(二)k8s之etcd集群

#(1)创建etcd证书请求

# cat etcd-csr.json
{
    "CN": "etcd",
    "hosts": [
        "127.0.0.1",
"192.168.19.128",
"192.168.19.129",
"192.168.19.130"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "Hangzhou",
            "L": "Hangzhou",
            "O": "k8s",
            "OU": "System"
        }
    ]
}

#(2)生成etcd证书和私钥

cfssl gencert -ca=ca.pem  -ca-key=ca-key.pem -config=ca-config.json  -profile=kubernetes etcd-csr.json | cfssljson -bare etcd

#(3)把etcd证书和私钥scp到etcd节点上

scp etcd*.pem master01:/opt/kubernetes/ssl
scp etcd*.pem master02:/opt/kubernetes/ssl
scp etcd*.pem node01:/opt/kubernetes/ssl 

#(4)下载etcd包, 分发到etcd集群节点上

cd /tools
wget https://github.com/coreos/etcd/releases/download/v3.3.2/etcd-v3.3.2-linux-amd64.tar.gz
tar xf etcd-v3.3.2-linux-amd64.tar.gz
cd etcd-v3.3.2-linux-amd64
scp etcd* master01:/opt/kubernetes/bin/
scp etcd* master02:/opt/kubernetes/bin/
scp etcd* node01:/opt/kubernetes/bin/

#(5)准备etcd配置文件
master01的配置文件

# cat /opt/kubernetes/cfg/etcd
#[Member]
ETCD_NAME="etcd01"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.19.128:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.19.128:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.19.128:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.19.128:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.19.128:2380,etcd02=https://192.168.19.129:2380,etcd03=https://192.168.19.130:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new

master02的配置文件

# cat /opt/kubernetes/cfg/etcd
#[Member]
ETCD_NAME="etcd02"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.19.129:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.19.129:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.19.129:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.19.129:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.19.128:2380,etcd02=https://192.168.19.129:2380,etcd03=https://192.168.19.130:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new

node01的配置文件

# cat /opt/kubernetes/cfg/etcd
#[Member]
ETCD_NAME="etcd03"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.19.130:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.19.130:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.19.130:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.19.130:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.19.128:2380,etcd02=https://192.168.19.129:2380,etcd03=https://192.168.19.130:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new

#(6)准备etcd的服务启动脚本, 三台etcd集群的启动脚本文件一致

# cat /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=-/opt/kubernetes/cfg/etcd
ExecStart=/opt/kubernetes/bin/etcd --name=${ETCD_NAME} --data-dir=${ETCD_DATA_DIR} --listen-peer-urls=${ETCD_LISTEN_PEER_URLS} --listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 --advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} --initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} --initial-cluster=${ETCD_INITIAL_CLUSTER} --initial-cluster-token=${ETCD_INITIAL_CLUSTER} --initial-cluster-state=new --cert-file=/opt/kubernetes/ssl/etcd.pem --key-file=/opt/kubernetes/ssl/etcd-key.pem --peer-cert-file=/opt/kubernetes/ssl/etcd.pem --peer-key-file=/opt/kubernetes/ssl/etcd-key.pem --trusted-ca-file=/opt/kubernetes/ssl/ca.pem --peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

#(7)开机启动和设置环境变量

systemctl enable etcd
systemctl start etcd
echo "export PATH=$PATH:/opt/kubernetes/bin" >>/etc/profile
source /etc/profile 

#(8)验证etcd集群

cd /opt/kubernetes/ssl/
etcdctl --ca-file=ca.pem --cert-file=etcd.pem --key-file=etcd-key.pem --endpoints="https://192.168.19.128:2379,https://192.168.19.129:2379,https://192.168.19.130:2379" cluster-health

原文地址:https://blog.51cto.com/1000682/2357208

时间: 2024-10-06 21:36:35

(二)k8s之etcd集群的相关文章

k8s部署etcd集群

1.k8s部署高可用etcd集群时遇到了一些麻烦,这个是自己其中一个etcd的配置文件 例如: [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target Documentation=https://github.com/coreos [Service] User=k8s Type=notify WorkingDirectory=/var/l

k8s之二进制安装etcd集群

前言 kubeadm安装的集群,默认etcd是一个单机的容器化的etcd,并且k8s和etcd通信没有经过ssl加密和认证,这点是需要改造的.所以首先我们需要先部署一个三节点的etcd集群,二进制部署,systemd守护进程,并且需要生成ca证书 ETCD集群详情 主机 IP 节点名称 etcd的名称 主机01 192.168.56.200 MM etcd1 主机02 192.168.56.201 SS01 etcd2 主机03 192.168.56.202 SS02 etcd3 master上

部署k8s ssl集群实践4:部署etcd集群

参考文档:https://github.com/opsnull/follow-me-install-kubernetes-cluster感谢作者的无私分享.集群环境已搭建成功跑起来.文章是部署过程中遇到的错误和详细操作步骤记录.如有需要对比参考,请按照顺序阅读和测试. 4.1下载和分发二进制安装包 [[email protected] kubernetes]# wget https://github.com/coreos/etcd/releases/download/v3.3.7/etcd-v3

Kubernetes(K8s)安装部署过程(三)--创建高可用etcd集群

这里的etcd集群复用我们测试的3个节点,3个node都要安装并启动,注意修改配置文件 1.TLS认证文件分发:etcd集群认证用,除了本机有,分发到其他node节点 scp ca.pem kubernetes-key.pem kubernetes.pem [email protected]10.10.90.106:/etc/kubernetes/ssl scp ca.pem kubernetes-key.pem kubernetes.pem [email protected]10.10.90.

etcd 集群部署

关于etcd的介绍,我这里就不做介绍.百度一下即可,主要还是讲一下部署. 一.环境介绍 1.1 主机环境 IP地址 主机名 角色 备注 192.168.15.131 k8s-master01 k8s-master/etcd_cluster01   192.168.15.132 k8s-master02 k8s-master/etcd_cluster01   192.168.15.133 k9s-master03 k8s-master/etcd_cluster01   提示:这样命名主要是因为部署

配置Etcd集群和TLS认证

由于后续准备在内网开发和测试环境采用二进制方式部署K8S相关组件,并考虑各组件的高可用性和安全性问题,本节介绍etcd服务的集群及tls配置. 一.安装环境介绍 二.Etcd二进制软件包下载地址:https://github.com/coreos/etcd/releases/download/v3.3.2/etcd-v3.3.2-linux-amd64.tar.gz 三.安装与配置etcd组件1.删除rpm版本的软件包.设置各自的主机名及时间 # yum -y remove etcd # hos

kubeadm配置高可用etcd集群

操作系统为ubuntu18 kubernetes版本为v1.15.1 k8s默认在控制平面节点上的kubelet管理的静态pod中运行单个成员的etcd集群,但这不是高可用的方案. etcd高可用集群至少需要三个成员组成. etcd默认端口为2379,2380,三个节点的这两个端口都要能通. 可以在kubeadm配置文件更改默认端口. 这个实验有五个服务器. 我开的腾讯云香港服务器做的实验,网速很快,ssh稳定. 百度云没测. 阿里云测试不给力. 推荐腾讯云. k8s1: master1? k8

CentOS 部署Etcd集群

一.环境介绍 操作系统信息:CentOS 7 64位 服务器信息: 192.168.80.130  Etcd-master 192.168.80.131  Etcd-node1 192.168.80.132  Etcd-node2 二.部署前准备 1.设置免密登录   [Master] [[email protected] ~]# ssh-keygen [[email protected] ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub Etcd-node1 [

Centos7下Etcd集群搭建

一.简介 "A highly-available key value store for shared configuration and service discovery." Etcd是coreos开发的分布式服务系统,内部采用raft协议作为一致性算法.作为一个高可用的配置共享.服务发现的键值存储系统,Etcd有以下的特点: 1)简单:安装配置简单,而且提供了 HTTP API 进行交互,使用也很简单 2)安全:支持 SSL 证书验证 3)快速:根据官方提供的数据,单实例支持每秒