etcd
安裝etcd
wget https://github.com/etcd-io/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz
tar -xvf etcd-v3.3.9-linux-amd64.tar.gz
mv etcd-v3.3.9-linux-amd64/etcd* /usr/local/bin/
創建etcd啓動文件
cat > /usr/lib/systemd/system/etcd.service << EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/local/bin/etcd \\
--name k8s-master \\
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \\
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \\
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \\
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \\
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \\
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \\
--initial-advertise-peer-urls https://172.16.20.206:2380 \\
--listen-peer-urls https://172.16.20.206:2380 \\
--listen-client-urls https://172.16.20.206:2379,http://127.0.0.1:2379 \\
--advertise-client-urls https://172.16.20.206:2379 \\
--initial-cluster-token etcd-cluster \\
--initial-cluster k8s-master=https://172.16.20.206:2380,k8s-node1=https://172.16.20.207:2380,k8s-node2=https://172.16.20.208:2380 \\
--initial-cluster-state new \\
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
#####說明
etcd 的數據目錄爲 /var/lib/etcd,需在啓動服務前創建這個目錄,否則啓動服務的時候會報錯“Failed at step CHDIR spawning /usr/bin/etcd: No such file or directory”;
--name 選項後面的名字要和當前主機名相同
--initial-advertise-peer-urls,--listen-peer-urls,--listen-client-urls,--listen-client-urls,--advertise-client-urls,必須爲本機IP
--initial-cluster 注意集羣IP和主機名的對應關係
#####說明
指定 etcd 的工作目錄爲 /var/lib/etcd,數據目錄爲 /var/lib/etcd,需在啓動服務前創建這兩個目錄;
爲了保證通信安全,需要指定 etcd 的公私鑰(cert-file和key-file)、Peers 通信的公私鑰和 CA 證書(peer-cert-file、peer-key-file、peer-trusted-ca-file)、客戶端的CA證書(trusted-ca-file);
創建 kubernetes.pem 證書時使用的 kubernetes-csr.json 文件的 hosts 字段包含所有 etcd 節點的IP,否則證書校驗會出錯;
--initial-cluster-state 值爲 new 時,--name 的參數值必須位於 --initial-cluster 列表中;
分發到各個節點
分發etcd.service , etcd.conf,/usr/local/bin/etcd* 到各個節點的對應目錄;修改etcd.conf的對應配合爲當前節點信息。
scp -r /usr/local/bin/etcd* k8s-node1:/usr/local/bin/
scp -r /usr/local/bin/etcd* k8s-node2:/usr/local/bin/
scp -r /etc/etcd k8s-node1:/etc/
scp -r /etc/etcd k8s-node2:/etc/
scp /usr/lib/systemd/system/etcd.service k8s-node1:/usr/lib/systemd/system/
scp /usr/lib/systemd/system/etcd.service k8s-node2:/usr/lib/systemd/system/
啓動etcd
所有節點執行
systemctl daemon-reload
systemctl start etcd
systemctl status etcd
systemctl enable etcd
驗證
etcdctl \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
cluster-health
member 4cc910cd64041b9f is healthy: got healthy result from https://172.16.20.206:2379
member 71e662482c67f8f0 is healthy: got healthy result from https://172.16.20.207:2379
member d3813a08e230ddef is healthy: got healthy result from https://172.16.20.208:2379
cluster is healthy
###### 清除所有數據
etcdctl del / --prefix