二進制安裝k8s - 0.4 ETCD 單節點安裝
創建目錄 & 拷貝文件
[root@master ~]# mkdir -p /data/etcd/{bin,ssl}
[root@master ~]# mv /data/k8s/bin/etcd* /data/etcd/bin/
創建etcd證書請求
創建證書文件
[root@master data]# cd /data/etcd/ssl
[root@master data]# vim /data/etcd/ssl/etcd-csr.json
{
"CN": "etcd",
"hosts": [
"{{ host }}",
"127.0.0.1"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "SiChuan",
"L": "ChengDu",
"O": "k8s",
"OU": "Lswzw"
}
]
}
注:我這裏的 host 爲 192.168.100.59 把 {{ host }} 替換即可
生成etcd證書和私鑰
/data/etcd/ssl
cfssl gencert \
-ca=/data/k8s/cert/ca.pem \
-ca-key=/data/k8s/cert/ca-key.pem \
-config=/data/k8s/cert/ca-config.json \
-profile=kubernetes etcd-csr.json | cfssljson -bare etcd
[root@master ssl]# ll
total 16
-rw-r--r-- 1 root root 1045 May 15 15:22 etcd.csr
-rw-r--r-- 1 root root 258 May 15 15:22 etcd-csr.json
-rw------- 1 root root 1675 May 15 15:22 etcd-key.pem
-rw-r--r-- 1 root root 1419 May 15 15:22 etcd.pem
配置啓動文件
[root@master ~]# vim /etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
WorkingDirectory=/data/etcd/
ExecStart=/data/etcd/bin/etcd \
--name={{ NODE_NAME }} \
--cert-file=/data/etcd/ssl/etcd.pem \
--key-file=/data/etcd/ssl/etcd-key.pem \
--peer-cert-file=/data/etcd/ssl/etcd.pem \
--peer-key-file=/data/etcd/ssl/etcd-key.pem \
--trusted-ca-file=/data/k8s/cert/ca.pem \
--peer-trusted-ca-file=/data/k8s/cert/ca.pem \
--initial-advertise-peer-urls=https://{{ Host_IP }}:2380 \
--listen-peer-urls=https://{{ Host_IP }}:2380 \
--listen-client-urls=https://{{ Host_IP }}:2379,http://127.0.0.1:2379 \
--advertise-client-urls=https://{{ Host_IP }}:2379 \
--initial-cluster-token=etcd-cluster-0 \
--initial-cluster={{ ETCD_NODES }} \
--initial-cluster-state=new \
--data-dir=/data/etcd \
--snapshot-count=50000 \
--auto-compaction-retention=1 \
--max-request-bytes=10485760 \
--quota-backend-bytes=8589934592
Restart=always
RestartSec=15
LimitNOFILE=65536
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
注: {{ NODE_NAME }} 集羣部署 須填寫多個。 我這裏只有1個可以替換爲 etcd0
{{ Host_IP }} 爲etcd 部署主機ip。 我這裏爲 192.168.100.59
{{ ETCD_NODES }} 我這裏只有1個爲 etcd0=https://192.168.100.59:2380
開啓ETCD
systemctl daemon-reload
systemctl start etcd
systemctl enable etcd
# 檢查服務狀態
systemctl status etcd.service
[root@master ssl]# ss -ntl | egrep "2379|2380"
LISTEN 0 128 192.168.100.59:2379 *:*
LISTEN 0 128 127.0.0.1:2379 *:*
LISTEN 0 128 192.168.100.59:2380 *:*