kubernetes v1.18.2 二進制 雙棧 etcd 部署

時間  2020-05-08
標籤 kubernetes v1.18.2 二進制 etcd 部署 简体版
原文   原文鏈接

說明:

# K8S 組件之間鏈接使用IPV6進行通訊包括etcd
# 設置feature-gates IPv6DualStack=true 全部組件
# 證書包括IPV6 IPV4 IP 集羣能夠IPV6 也能夠IPv4 進行通訊

配置環境變量文件

# 建立任意目錄
mkdir -p ipv6
cd ipv6
# 建立環境變量文件
cat << EOF | tee environment.sh
#!/bin/bash
# 設置證書環境變量
# 設置證書使用時間87600h 10年
export EXPIRY_TIME="87600h"
# 簽發證書IP
export ETCD_MEMBER_1_IP="192.168.2.175"
export ETCD_MEMBER_2_IP="192.168.2.176"
export ETCD_MEMBER_3_IP="192.168.2.177"
# 機器名
export ETCD_MEMBER_1_HOSTNAMES="k8s-master-1"
export ETCD_MEMBER_2_HOSTNAMES="k8s-master-2"
export ETCD_MEMBER_3_HOSTNAMES="k8s-master-3"
#etcd IPV6 地址
ETCD_MEMBER_1_IP6="fc00:bd4:efa8:1001:5054:ff:fe49:9888"
ETCD_MEMBER_2_IP6="fc00:bd4:efa8:1001:5054:ff:fe47:357b"
ETCD_MEMBER_3_IP6="fc00:bd4:efa8:1001:5054:ff:fec6:74fb"
# etcd 集羣通信證書
export ETCD_SERVER_HOSTNAMES="\"\${ETCD_MEMBER_1_HOSTNAMES}\",\"\${ETCD_MEMBER_2_HOSTNAMES}\",\"\${ETCD_MEMBER_3_HOSTNAMES}\""
export ETCD_SERVER_IPS="\"\${ETCD_MEMBER_1_IP}\",\"\${ETCD_MEMBER_2_IP}\",\"\${ETCD_MEMBER_3_IP}\",\"\${ETCD_MEMBER_1_IP6}\",\"\${ETCD_MEMBER_2_IP6}\",\"\${ETCD_MEMBER_3_IP6}\""
#證書所須要的配置參數
export CERT_ST="GuangDong"
export CERT_L="GuangZhou"
export CERT_O="k8s"
export CERT_OU="Qist"
export CERT_PROFILE="kubernetes"
# 設置工做目錄
export HOST_PATH=\`pwd\`
# kube-apiserver 服務器IP 若是外部訪問K8s 集羣使用VIP ip 請在下面添加vip ip
export K8S_APISERVER_VIPA="\"192.168.2.175\",\"192.168.2.176\",\"192.168.2.177\""
export K8S_APISERVER_VIP="\"fc00:bd4:efa8:1001:5054:ff:fe49:9888\",\"fc00:bd4:efa8:1001:5054:ff:fe47:357b\",\"fc00:bd4:efa8:1001:5054:ff:fec6:74fb\",\${K8S_APISERVER_VIPA}"
# kubernetes 服務 IP (通常是 SERVICE_CIDR 中第一個IP)
export CLUSTER_KUBERNETES_SVC_IP="\"8888:8000::1\",\"10.66.0.1\""
# 設置集羣參數
export CLUSTER_NAME=kubernetes
# kubectl 訪問url地址
export KUBE_API=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:5443
# K8S 外部IP 這裏高可用使用本地環回IP
export K8S_VIP_DOMAIN=::1
export K8S_SSL="\"${K8S_VIP_DOMAIN}\",\"127.0.0.1\""
# 生成 EncryptionConfig 所需的加密 key
export ENCRYPTION_KEY=\$(head -c 32 /dev/urandom | base64)
# 設置鏈接KUBE_APISERVER ip
export KUBE_APISERVER=https://[::1]:5443
# kubelet kube-proxy 鏈接集羣所用url
export KUBE_API_KUBELET=https://[::1]:6443
# 建立bootstrap配置
export TOKEN_ID=\$(head -c 16 /dev/urandom | od -An -t x | tr -dc a-f3-9|cut -c 1-6)
export TOKEN_SECRET=\$(head -c 16 /dev/urandom | md5sum | head -c 16)
export BOOTSTRAP_TOKEN=\${TOKEN_ID}.${TOKEN_SECRET}
#集羣域名
export CLUSTER_DNS_DOMAIN="cluster.local"
#集羣DNS
export CLUSTER_DNS_SVC_IP="8888:8000::2"
EOF
# 生效環境變量
source  ./environment.sh

服務器相關設置

ssh 192.168.2.175 hostnamectl set-hostname k8s-master-1  
ssh 192.168.2.176 hostnamectl set-hostname k8s-master-2  
ssh 192.168.2.177 hostnamectl set-hostname k8s-master-3  
ssh 192.168.2.185 hostnamectl set-hostname k8s-node-1    
ssh 192.168.2.187 hostnamectl set-hostname k8s-node-2

設置關閉防火牆及SELINUX

# centosx
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
systemctl stop firewalld && systemctl disable firewalld
setenforce 0
# Ubuntu
systemctl stop ufw.service
systemctl disable ufw.service

安裝及配置CFSSL 簽發證書使用

#go 環境部署
yum install go
vi ~/.bash_profile
GOBIN=/root/go/bin/
PATH=$PATH:$GOBIN:$HOME/bin
export PATH
go get  github.com/cloudflare/cfssl/cmd/cfssl
go get  github.com/cloudflare/cfssl/cmd/cfssljson

生成etcd 相關證書

# 建立etcd K8S 證書json 存放目錄
mkdir -p ${HOST_PATH}/cfssl/{k8s,etcd}
# 建立簽發證書存放目錄
mkdir -p ${HOST_PATH}/cfssl/pki/{k8s,etcd}
# CA 配置文件用於配置根證書的使用場景 (profile) 和具體參數 (usage,過時時間、服務端認證、客戶端認證、加密等),後續在簽名其它證書時須要指定特定場景。
cat << EOF | tee ${HOST_PATH}/cfssl/ca-config.json
{
  "signing": {
    "default": {
      "expiry": "${EXPIRY_TIME}"
    },
    "profiles": {
      "${CERT_PROFILE}": {
        "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ],
        "expiry": "${EXPIRY_TIME}"
      }
    }
  }
}
EOF
# 建立 ETCD CA 配置文件
cat << EOF | tee ${HOST_PATH}/cfssl/etcd/etcd-ca-csr.json
{
    "CN": "etcd",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "$CERT_ST",
            "L": "$CERT_L",
            "O": "$CERT_O",
            "OU": "$CERT_OU"
    }
  ],
    "ca": {
        "expiry": "${EXPIRY_TIME}"
    }
}
EOF
# etcd ca 證書籤發
cfssl gencert -initca ${HOST_PATH}/cfssl/etcd/etcd-ca-csr.json | \
      cfssljson -bare ${HOST_PATH}/cfssl/pki/etcd/etcd-ca
# 建立 ETCD Server 配置文件
cat << EOF | tee ${HOST_PATH}/cfssl/etcd/etcd-server.json
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
    "::1",
    ${ETCD_SERVER_IPS},
    ${ETCD_SERVER_HOSTNAMES}
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
            "C": "CN",
            "ST": "$CERT_ST",
            "L": "$CERT_L",
            "O": "$CERT_O",
            "OU": "$CERT_OU"
    }
  ]
}
EOF
# 生成 ETCD Server 證書和私鑰
cfssl gencert \
    -ca=${HOST_PATH}/cfssl/pki/etcd/etcd-ca.pem \
    -ca-key=${HOST_PATH}/cfssl/pki/etcd/etcd-ca-key.pem \
    -config=${HOST_PATH}/cfssl/ca-config.json \
    -profile=${CERT_PROFILE} \
    ${HOST_PATH}/cfssl/etcd/etcd-server.json | \
    cfssljson -bare ${HOST_PATH}/cfssl/pki/etcd/etcd-server
# 建立 ETCD Member 1 配置文件
cat << EOF | tee ${HOST_PATH}/cfssl/etcd/${ETCD_MEMBER_1_HOSTNAMES}.json
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
     "::1",
    "${ETCD_MEMBER_1_IP}",
    "${ETCD_MEMBER_1_IP6}",
    "${ETCD_MEMBER_1_HOSTNAMES}"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
            "C": "CN",
            "ST": "$CERT_ST",
            "L": "$CERT_L",
            "O": "$CERT_O",
            "OU": "$CERT_OU"
    }
  ]
}
EOF
# 生成 ETCD Member 1 證書和私鑰
cfssl gencert \
    -ca=${HOST_PATH}/cfssl/pki/etcd/etcd-ca.pem \
    -ca-key=${HOST_PATH}/cfssl/pki/etcd/etcd-ca-key.pem \
    -config=${HOST_PATH}/cfssl/ca-config.json \
    -profile=${CERT_PROFILE} \
    ${HOST_PATH}/cfssl/etcd/${ETCD_MEMBER_1_HOSTNAMES}.json | \
    cfssljson -bare ${HOST_PATH}/cfssl/pki/etcd/etcd-member-${ETCD_MEMBER_1_HOSTNAMES}
# 建立 ETCD Member 2 配置文件
cat << EOF | tee ${HOST_PATH}/cfssl/etcd/${ETCD_MEMBER_2_HOSTNAMES}.json
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
     "::1",
    "${ETCD_MEMBER_2_IP}",
    "${ETCD_MEMBER_2_IP6}",
    "${ETCD_MEMBER_2_HOSTNAMES}"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
            "C": "CN",
            "ST": "$CERT_ST",
            "L": "$CERT_L",
            "O": "$CERT_O",
            "OU": "$CERT_OU"
    }
  ]
}
EOF
# 生成 ETCD Member 2 證書和私鑰
cfssl gencert \
    -ca=${HOST_PATH}/cfssl/pki/etcd/etcd-ca.pem \
    -ca-key=${HOST_PATH}/cfssl/pki/etcd/etcd-ca-key.pem \
    -config=${HOST_PATH}/cfssl/ca-config.json \
    -profile=${CERT_PROFILE} \
    ${HOST_PATH}/cfssl/etcd/${ETCD_MEMBER_2_HOSTNAMES}.json | \
    cfssljson -bare ${HOST_PATH}/cfssl/pki/etcd/etcd-member-${ETCD_MEMBER_2_HOSTNAMES}
# 建立 ETCD Member 3 配置文件
cat << EOF | tee ${HOST_PATH}/cfssl/etcd/${ETCD_MEMBER_3_HOSTNAMES}.json
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
     "::1",
    "${ETCD_MEMBER_3_IP}",
    "${ETCD_MEMBER_3_IP6}",
    "${ETCD_MEMBER_3_HOSTNAMES}"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
            "C": "CN",
            "ST": "$CERT_ST",
            "L": "$CERT_L",
            "O": "$CERT_O",
            "OU": "$CERT_OU"
    }
  ]
}
EOF
# 生成 ETCD Member 3 證書和私鑰
cfssl gencert \
    -ca=${HOST_PATH}/cfssl/pki/etcd/etcd-ca.pem \
    -ca-key=${HOST_PATH}/cfssl/pki/etcd/etcd-ca-key.pem \
    -config=${HOST_PATH}/cfssl/ca-config.json \
    -profile=${CERT_PROFILE} \
    ${HOST_PATH}/cfssl/etcd/${ETCD_MEMBER_3_HOSTNAMES}.json | \
    cfssljson -bare ${HOST_PATH}/cfssl/pki/etcd/etcd-member-${ETCD_MEMBER_3_HOSTNAMES}
# 建立 ETCD Client 配置文件
cat << EOF | tee ${HOST_PATH}/cfssl/etcd/etcd-client.json
{
  "CN": "client",
  "hosts": [""], 
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
            "C": "CN",
            "ST": "$CERT_ST",
            "L": "$CERT_L",
            "O": "$CERT_O",
            "OU": "$CERT_OU"
    }
  ]
}
EOF
# 生成 ETCD Client 證書和私鑰
cfssl gencert \
    -ca=${HOST_PATH}/cfssl/pki/etcd/etcd-ca.pem \
    -ca-key=${HOST_PATH}/cfssl/pki/etcd/etcd-ca-key.pem \
    -config=${HOST_PATH}/cfssl/ca-config.json \
    -profile=${CERT_PROFILE} \
    ${HOST_PATH}/cfssl/etcd/etcd-client.json | \
    cfssljson -bare ${HOST_PATH}/cfssl/pki/etcd/etcd-client
# 分發生成的證書到全部須要部署etcd 節點
ssh 192.168.2.175 mkdir -p /apps/etcd/ssl
ssh 192.168.2.176 mkdir -p /apps/etcd/ssl
ssh 192.168.2.177 mkdir -p /apps/etcd/ssl
# 分發文件
scp -r ./cfssl/pki/etcd/* 192.168.2.175:/apps/etcd/ssl/
scp -r ./cfssl/pki/etcd/* 192.168.2.176:/apps/etcd/ssl/
scp -r ./cfssl/pki/etcd/* 192.168.2.177:/apps/etcd/ssl/

etcd 二進制文件準備

wget https://github.com/etcd-io/etcd/releases/download/v3.4.7/etcd-v3.4.7-linux-amd64.tar.gz
# 解壓下載好文件
tar -xvf etcd-v3.4.7-linux-amd64.tar.gz
# 建立二進制遠程存放目錄
ssh 192.168.2.175 mkdir -p /apps/etcd/bin
ssh 192.168.2.176 mkdir -p /apps/etcd/bin
ssh 192.168.2.177 mkdir -p /apps/etcd/bin
# 分發解壓好二進制文件
cd etcd-v3.4.7-linux-amd64/
scp -r etcd* 192.168.2.175:/apps/etcd/bin
scp -r etcd* 192.168.2.176:/apps/etcd/bin
scp -r etcd* 192.168.2.177:/apps/etcd/bin

etcd 配置文件準備

# 建立配置文件存放目錄
ssh 192.168.2.175 mkdir -p /apps/etcd/conf
ssh 192.168.2.176 mkdir -p /apps/etcd/conf
ssh 192.168.2.177 mkdir -p /apps/etcd/conf
# 192.168.2.175   配置
ssh 192.168.2.175 
cat << EOF | tee /apps/etcd/conf/etcd
ETCD_OPTS="--name=k8s-master-1 \\
           --data-dir=/apps/etcd/data/default.etcd \\
           --wal-dir=/apps/etcd/data/default.etcd/wal \\
           --listen-peer-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380 \\
           --listen-client-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379,https://[::1]:2379 \\
           --advertise-client-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379 \\
           --initial-advertise-peer-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380 \\
           --initial-cluster=k8s-master-1=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380,k8s-master-2=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380,k8s-master-3=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \\
           --initial-cluster-token=k8s-master-1=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380,k8s-master-2=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380,k8s-master-3=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \\
           --initial-cluster-state=new \\
           --heartbeat-interval=6000 \\
           --election-timeout=30000 \\
           --snapshot-count=5000 \\
           --auto-compaction-retention=1 \\
           --max-request-bytes=33554432 \\
           --quota-backend-bytes=17179869184 \\
           --trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem \\
           --cert-file=/apps/etcd/ssl/etcd-server.pem \\
           --key-file=/apps/etcd/ssl/etcd-server-key.pem \\
           --peer-cert-file=/apps/etcd/ssl/etcd-member-k8s-master-1.pem \\
           --peer-key-file=/apps/etcd/ssl/etcd-member-k8s-master-1-key.pem \\
           --peer-client-cert-auth \\
           --enable-v2=true \\
           --peer-trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem"
EOF
# 192.168.2.176 配置
ssh 192.168.2.176
cat << EOF | tee /apps/etcd/conf/etcd
ETCD_OPTS="--name=k8s-master-2 \\
           --data-dir=/apps/etcd/data/default.etcd \\
           --wal-dir=/apps/etcd/data/default.etcd/wal \\
           --listen-peer-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380 \\
           --listen-client-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379,https://[::1]:2379 \\
           --advertise-client-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379 \\
           --initial-advertise-peer-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380 \\
           --initial-cluster=k8s-master-1=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380,k8s-master-2=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380,k8s-master-3=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \\
           --initial-cluster-token=k8s-master-1=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380,k8s-master-2=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380,k8s-master-3=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \\
           --initial-cluster-state=new \\
           --heartbeat-interval=6000 \\
           --election-timeout=30000 \\
           --snapshot-count=5000 \\
           --auto-compaction-retention=1 \\
           --max-request-bytes=33554432 \\
           --quota-backend-bytes=17179869184 \\
           --trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem \\
           --cert-file=/apps/etcd/ssl/etcd-server.pem \\
           --key-file=/apps/etcd/ssl/etcd-server-key.pem \\
           --peer-cert-file=/apps/etcd/ssl/etcd-member-k8s-master-2.pem \\
           --peer-key-file=/apps/etcd/ssl/etcd-member-k8s-master-2-key.pem \\
           --peer-client-cert-auth \\
           --enable-v2=true \\
           --peer-trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem"
EOF
# 192.168.2.177 配置
ssh 192.168.2.177
cat << EOF | tee /apps/etcd/conf/etcd
ETCD_OPTS="--name=k8s-master-3 \\
           --data-dir=/apps/etcd/data/default.etcd \\
           --wal-dir=/apps/etcd/data/default.etcd/wal \\
           --listen-peer-urls=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \\
           --listen-client-urls=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379,https://[::1]:2379 \\
           --advertise-client-urls=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379 \\
           --initial-advertise-peer-urls=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \\
           --initial-cluster=k8s-master-1=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380,k8s-master-2=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380,k8s-master-3=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \\
           --initial-cluster-token=k8s-master-1=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380,k8s-master-2=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380,k8s-master-3=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \\
           --initial-cluster-state=new \\
           --heartbeat-interval=6000 \\
           --election-timeout=30000 \\
           --snapshot-count=5000 \\
           --auto-compaction-retention=1 \\
           --max-request-bytes=33554432 \\
           --quota-backend-bytes=17179869184 \\
           --trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem \\
           --cert-file=/apps/etcd/ssl/etcd-server.pem \\
           --key-file=/apps/etcd/ssl/etcd-server-key.pem \\
           --peer-cert-file=/apps/etcd/ssl/etcd-member-k8s-master-3.pem \\
           --peer-key-file=/apps/etcd/ssl/etcd-member-k8s-master-3-key.pem \\
           --peer-client-cert-auth \\
           --enable-v2=true \\
           --peer-trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem"
EOF

etcd 啓動文件配置

cat << EOF | tee etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/etcd-io/etcd
[Service]
Type=notify
LimitNOFILE=65535
LimitNPROC=65535
LimitCORE=infinity
LimitMEMLOCK=infinity
User=etcd
Group=etcd
WorkingDirectory=/apps/etcd/data/default.etcd
EnvironmentFile=-/apps/etcd/conf/etcd
ExecStart=/apps/etcd/bin/etcd \$ETCD_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
# 上傳啓動文件到服務器
scp etcd.service 192.168.2.175:/usr/lib/systemd/system
scp etcd.service 192.168.2.176:/usr/lib/systemd/system
scp etcd.service 192.168.2.176:/usr/lib/systemd/system

etcd 啓動準備

# 建立etcd 用戶
ssh  192.168.2.175 useradd etcd -s /sbin/nologin -M
ssh  192.168.2.176 useradd etcd -s /sbin/nologin -M
ssh  192.168.2.177 useradd etcd -s /sbin/nologin -M
# 建立etcd 存儲文件目錄
ssh  192.168.2.175 mkdir -p /apps/etcd/data/default.etcd/wal
ssh  192.168.2.176 mkdir -p /apps/etcd/data/default.etcd/wal
ssh  192.168.2.177 mkdir -p /apps/etcd/data/default.etcd/wal
# 給/apps/etcd etcd 用戶權限
ssh  192.168.2.175 chown -R etcd:etcd /apps/etcd/
ssh  192.168.2.176 chown -R etcd:etcd /apps/etcd/
ssh  192.168.2.177 chown -R etcd:etcd /apps/etcd/

etcd 啓動

# 刷新service
ssh 192.168.2.175 systemctl daemon-reload
ssh 192.168.2.176 systemctl daemon-reload
ssh 192.168.2.177 systemctl daemon-reload
# 設置開機啓動
ssh 192.168.2.175 systemctl enable etcd.service
ssh 192.168.2.176 systemctl enable etcd.service
ssh 192.168.2.177 systemctl enable etcd.service
# 啓動etcd
ssh 192.168.2.175 systemctl  start etcd.service
ssh 192.168.2.176 systemctl  start etcd.service
ssh 192.168.2.177 systemctl  start etcd.service
# 查看啓動狀態
ssh 192.168.2.175 systemctl  status etcd.service
ssh 192.168.2.176 systemctl  status etcd.service
ssh 192.168.2.177 systemctl  status etcd.service
# 驗證etcd 集羣是否正常 任意節點
vi ~/.bashrc
export ETCDCTL_API=3
export ENDPOINTS=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379,https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379,https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379
alias ctl='/apps/etcd/bin/etcdctl   --endpoints=${ENDPOINTS}   --cacert=/apps/etcd/ssl/etcd-ca.pem --cert=/apps/etcd/ssl/etcd-client.pem --key=/apps/etcd/ssl/etcd-client-key.pem'
# 保存
source  ~/.bashrc
# 驗證集羣是否正常
root@k8s-master-1 conf]# ctl  endpoint status
https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379, 6330c4573913af46, 3.4.7, 20 kB, false, false, 3, 12, 12,
https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379, f5ee2839c4378b0, 3.4.7, 20 kB, false, false, 3, 12, 12,
https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379, bba57102112461c, 3.4.7, 20 kB, true, false, 3, 12, 12,
[root@k8s-master-1 conf]# ctl  endpoint hashkv
https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379, 1084519789
https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379, 1084519789
https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379, 1084519789
[root@k8s-master-1 conf]# ctl  endpoint health
https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379 is healthy: successfully committed proposal: took = 22.905876ms
https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379 is healthy: successfully committed proposal: took = 22.900899ms
https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379 is healthy: successfully committed proposal: took = 24.118726ms
[root@k8s-master-1 conf]# ctl member list
bba57102112461c, started, k8s-master-3, https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380, https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379, false
f5ee2839c4378b0, started, k8s-master-2, https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380, https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379, false
6330c4573913af46, started, k8s-master-1, https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380, https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379, false
# etcd 集羣正常
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程