kubernetes 基础-安装部署etcd集群

HDSS7-200上:

~]# wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O /usr/bin/cfssl
~]# wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -O /usr/bin/cfssl-json
~]# wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O /usr/bin/cfssl-certinfo
~]# chmod +x /usr/bin/cfssl*
~]# vi /opt/certs/ca-csr.json
{
    "CN": "OldboyEdu",
    "hosts": [
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "beijing",
            "L": "beijing",
            "O": "od",
            "OU": "ops"
        }
    ],
    "ca": {
        "expiry": "175200h"
    }
}
certs]# cfssl gencert -initca ca-csr.json | cfssl-json -bare ca
~]# vi /opt/certs/ca-config.json
{
    "signing": {
        "default": {
            "expiry": "175200h"
        },
        "profiles": {
            "server": {
                "expiry": "175200h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "server auth"
                ]
            },
            "client": {
                "expiry": "175200h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "client auth"
                ]
            },
            "peer": {
                "expiry": "175200h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "server auth",
                    "client auth"
                ]
            }
        }
    }
}
~]# vi etcd-peer-csr.json
{
    "CN": "k8s-etcd",
    "hosts": [
        "10.4.7.11",
        "10.4.7.12",
        "10.4.7.21",
        "10.4.7.22"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "beijing",
            "L": "beijing",
            "O": "od",
            "OU": "ops"
        }
    ]
}
certs]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer etcd-peer-csr.json |cfssl-json -bare etcd-peer
下载安装包:
~]# tar xf etcd-v3.1.20-linux-amd64.tar.gz -C /opt/
~]# ln -s /opt/etcd-v3.1.20-linux-amd64 /opt/etcd      ## 便于后期升级做软连
~]# useradd -s /sbin/nologin -M etcd           ## 添加运行etcd普通用户
~]# mkdir -p /opt/etcd/certs /data/etcd /data/logs/etcd-server     ## 创建数据目录以及日志目录
~]# vi /opt/etcd/etcd-server-startup.sh
#!/bin/sh
/opt/etcd/etcd --name etcd-server-7-12        --data-dir /data/etcd/etcd-server        --listen-peer-urls https://10.4.7.12:2380        --listen-client-urls https://10.4.7.12:2379,http://127.0.0.1:2379        --quota-backend-bytes 8000000000        --initial-advertise-peer-urls https://10.4.7.12:2380        --advertise-client-urls https://10.4.7.12:2379,http://127.0.0.1:2379        --initial-cluster  etcd-server-7-12=https://10.4.7.12:2380,etcd-server-7-21=https://10.4.7.21:2380,etcd-server-7-22=https://10.4.7.22:2380        --ca-file /opt/etcd/certs/ca.pem        --cert-file /opt/etcd/certs/etcd-peer.pem        --key-file /opt/etcd/certs/etcd-peer-key.pem        --client-cert-auth         --trusted-ca-file /opt/etcd/certs/ca.pem        --peer-ca-file /opt/etcd/certs/ca.pem        --peer-cert-file /opt/etcd/certs/etcd-peer.pem        --peer-key-file /opt/etcd/certs/etcd-peer-key.pem        --peer-client-cert-auth        --peer-trusted-ca-file /opt/etcd/certs/ca.pem        --log-output stdout

安装管理工具supervisor

~]# yum install supervisor -y
~]# systemctl start supervisord
~]# systemctl enable supervisord

配置管理工具

~]# vi /etc/supervisord.d/etcd-server.ini
[program:etcd-server-7-12]
command=/opt/etcd/etcd-server-startup.sh                        ; the program (relative uses PATH, can take args)
numprocs=1                                                      ; number of processes copies to start (def 1)
directory=/opt/etcd                                             ; directory to cwd to before exec (def no cwd)
autostart=true                                                  ; start at supervisord start (default: true)
autorestart=true                                                ; retstart at unexpected quit (default: true)
startsecs=30                                                    ; number of secs prog must stay running (def. 1)
startretries=3                                                  ; max # of serial start failures (default 3)
exitcodes=0,2                                                   ; 'expected' exit codes for process (default 0,2)
stopsignal=QUIT                                                 ; signal used to kill process (default TERM)
stopwaitsecs=10                                                 ; max num secs to wait b4 SIGKILL (default 10)
user=etcd                                                       ; setuid to this UNIX account to run the program
redirect_stderr=true                                            ; redirect proc stderr to stdout (default false)
stdout_logfile=/data/logs/etcd-server/etcd.stdout.log           ; stdout log path, NONE for none; default AUTO
stdout_logfile_maxbytes=64MB                                    ; max # logfile bytes b4 rotation (default 50MB)
stdout_logfile_backups=4                                        ; # of stdout logfile backups (default 10)
stdout_capture_maxbytes=1MB                                     ; number of bytes in 'capturemode' (default 0)
stdout_events_enabled=false                                     ; emit events on stdout writes (default false)
killasgroup=true
stopasgroup=true
supervisorctl update
etcd-server-7-12: added process group

备注:
另外两台服务器操作一样,拷贝证书,配置文件,安装管理工具并加入进去就可以了。

~]# supervisorctl status
etcd-server-7-12                 RUNNING   pid 22656, uptime 0:00:35
[[email protected] etcd]# netstat -luntp|grep etcd
tcp        0      0 10.4.7.12:2379          0.0.0.0:*               LISTEN      22657/./etcd
tcp        0      0 127.0.0.1:2379          0.0.0.0:*               LISTEN      22657/./etcd
tcp        0      0 10.4.7.12:2380          0.0.0.0:*               LISTEN      22657/./etcd 

验证集群是否正常:

etcd]# ./etcdctl member list
988139385f78284: name=etcd-server-7-22 peerURLs=https://10.4.7.22:2380 clientURLs=http://127.0.0.1:2379,https://10.4.7.22:2379 isLeader=false
5a0ef2a004fc4349: name=etcd-server-7-21 peerURLs=https://10.4.7.21:2380 clientURLs=http://127.0.0.1:2379,https://10.4.7.21:2379 isLeader=false
f4a0cb0a765574a8: name=etcd-server-7-12 peerURLs=https://10.4.7.12:2380 clientURLs=http://127.0.0.1:2379,https://10.4.7.12:2379 isLeader=true
etcd]# ./etcdctl cluster-health
member 988139385f78284 is healthy: got healthy result from http://127.0.0.1:2379
member 5a0ef2a004fc4349 is healthy: got healthy result from http://127.0.0.1:2379
member f4a0cb0a765574a8 is healthy: got healthy result from http://127.0.0.1:2379
cluster is healthy

原文地址:https://www.cnblogs.com/Mongol-J/p/11996935.html

时间: 2024-11-05 02:38:10

kubernetes 基础-安装部署etcd集群的相关文章

部署etcd集群

部署etcd集群 第一步:先拉取etcd二进制压缩包 wget https://github.com/coreos/etcd/releases/download/v3.3.2/etcd-v3.3.2-linux-amd64.tar.gz //解压压缩包 tar zxvf etcd-v3.3.2-linux-amd64.tar.gz 第二步:建立一个文件,分别存放bin文件,cfg配置文件,ssl验证文件 mkdir /opt/kubernetes/{bin,cfg,ssl} //然后将etcd,

使用docker安装部署Spark集群来训练CNN(含Python实例)

使用docker安装部署Spark集群来训练CNN(含Python实例) 本博客仅为作者记录笔记之用,不免有很多细节不对之处. 还望各位看官能够见谅,欢迎批评指正. 博客虽水,然亦博主之苦劳也. 如需转载,请附上本文链接,不甚感激! http://blog.csdn.net/cyh_24/article/details/49683221 实验室有4台神服务器,每台有8个tesla-GPU,然而平时做实验都只使用了其中的一个GPU,实在暴遣天物! 于是想用spark来把这些GPU都利用起来.听闻d

基于已有集群动态发现方式部署 Etcd 集群

etcd提供了多种部署集群的方式,在「通过静态发现方式部署etcd集群」 一文中我们介绍了如何通过静态发现方式部署集群. 不过很多时候,你只知道你要搭建一个多大(包含多少节点)的集群,但是并不能事先知道这几个节点的ip,从而无法使用--initial-cluster参数. 这个时候,你就需要使用discovery的方式来搭建etcd集群.discovery方式有两种:etcd discovery和DNS discovery. 这里我们先介绍下etcd discovery方式.这种启动方式依赖另外

基于 DNS 动态发现方式部署 Etcd 集群

使用discovery的方式来搭建etcd集群方式有两种:etcd discovery和DNS discovery.在 「基于已有集群动态发现方式部署etcd集群」一文中讲解了etcd discovery这种方式,今天我们就来讲讲DNS discovery这种方式的实现. etcd在基于DNS做服务发现时,实际上是利用DNS的SRV记录不断轮训查询实现的.DNS SRV是DNS数据库中支持的一种资源记录的类型,它记录了哪台计算机提供了哪个服务这么一个简单信息. 本文采用dnsmasq作为dns服

CentOS7.X环境下基于docker安装部署RabbitMQ集群

1.IP地址规划(将信息配置到/etc/hosts中)主机名 IP地址RabbitMQ01 192.168.8.131RabbitMQ02 192.168.8.132RabbitMQ03 192.168.8.133RabbitMQ04 192.168.8.1342.RabbitMQ集群安装(1)四个节点同时运行,下载RabbitMQ镜像[[email protected]~]# docker pull rabbitmq:3-management(2)四个节点分别运行,启动RabbitMQ容器 [

CentOS 部署Etcd集群

一.环境介绍 操作系统信息:CentOS 7 64位 服务器信息: 192.168.80.130  Etcd-master 192.168.80.131  Etcd-node1 192.168.80.132  Etcd-node2 二.部署前准备 1.设置免密登录   [Master] [[email protected] ~]# ssh-keygen [[email protected] ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub Etcd-node1 [

部署k8s ssl集群实践4:部署etcd集群

参考文档:https://github.com/opsnull/follow-me-install-kubernetes-cluster感谢作者的无私分享.集群环境已搭建成功跑起来.文章是部署过程中遇到的错误和详细操作步骤记录.如有需要对比参考,请按照顺序阅读和测试. 4.1下载和分发二进制安装包 [[email protected] kubernetes]# wget https://github.com/coreos/etcd/releases/download/v3.3.7/etcd-v3

k8s部署etcd集群

1.k8s部署高可用etcd集群时遇到了一些麻烦,这个是自己其中一个etcd的配置文件 例如: [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target Documentation=https://github.com/coreos [Service] User=k8s Type=notify WorkingDirectory=/var/l

Kubernetes master无法加入etcd 集群解决方法

背景:一台master磁盘爆了导致k8s服务故障,重启之后死活kubelet起不来,于是老哥就想把它给reset掉重新join,接着出现如下报错提示是说etcd集群健康检查未通过: error execution phase check-etcd: error syncing endpoints with etc: dial tcp 172.31.182.152:2379: connect: connection refused 解决方法: 1.在kubeadm-config删除的状态不存在的e