etcd
安装etcd
wget https://github.com/etcd-io/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz
tar -xvf etcd-v3.3.9-linux-amd64.tar.gz
mv etcd-v3.3.9-linux-amd64/etcd* /usr/local/bin/
创建etcd启动文件
cat > /usr/lib/systemd/system/etcd.service << EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/local/bin/etcd \ --name k8s-master \ --cert-file=/etc/kubernetes/ssl/kubernetes.pem \ --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \ --peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \ --peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \ --trusted-ca-file=/etc/kubernetes/ssl/ca.pem \ --peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \ --initial-advertise-peer-urls https://172.16.20.206:2380 \ --listen-peer-urls https://172.16.20.206:2380 \ --listen-client-urls https://172.16.20.206:2379,http://127.0.0.1:2379 \ --advertise-client-urls https://172.16.20.206:2379 \ --initial-cluster-token etcd-cluster \ --initial-cluster k8s-master=https://172.16.20.206:2380,k8s-node1=https://172.16.20.207:2380,k8s-node2=https://172.16.20.208:2380 \ --initial-cluster-state new \ --data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
#####说明
etcd 的数据目录为 /var/lib/etcd,需在启动服务前创建这个目录,否则启动服务的时候会报错“Failed at step CHDIR spawning /usr/bin/etcd: No such file or directory”;
--name 选项后面的名字要和当前主机名相同
--initial-advertise-peer-urls,--listen-peer-urls,--listen-client-urls,--listen-client-urls,--advertise-client-urls,必须为本机IP
--initial-cluster 注意集群IP和主机名的对应关系
#####说明
指定 etcd 的工作目录为 /var/lib/etcd,数据目录为 /var/lib/etcd,需在启动服务前创建这两个目录;
为了保证通信安全,需要指定 etcd 的公私钥(cert-file和key-file)、Peers 通信的公私钥和 CA 证书(peer-cert-file、peer-key-file、peer-trusted-ca-file)、客户端的CA证书(trusted-ca-file);
创建 kubernetes.pem 证书时使用的 kubernetes-csr.json 文件的 hosts 字段包含所有 etcd 节点的IP,否则证书校验会出错;
--initial-cluster-state 值为 new 时,--name 的参数值必须位于 --initial-cluster 列表中;
分发到各个节点
分发etcd.service , etcd.conf,/usr/local/bin/etcd* 到各个节点的对应目录;修改etcd.conf的对应配合为当前节点信息。
scp -r /usr/local/bin/etcd* k8s-node1:/usr/local/bin/
scp -r /usr/local/bin/etcd* k8s-node2:/usr/local/bin/
scp -r /etc/etcd k8s-node1:/etc/
scp -r /etc/etcd k8s-node2:/etc/
scp /usr/lib/systemd/system/etcd.service k8s-node1:/usr/lib/systemd/system/
scp /usr/lib/systemd/system/etcd.service k8s-node2:/usr/lib/systemd/system/
启动etcd
所有节点执行
systemctl daemon-reload
systemctl start etcd
systemctl status etcd
systemctl enable etcd
验证
etcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem cluster-health
member 4cc910cd64041b9f is healthy: got healthy result from https://172.16.20.206:2379
member 71e662482c67f8f0 is healthy: got healthy result from https://172.16.20.207:2379
member d3813a08e230ddef is healthy: got healthy result from https://172.16.20.208:2379
cluster is healthy
###### 清除所有数据
etcdctl del / --prefix
原文地址:https://blog.51cto.com/phospherus/2445744