#(1)创建etcd证书请求
# cat etcd-csr.json
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
"192.168.19.128",
"192.168.19.129",
"192.168.19.130"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Hangzhou",
"L": "Hangzhou",
"O": "k8s",
"OU": "System"
}
]
}#(2)生成etcd证书和私钥
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes etcd-csr.json | cfssljson -bare etcd#(3)把etcd证书和私钥scp到etcd节点上
scp etcd*.pem master01:/opt/kubernetes/ssl
scp etcd*.pem master02:/opt/kubernetes/ssl
scp etcd*.pem node01:/opt/kubernetes/ssl #(4)下载etcd包, 分发到etcd集群节点上
cd /tools
wget https://github.com/coreos/etcd/releases/download/v3.3.2/etcd-v3.3.2-linux-amd64.tar.gz
tar xf etcd-v3.3.2-linux-amd64.tar.gz
cd etcd-v3.3.2-linux-amd64
scp etcd* master01:/opt/kubernetes/bin/
scp etcd* master02:/opt/kubernetes/bin/
scp etcd* node01:/opt/kubernetes/bin/#(5)准备etcd配置文件
master01的配置文件
# cat /opt/kubernetes/cfg/etcd
#[Member]
ETCD_NAME="etcd01"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.19.128:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.19.128:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.19.128:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.19.128:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.19.128:2380,etcd02=https://192.168.19.129:2380,etcd03=https://192.168.19.130:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="newmaster02的配置文件
# cat /opt/kubernetes/cfg/etcd
#[Member]
ETCD_NAME="etcd02"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.19.129:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.19.129:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.19.129:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.19.129:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.19.128:2380,etcd02=https://192.168.19.129:2380,etcd03=https://192.168.19.130:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="newnode01的配置文件
# cat /opt/kubernetes/cfg/etcd
#[Member]
ETCD_NAME="etcd03"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.19.130:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.19.130:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.19.130:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.19.130:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.19.128:2380,etcd02=https://192.168.19.129:2380,etcd03=https://192.168.19.130:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new#(6)准备etcd的服务启动脚本, 三台etcd集群的启动脚本文件一致
# cat /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=-/opt/kubernetes/cfg/etcd
ExecStart=/opt/kubernetes/bin/etcd --name=${ETCD_NAME} --data-dir=${ETCD_DATA_DIR} --listen-peer-urls=${ETCD_LISTEN_PEER_URLS} --listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 --advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} --initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} --initial-cluster=${ETCD_INITIAL_CLUSTER} --initial-cluster-token=${ETCD_INITIAL_CLUSTER} --initial-cluster-state=new --cert-file=/opt/kubernetes/ssl/etcd.pem --key-file=/opt/kubernetes/ssl/etcd-key.pem --peer-cert-file=/opt/kubernetes/ssl/etcd.pem --peer-key-file=/opt/kubernetes/ssl/etcd-key.pem --trusted-ca-file=/opt/kubernetes/ssl/ca.pem --peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target#(7)开机启动和设置环境变量
systemctl enable etcd
systemctl start etcd
echo "export PATH=$PATH:/opt/kubernetes/bin" >>/etc/profile
source /etc/profile #(8)验证etcd集群
cd /opt/kubernetes/ssl/
etcdctl --ca-file=ca.pem --cert-file=etcd.pem --key-file=etcd-key.pem --endpoints="https://192.168.19.128:2379,https://192.168.19.129:2379,https://192.168.19.130:2379" cluster-health
原文地址:https://blog.51cto.com/1000682/2357208
时间: 2024-07-31 10:57:04