《蹲坑学kubernetes》之8-3：安装部署Etcd

Kubernetes之Log

一、Etcd有三种集群配置方案：

图2：Etcd群集逻辑图

1、静态配置

这种方式比较适用于离线环境，在启动整个集群之前，你就已经预先清楚所要配置的集群大小，以及集群上各节点的地址和端口信息。那么启动时，你就可以通过配置initial-cluster参数进行etcd集群的启动

2、etcd自发现模式

通过自发现的方式启动etcd集群需要事先准备一个etcd集群。如果你已经有一个etcd集群，首先你可以执行命令设定集群的大小

3、DNS自发现模式

etcd还支持使用DNS SRV记录进行启动。关于DNS SRV记录如何进行服务发现，可以参阅RFC2782，所以，你要在DNS服务器上进行相应的配置。

拓扑图如下图所示：

图3：Etcd群集拓扑图

（一）创建 Etcd 证书和私钥

1、创建Etcd证书签名文件

<code>[root@k8s-master ~]# cd /usr/local/kubernetes/ssl/
[root@k8s-master ssl]# vim etcd-csr.json
添加：
{
    "CN": "etcd",
    "hosts": [
        "127.0.0.1",
        "10.0.0.1",
        "192.168.1.1",
        "192.168.1.2",
        "192.168.1.3",
        "k8s-node-1",
        "k8s-node-2",
        "k8s-master",
        "kubernetes",
        "kubernetes.default",
        "kubernetes.default.svc",
        "kubernetes.default.svc.cluster",
        "kubernetes.default.svc.cluster.local"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "BeiJing",
            "ST": "BeiJing",
            "O": "k8s",
            "OU": "System"
        }
    ]
}/<code>

2、生成 etcd 证书和私钥

<code>[root@k8s-master ssl]# cfssl gencert  -ca=/usr/local/kubernetes/ssl/ca.pem  -ca-key=/usr/local/kubernetes/ssl/ca-key.pem  -config=/usr/local/kubernetes/ssl/ca-config.json  -profile=kubernetes /usr/local/kubernetes/ssl/etcd-csr.json | cfssljson -bare etcd/<code>

图4：生成证书和私钥

3、分发etcd证书

<code>[root@k8s-master ssl]# scp etcd*.pem 192.168.1.1:/usr/local/kubernetes/ssl/
[root@k8s-master ssl]# scp etcd*.pem 192.168.1.2:/usr/local/kubernetes/ssl//<code>

（二）安装部署Etcd

<code>[root@k8s-master ~]# mkdir -p /usr/local/kubernetes/{bin,conf,log}
[root@k8s-master ~]# mkdir -p /var/lib/etcd//<code>

1、下载释放Etcd软件

<code>[root@k8s-master ~]# wget https://github.com/etcd-io/etcd/releases/download/v3.3.18/etcd-v3.3.18-linux-amd64.tar.gz
[root@k8s-master ~]# tar -zxvf etcd-v3.3.18-linux-amd64.tar.gz -C /usr/src/
[root@k8s-master ~]# cd /usr/src/etcd-v3.3.18-linux-amd64/
[root@k8s-master ~]# cp etcd etcdctl /usr/local/kubernetes/bin/
 
[root@k8s-master ~]# export ETCDCTL_API=2/<code>

3、创建Etcd配置文件

<code>[root@k8s-master ~]# vim /usr/local/kubernetes/conf/etcd.conf
 添加：
[member]
ETCD_NAME="k8s-master"      #修改为本机主机名
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.1.3:2380"    #修改本机IP地址
ETCD_LISTEN_CLIENT_URLS="https://192.168.1.3:2379,https://127.0.0.1:2379"   #修改本机IP地址
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.3:2380"     #修改本机IP地址
ETCD_INITIAL_CLUSTER="k8s-node-1=https://192.168.1.1:2380,k8s-node-2=https://192.168.1.2:2380,k8s-master=https://192.168.1.3:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.3:2379"               #修改本机IP地址
ETCD_CLIENT_CERT_AUTH="true" 

ETCD_TRUSTED_CA_FILE="/usr/local/kubernetes/ssl/ca.pem"
ETCD_CERT_FILE="/usr/local/kubernetes/ssl/etcd.pem"
ETCD_KEY_FILE="/usr/local/kubernetes/ssl/etcd-key.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_TRUSTED_CA_FILE="/usr/local/kubernetes/ssl/ca.pem"
ETCD_PEER_CERT_FILE="/usr/local/kubernetes/ssl/etcd.pem"
ETCD_PEER_KEY_FILE="/usr/local/kubernetes/ssl/etcd-key.pem"

 

[root@k8s-master ~]# scp /usr/local/kubernetes/conf/etcd.conf [email protected]:/usr/local/kubernetes/conf/
[root@k8s-master ~]# scp /usr/local/kubernetes/conf/etcd.conf [email protected]:/usr/local/kubernetes/conf//<code>

4、创建Etcd服务配置文件

<code>[root@k8s-master ~]# vim /usr/lib/systemd/system/etcd.service（或者vim /etc/systemd/system/etcd.service）
 添加：
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos 

[Service]
Type=notify
WorkingDirectory=/var/lib/etcd
EnvironmentFile=-/usr/local/kubernetes/conf/etcd.conf
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/local/kubernetes/bin/etcd"
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target


[root@k8s-master ~]# scp /usr/lib/systemd/system/etcd.service [email protected]:/usr/lib/systemd/system/
[root@k8s-master ~]# scp /usr/lib/systemd/system/etcd.service [email protected]:/usr/lib/systemd/system//<code>

5、启动Etcd服务

<code>[root@k8s-master ~]# systemctl enable --now etcd.service
或者 

[root@k8s-master ~]# systemctl enable etcd
[root@k8s-master ~]# systemctl start etcd/<code>

6、查看Etcd服务运行状态

<code>[root@k8s-master ~]# systemctl status etcd/<code>

图5：查看Etcd运行状态

<code>[root@k8s-master ~]# netstat -anpt | grep etcd/<code>

图6：查看Etcd运行状态

<code>[root@k8s-master ~]# netstat -tlnp |grep etcd/<code>

图7：查看Etcd运行状态

<code>[root@k8s-master ~]# etcd -version/<code>

图8：查看Etcd版本

7、验证：

验证Etcd群集健康状态

<code>[root@k8s-master ~]# etcdctl --ca-file=/usr/local/kubernetes/ssl/ca.pem --cert-file=/usr/local/kubernetes/ssl/etcd.pem --key-file=/usr/local/kubernetes/ssl/etcd-key.pem --endpoints=https://192.168.1.1:2379,https://192.168.1.2:2379,https://192.168.1.3:2379  cluster-health/<code>

图9：查看Etcd群集健康状态

<code>[root@k8s-master ~]# etcdctl --ca-file=/usr/local/kubernetes/ssl/ca.pem --cert-file=/usr/local/kubernetes/ssl/etcd.pem --key-file=/usr/local/kubernetes/ssl/etcd-key.pem --endpoints=https://192.168.1.1:2379,https://192.168.1.2:2379,https://192.168.1.3:2379  member list/<code>

图10：查看Etcd群集列表

閱讀更多 DoDo在線 的文章

關鍵字: Linux Wget DNS