手动安装K8s第三节:etcd集群部署

准备安装包
https://github.com/coreos/etcd
版本:3.2.18
wget https://github.com/coreos/etcd/releases/download/v3.2.18/etcd-v3.2.18-linux-amd64.tar.gz

0、安装
[[email protected] src]# tar zxf etcd-v3.2.18-linux-amd64.tar.gz
[[email protected] src]# cd etcd-v3.2.18-linux-amd64
[[email protected] etcd-v3.2.18-linux-amd64]# ls
Documentation etcd etcdctl README-etcdctl.md README.md READMEv2-etcdctl.md
[[email protected] etcd-v3.2.18-linux-amd64]#

[[email protected] etcd-v3.2.18-linux-amd64]# cp etcd etcdctl /opt/kubernetes/bin/
[[email protected] etcd-v3.2.18-linux-amd64]# scp etcd etcdctl k8snode1:/opt/kubernetes/bin/
[[email protected] etcd-v3.2.18-linux-amd64]# scp etcd etcdctl k8snode2:/opt/kubernetes/bin/

1、创建 etcd 证书签名请求:
[[email protected] ssl]# pwd
/usr/local/src/ssl

[[email protected] ssl]# vim etcd-csr.json

{
"CN": "etcd",
"hosts": [
"127.0.0.1",
"192.168.137.171",
"192.168.137.201",
"192.168.137.198"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}

2、生成 etcd 证书和私钥:
[[email protected] ssl]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
-ca-key=/opt/kubernetes/ssl/ca-key.pem \
-config=/opt/kubernetes/ssl/ca-config.json \
-profile=kubernetes etcd-csr.json | cfssljson -bare etcd

2018/06/12 17:49:55 [INFO] generate received request
2018/06/12 17:49:55 [INFO] received CSR
2018/06/12 17:49:55 [INFO] generating key: rsa-2048
2018/06/12 17:49:56 [INFO] encoded CSR
2018/06/12 17:49:56 [INFO] signed certificate with serial number 436752967180796317929734672346870544021189509062
2018/06/12 17:49:56 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
*注意:上面WARRING忽略

生成证书:etcd.per,etcd-key.pem
[[email protected] ssl]# ll
-rw-r--r-- 1 root root 1062 Jun 12 17:49 etcd.csr
-rw-r--r-- 1 root root 293 Jun 12 17:46 etcd-csr.json
-rw------- 1 root root 1679 Jun 12 17:49 etcd-key.pem
-rw-r--r-- 1 root root 1436 Jun 12 17:49 etcd.pem

3、将证书移动到/opt/kubernetes/ssl目录下
[[email protected] ssl]# cp etcd.pem /opt/kubernetes/ssl
[[email protected] ssl]# scp etcd
.pem k8snode1:/opt/kubernetes/ssl
[[email protected] ssl]# scp etcd*.pem k8snode2:/opt/kubernetes/ssl

[[email protected] ssl]# rm -f etcd.csr etcd-csr.json

4、设置ETCD配置文件
[[email protected] ~]# vim /opt/kubernetes/cfg/etcd.conf

#[member]
ETCD_NAME="etcd-node1" #修改为不同的名字
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_SNAPSHOT_COUNTER="10000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
ETCD_LISTEN_PEER_URLS="https://192.168.137.171:2380" #修改为本机IP地址
ETCD_LISTEN_CLIENT_URLS="https://192.168.137.171:2379,https://127.0.0.1:2379" #修改为本机IP地址
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
#ETCD_CORS=""
#[cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.137.171:2380" #修改为本机IP地址

if you use different ETCD_NAME (e.g. test),

set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."

ETCD_INITIAL_CLUSTER="etcd-node1=https://192.168.137.171:2380,etcd-node2=https://192.168.137.201:2380,etcd-node3=https://192.168.137.198:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.137.171:2379" #修改为本机IP地址
#[security]
CLIENT_CERT_AUTH="true"
ETCD_CA_FILE="/opt/kubernetes/ssl/ca.pem"
ETCD_CERT_FILE="/opt/kubernetes/ssl/etcd.pem"
ETCD_KEY_FILE="/opt/kubernetes/ssl/etcd-key.pem"
PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_CA_FILE="/opt/kubernetes/ssl/ca.pem"
ETCD_PEER_CERT_FILE="/opt/kubernetes/ssl/etcd.pem"
ETCD_PEER_KEY_FILE="/opt/kubernetes/ssl/etcd-key.pem"

将配置文件复制到其它节点,按上面标注进行修改
[[email protected] ~]# scp /opt/kubernetes/cfg/etcd.conf k8snode1:/opt/kubernetes/cfg/etcd.conf
[[email protected] ~]# scp /opt/kubernetes/cfg/etcd.conf k8snode2:/opt/kubernetes/cfg/etcd.conf

创建etcd.service
[[email protected] ~]# vim /etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target

[Service]
Type=simple
WorkingDirectory=/var/lib/etcd
EnvironmentFile=-/opt/kubernetes/cfg/etcd.conf

set GOMAXPROCS to number of processors

ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /opt/kubernetes/bin/etcd"
Type=notify

[Install]
WantedBy=multi-user.target

6、重新加载系统服务
[[email protected] ~]# scp /etc/systemd/system/etcd.service k8snode1:/etc/systemd/system/
[[email protected] ~]# scp /etc/systemd/system/etcd.service k8snode2:/etc/systemd/system/

在所有节点上创建etcd存储目录并启动etcd

systemctl daemon-reload

mkdir /var/lib/etcd

systemctl start etcd

systemctl enable etcd

systemctl status etcd

7、验证集群
[[email protected] ~]# etcdctl --endpoints=https://192.168.137.171:2379 \
--ca-file=/opt/kubernetes/ssl/ca.pem \
--cert-file=/opt/kubernetes/ssl/etcd.pem \
--key-file=/opt/kubernetes/ssl/etcd-key.pem cluster-health

member 3365586f3ad09ed8 is healthy: got healthy result from https://192.168.137.201:2379
member 80ecb1efc62e0556 is healthy: got healthy result from https://192.168.137.171:2379
member 851e1a89f7240e3a is healthy: got healthy result from https://192.168.137.198:2379
cluster is healthy

[[email protected] ~]# etcdctl --endpoints=https://192.168.137.171:2379 \
--ca-file=/opt/kubernetes/ssl/ca.pem \
--cert-file=/opt/kubernetes/ssl/etcd.pem \
--key-file=/opt/kubernetes/ssl/etcd-key.pem member list

3365586f3ad09ed8: name=etcd-node2 peerURLs=https://192.168.137.201:2380 clientURLs=https://192.168.137.201:2379 isLeader=false
80ecb1efc62e0556: name=etcd-node1 peerURLs=https://192.168.137.171:2380 clientURLs=https://192.168.137.171:2379 isLeader=true
851e1a89f7240e3a: name=etcd-node3 peerURLs=https://192.168.137.198:2380 clientURLs=https://192.168.137.198:2379 isLeader=false

[[email protected] ~]# vim etcdctl.sh

etcdctl cluster-health

etcdctl --endpoints=https://192.168.137.171:2379 \
--ca-file=/opt/kubernetes/ssl/ca.pem \
--cert-file=/opt/kubernetes/ssl/etcd.pem \
--key-file=/opt/kubernetes/ssl/etcd-key.pem cluster-health

etcdctl member list

etcdctl --endpoints=https://192.168.137.171:2379 \
--ca-file=/opt/kubernetes/ssl/ca.pem \
--cert-file=/opt/kubernetes/ssl/etcd.pem \
--key-file=/opt/kubernetes/ssl/etcd-key.pem member list

在node节点上查看端口状态
[[email protected] ~]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.137.171:2379 0.0.0.0: LISTEN 3955/etcd
tcp 0 0 127.0.0.1:2379 0.0.0.0:
LISTEN 3955/etcd
tcp 0 0 192.168.137.171:2380 0.0.0.0: LISTEN 3955/etcd
tcp 0 0 0.0.0.0:22 0.0.0.0:
LISTEN 1154/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0: LISTEN 1239/master
tcp6 0 0 :::22 :::
LISTEN 1154/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1239/master

原文地址:http://blog.51cto.com/andyliu/2129065

时间: 2024-10-08 21:14:55

手动安装K8s第三节:etcd集群部署的相关文章

k8s v1.13.4 集群部署

部署环境 主机节点清单 服务器名 ip地址 etcd K8S server K8s node node01 172.16.50.111 Y Y node02 172.16.50.113 Y Y node03 172.16.50.115 Y Y node04 172.16.50.116 Y node05 172.16.50.118 Y node06 172.16.50.120 Y node07 172.16.50.128 Y 版本信息 Linux版本:CentOS 7.6.1810 内核版本:3.

Kubernetes部署(四):ETCD集群部署

手动部署ETCD集群 0.准备etcd软件包 [[email protected] k8s]# wget https://github.com/coreos/etcd/releases/download/v3.2.18/etcd-v3.2.18-linux-amd64.tar.gz [[email protected] k8s]# tar zxf etcd-v3.2.18-linux-amd64.tar.gz [[email protected] k8s]# cd etcd-v3.2.18-li

etcd 集群部署

关于etcd的介绍,我这里就不做介绍.百度一下即可,主要还是讲一下部署. 一.环境介绍 1.1 主机环境 IP地址 主机名 角色 备注 192.168.15.131 k8s-master01 k8s-master/etcd_cluster01   192.168.15.132 k8s-master02 k8s-master/etcd_cluster01   192.168.15.133 k9s-master03 k8s-master/etcd_cluster01   提示:这样命名主要是因为部署

etcd集群部署与遇到的坑

在k8s集群中使用了etcd作为数据中心,在实际操作中遇到了一些坑.今天记录一下,为了以后更好操作. ETCD参数说明 —data-dir 指定节点的数据存储目录,这些数据包括节点ID,集群ID,集群初始化配置,Snapshot文件,若未指定—wal-dir,还会存储WAL文件: —wal-dir 指定节点的was文件的存储目录,若指定了该参数,wal文件会和其他数据文件分开存储. —name 节点名称 —initial-advertise-peer-urls 告知集群其他节点url. — li

etcd集群部署与遇到的坑(转)

在k8s集群中使用了etcd作为数据中心,在实际操作中遇到了一些坑.今天记录一下,为了以后更好操作. ETCD参数说明 —data-dir 指定节点的数据存储目录,这些数据包括节点ID,集群ID,集群初始化配置,Snapshot文件,若未指定—wal-dir,还会存储WAL文件: —wal-dir 指定节点的was文件的存储目录,若指定了该参数,wal文件会和其他数据文件分开存储. —name 节点名称 —initial-advertise-peer-urls 告知集群其他节点url. — li

ETCD集群部署

ETCD 聚群部署 1.环境 172.16.50.121 morepay01 CentOS 7.4.1708 172.16.50.122 morepay02 CentOS 7.4.1708 172.16.50.123 morepay03 CentOS 7.4.1708 2.部署 2.1 软件安装 yum install etcd -y && mkdir /data/etcd -p && chown etcd:etcd /data/etcd 2.2 配置文件修改 /etc/e

004.etcd集群部署-动态发现

一 etcd发现简介 1.1 需求背景 在实际环境中,集群成员的ip可能不会提前知道.如使用dhcp自动获取的情况,在这些情况下,使用自动发现来引导etcdetcd集群,而不是指定静态配置,这个过程被称为"发现". etcd Discovery 使用已有的 etcd cluster 来注册和启动 DNS发现 使用 DNS 启动. 1.2 实现机制 Discovery service protocol帮助新的etcd成员使用共享URL在集群引导阶段发现所有其他成员. 该协议使用新的发现令

手动安装Sharepoint2013并配置Sharepoint集群的第二台web服务器

手动安装第二台中文版本sharepoint2013(未连接互联网,仅连接局域网,局域网内可以远程),使用与(第一台sharepoint2013)相同的数据库BD-SQL01, 注:在连接互联网情况下很多插件可以自动下载并安装,可略过,这里主要解决手动安装问题. 1.首先确保.NetFramework3.5已经安装,如果没有安装,请打开服务器管理器,添加角色和功能进行安装. 2.手动安装SharePoint2013 未连接互联网情况下手动安装SharePoint2013预安装文件.首先将下载好将s

K8S实践Ⅷ(HA集群部署)

一.环境准备 1.集群规划 主机名 IP 角色 VIP 20.0.20.200 master-VIP k8s-master01 20.0.20.201 master k8s-master02 20.0.20.202 master k8s-master03 20.0.20.203 master k8s-node01 20.0.20.204 node k8s-node02 20.0.20.205 node k8s-node03 20.0.20.206 node 2.基础环境配置 关闭防火墙 关闭se