl/etcd-key.pem member list