kuberntes 系統使用 etcd 存儲所有數據,本文檔介紹部署一個三節點高可用 etcd 集群的步驟,這三個節點複用 kubernetes 集群機器k8s-master、k8s-node1、k8s-node2.
1.準備etcd軟件包並分發etcd文件:
<code>[root@k8s-master ~]# cd /usr/local/src [root@k8s-master src]#wget https://github.com/coreos/etcd/releases/download/v3.2.18/etcd-v3.2.18-linux-amd64.tar.gz [root@k8s-master src]# tar zxf etcd-v3.2.18-linux-amd64.tar.gz [root@k8s-master src]# cd etcd-v3.2.18-linux-amd64 [root@k8s-master etcd-v3.2.18-linux-amd64]# cp etcd etcdctl /opt/kubernetes/bin/ [root@k8s-master etcd-v3.2.18-linux-amd64]# scp etcd etcdctl 10.88.0.2:/opt/kubernetes/bin/ [root@k8s-master etcd-v3.2.18-linux-amd64]# scp etcd etcdctl 10.88.0.3:/opt/kubernetes/bin//<code>
2.創建 etcd 證書籤名請求:
<code>[root@k8s-master ~]# cd /usr/local/src/ssl [root@k8s-master ssl]# cat > etcd-csr.json3.生成 etcd 證書和私鑰:
<code>[root@k8s-master ssl]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \ -ca-key=/opt/kubernetes/ssl/ca-key.pem \ -config=/opt/kubernetes/ssl/ca-config.json \ -profile=kubernetes etcd-csr.json | cfssljson -bare etcd 會生成以下證書文件 [root@k8s-master ssl]# ls -l etcd* -rw-r--r-- 1 root root 1062 May 4 19:33 etcd.csr -rw-r--r-- 1 root root 279 May 4 19:33 etcd-csr.json -rw------- 1 root root 1679 May 4 19:33 etcd-key.pem -rw-r--r-- 1 root root 1436 May 4 19:33 etcd.pem/<code>4.將證書移動到/opt/kubernetes/ssl目錄下:
<code>[root@k8s-master ssl]# cp etcd*.pem /opt/kubernetes/ssl [root@k8s-master ssl]# scp etcd*.pem 10.88.0.2:/opt/kubernetes/ssl [root@k8s-master ssl]# scp etcd*.pem 10.88.0.3:/opt/kubernetes/ssl [root@k8s-master ssl]# rm -f etcd.csr etcd-csr.json/<code>5.設置ETCD 配置文件
<code>root@k8s-master ssl]#cat > /opt/kubernetes/cfg/etcd.conf6.創建ETCD系統服務
mkdir -p /var/lib/etcd/
<code>[root@k8s-master ssl]# cat > /etc/systemd/system/etcd.service7.文件分發到兩個node節點中:
<code>[root@k8s-master ~]# scp /opt/kubernetes/cfg/etcd.conf 10.88.0.2:/opt/kubernetes/cfg/ [root@k8s-master ~]# scp /etc/systemd/system/etcd.service 10.88.0.2:/etc/systemd/system/ [root@k8s-master ~]# scp /opt/kubernetes/cfg/etcd.conf 10.88.0.3:/opt/kubernetes/cfg/ [root@k8s-master ~]# scp /etc/systemd/system/etcd.service 10.88.0.3:/etc/systemd/system//<code>8.修改node節點etcd.conf文件,ETCD_NAME改為本機的hostname.ETCD...URLS改為本機的ip地址
在k8s-node1 修改etcd.conf文件
mkdir -p /var/lib/etcd/
<code>[root@k8s-node1 ~]# cat >/opt/kubernetes/cfg/etcd.conf在k8s-node-2節點 修改etcd.conf文件
mkdir -p /var/lib/etcd/
<code>[root@k8s-node-2 ~]# cat >/opt/kubernetes/cfg/etcd.conf9.加載並啟動系統服務(先啟動node節點的ectd服務,然後在啟動master端的etcd服務,避免timeout.):
<code>[root@k8s-master ~]# systemctl daemon-reload [root@k8s-master ~]# systemctl enable etcd [root@k8s-master ~]# systemctl start etcd [root@k8s-master ~]# systemctl status etcd/<code>10.驗證集群
<code>[root@k8s-master ~]#etcdctl --endpoints=https://10.88.0.1:2379 \ --ca-file=/opt/kubernetes/ssl/ca.pem \ --cert-file=/opt/kubernetes/ssl/etcd.pem \ --key-file=/opt/kubernetes/ssl/etcd-key.pem cluster-health/<code>輸出結果:
<code>member 6d4fc213f2c2ae11 is healthy: got healthy result from https://10.88.0.2:2379 member a5765747c7d494a5 is healthy: got healthy result from https://10.88.0.3:2379 member ca66181342ddcde3 is healthy: got healthy result from https://10.88.0.1:2379 cluster is healthy/<code>使用etcdctl member list 來查看集群中的成員列表
<code>[root@k8s-master ~]# etcdctl --endpoints=https://10.88.0.1:2379 --ca-file=/opt/kubernetes/ssl/ca.pem --cert-file=/opt/kubernetes/ssl/etcd.pem --key-file=/opt/kubernetes/ssl/etcd-key.pem member list/<code>輸出結果:
<code>6d4fc213f2c2ae11: name=k8s-node1 peerURLs=https://10.88.0.2:2380 clientURLs=https://10.88.0.2:2379 isLeader=true a5765747c7d494a5: name=k8s-node2 peerURLs=https://10.88.0.3:2380 clientURLs=https://10.88.0.3:2379 isLeader=false ca66181342ddcde3: name=k8s-master peerURLs=https://10.88.0.1:2380 clientURLs=https://10.88.0.1:2379 isLeader=false/<code>至此etcd集群搭建完成!!!