k8s二進制安裝之etcd

etcd

安裝etcd

wget https://github.com/etcd-io/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz
tar -xvf etcd-v3.3.9-linux-amd64.tar.gz
mv etcd-v3.3.9-linux-amd64/etcd* /usr/local/bin/

創建etcd啓動文件

cat > /usr/lib/systemd/system/etcd.service << EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/local/bin/etcd \\
  --name k8s-master \\
  --cert-file=/etc/kubernetes/ssl/kubernetes.pem \\
  --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \\
  --peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \\
  --peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \\
  --trusted-ca-file=/etc/kubernetes/ssl/ca.pem \\
  --peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \\
  --initial-advertise-peer-urls https://172.16.20.206:2380 \\
  --listen-peer-urls https://172.16.20.206:2380 \\
  --listen-client-urls https://172.16.20.206:2379,http://127.0.0.1:2379 \\
  --advertise-client-urls https://172.16.20.206:2379 \\
  --initial-cluster-token etcd-cluster \\
  --initial-cluster k8s-master=https://172.16.20.206:2380,k8s-node1=https://172.16.20.207:2380,k8s-node2=https://172.16.20.208:2380 \\
  --initial-cluster-state new \\
  --data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536                                                                                                                               
[Install]                                                                                                                                       
WantedBy=multi-user.target
EOF

#####說明
etcd 的數據目錄爲 /var/lib/etcd，需在啓動服務前創建這個目錄，否則啓動服務的時候會報錯“Failed at step CHDIR spawning /usr/bin/etcd: No such file or directory”；
--name 選項後面的名字要和當前主機名相同
--initial-advertise-peer-urls，--listen-peer-urls，--listen-client-urls，--listen-client-urls，--advertise-client-urls，必須爲本機IP
--initial-cluster 注意集羣IP和主機名的對應關係
#####說明
指定 etcd 的工作目錄爲 /var/lib/etcd，數據目錄爲 /var/lib/etcd，需在啓動服務前創建這兩個目錄；
爲了保證通信安全，需要指定 etcd 的公私鑰(cert-file和key-file)、Peers 通信的公私鑰和 CA 證書(peer-cert-file、peer-key-file、peer-trusted-ca-file)、客戶端的CA證書（trusted-ca-file）；
創建 kubernetes.pem 證書時使用的 kubernetes-csr.json 文件的 hosts 字段包含所有 etcd 節點的IP，否則證書校驗會出錯；
--initial-cluster-state 值爲 new 時，--name 的參數值必須位於 --initial-cluster 列表中；

分發到各個節點

分發etcd.service , etcd.conf，/usr/local/bin/etcd* 到各個節點的對應目錄；修改etcd.conf的對應配合爲當前節點信息。

scp -r /usr/local/bin/etcd* k8s-node1:/usr/local/bin/
scp -r /usr/local/bin/etcd* k8s-node2:/usr/local/bin/
scp -r /etc/etcd k8s-node1:/etc/
scp -r /etc/etcd k8s-node2:/etc/
scp /usr/lib/systemd/system/etcd.service k8s-node1:/usr/lib/systemd/system/
scp /usr/lib/systemd/system/etcd.service k8s-node2:/usr/lib/systemd/system/

啓動etcd

所有節點執行

systemctl daemon-reload
systemctl start etcd
systemctl status etcd
systemctl enable etcd

驗證

etcdctl \
  --ca-file=/etc/kubernetes/ssl/ca.pem \
  --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  cluster-health

member 4cc910cd64041b9f is healthy: got healthy result from https://172.16.20.206:2379
member 71e662482c67f8f0 is healthy: got healthy result from https://172.16.20.207:2379
member d3813a08e230ddef is healthy: got healthy result from https://172.16.20.208:2379
cluster is healthy

######  清除所有數據

etcdctl del / --prefix