kubernetes（三）二進制安裝-etcd安裝

時間 2020-03-30

標籤 kubernetes 二進制安裝 etcd 简体版

原文原文鏈接

部署 etcd（在master節點上執行）

下載安裝etcdlinux

cd /opt/k8s/work
wget https://github.com/etcd-io/etcd/releases/download/v3.3.18/etcd-v3.3.18-linux-amd64.tar.gz
tar -xvf etcd-v3.3.18-linux-amd64.tar.gz

安裝etcdgit

cd /opt/k8s/work

cp etcd-v3.3.18-linux-amd64/etcd* /opt/k8s/bin/
chmod +x /opt/k8s/bin/*

建立 etcd 證書和私鑰github

建立證書籤名請求文件json

cd /opt/k8s/work
cat > etcd-csr.json <<EOF
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
    "192.168.0.107"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "NanJing",
      "L": "NanJing",
      "O": "k8s",
      "OU": "system"
    }
  ]
}
EOF

指定受權使用該證書的 etcd 節點 IP 列表

生成證書和私鑰url

cd /opt/k8s/work
cfssl gencert -ca=/opt/k8s/work/ca.pem \
    -ca-key=/opt/k8s/work/ca-key.pem \
    -config=/opt/k8s/work/ca-config.json \
    -profile=kubernetes etcd-csr.json | cfssljson -bare etcd
ls etcd*pem

安裝證書日誌

cd /opt/k8s/work
cp etcd*.pem /etc/etcd/cert/

建立etcd啓動文件code

cat> /etc/systemd/system/etcd.service<< EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
Type=notify
WorkingDirectory=/data/k8s/etcd/data
ExecStart=/opt/k8s/bin/etcd \\
  --data-dir=/etc/etcd/cfg/etcd \\
  --name=etcd-chengf \\
  --cert-file=/etc/etcd/cert/etcd.pem \\
  --key-file=/etc/etcd/cert/etcd-key.pem \\
  --trusted-ca-file=/etc/kubernetes/cert/ca.pem \\
  --peer-cert-file=/etc/etcd/cert/etcd.pem \\
  --peer-key-file=/etc/etcd/cert/etcd-key.pem \\
  --peer-trusted-ca-file=/etc/kubernetes/cert/ca.pem \\
  --peer-client-cert-auth \\
  --client-cert-auth \\
  --listen-peer-urls=https://192.168.0.107:2380 \\
  --initial-advertise-peer-urls=https://192.168.0.107:2380 \\
  --listen-client-urls=https://192.168.0.107:2379,http://127.0.0.1:2379 \\
  --advertise-client-urls=https://192.168.0.107:2379 \\
  --initial-cluster-token=etcd-cluster-0\\
  --initial-cluster=etcd-chengf=https://192.168.0.107:2380 \\
  --initial-cluster-state=new \\
  --auto-compaction-mode=periodic \\
  --auto-compaction-retention=1 \\
  --max-request-bytes=33554432 \\
  --quota-backend-bytes=6442450944 \\
  --heartbeat-interval=250 \\
  --election-timeout=2000
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

WorkingDirectory、--data-dir：指定工做目錄和數據目錄，需在啓動服務前建立這個目錄；
--name：指定節點名稱，當 --initial-cluster-state 值爲 new 時，--name 的參數值必須位於 --initial-cluster 列表中；
--cert-file、--key-file：etcd server 與 client 通訊時使用的證書和私鑰；
--trusted-ca-file：簽名 client 證書的 CA 證書，用於驗證 client 證書；
--peer-cert-file、--peer-key-file：etcd 與 peer 通訊使用的證書和私鑰；
--peer-trusted-ca-file：簽名 peer 證書的 CA 證書，用於驗證 peer 證書；

建立etcd數據目錄server
```
mkdir -p /data/k8s/etcd/data
```

啓動 etcd 服務token

systemctl enable etcd && systemctl start etcd

檢查啓動結果ip
```
systemctl status etcd|grep Active
```
- 確保狀態爲 active (running)，不然查看日誌，確認緣由
- 若是出現異常，經過以下命令查看
```
journalctl -u etcd
```

驗證服務狀態

export ETCD_ENDPOINTS=https://192.168.0.107:2379

etcdctl \
--endpoints=${ETCD_ENDPOINTS} \
--ca-file=/etc/kubernetes/cert/ca.pem \
--cert-file=/etc/etcd/cert/etcd.pem \
--key-file=/etc/etcd/cert/etcd-key.pem cluster-health

etcdctl \
--endpoints=${ETCD_ENDPOINTS} \
--ca-file=/etc/kubernetes/cert/ca.pem \
--cert-file=/etc/etcd/cert/etcd.pem \
--key-file=/etc/etcd/cert/etcd-key.pem member list

輸出結果

root@master:/opt/k8s/work# etcdctl     --endpoints=${ETCD_ENDPOINTS}     --ca-file=/etc/kubernetes/cert/ca.pem     --cert-file=/etc/etcd/cert/etcd.pem     --key-file=/etc/etcd/cert/etcd-key.pem cluster-health

member c0d3b56a9878e38f is healthy: got healthy result from https://192.168.0.107:2379 cluster is healthy root@master:/opt/k8s/work# etcdctl --endpoints=${ETCD_ENDPOINTS} --ca-file=/etc/kubernetes/cert/ca.pem --cert-file=/etc/etcd/cert/etcd.pem --key-file=/etc/etcd/cert/etcd-key.pemmember list c0d3b56a9878e38f: name=etcd-chengf peerURLs=https://192.168.0.107:2380 clientURLs=https://192.168.0.107:2379 isLeader=true ```

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。