二进制部署kubernetes v1.30.2集群 四、ETCD集群部署
ETCD集群部署
在3个master节点中执行以下操作
1、下载etcd二进制包
cd /data/src
wget https://github.com/etcd-io/etcd/releases/download/v3.5.15/etcd-v3.5.15-linux-amd64.tar.gz
2、创建etcd服务使用目录,并解压,配置环境变量
tar zxf etcd-v3.5.15-linux-amd64.tar.gz cp etcd-v3.5.15-linux-amd64/etcd* /data/etcd/bin/ echo "export PATH=/data/etcd/bin:\$PATH" > /etc/profile.d/etcd.sh source /etc/profile.d/etcd.sh
3、创建etcd配置文件
仅在k8s-master01中执行
cat > /data/etcd/conf/etcd.conf << EOF name: 'k8s-master01' data-dir: /data/etcd/data listen-peer-urls: 'https://192.168.110.21:2380' listen-client-urls: 'https://192.168.110.21:2379,http://127.0.0.1:2379' initial-advertise-peer-urls: 'https://192.168.110.21:2380' advertise-client-urls: 'https://192.168.110.21:2379' initial-cluster: 'k8s-master01=https://192.168.110.21:2380,k8s-master02=https://192.168.110.22:2380,k8s-master03=https://192.168.110.23:2380' initial-cluster-token: 'k8s-etcd-cluster' initial-cluster-state: 'new' enable-v2: true client-transport-security: cert-file: '/data/etcd/ssl/etcd.pem' key-file: '/data/etcd/ssl/etcd-key.pem' client-cert-auth: true trusted-ca-file: '/data/etcd/ssl/ca.pem' auto-tls: true peer-transport-security: cert-file: '/data/etcd/ssl/etcd.pem' key-file: '/data/etcd/ssl/etcd-key.pem' peer-client-cert-auth: true trusted-ca-file: '/data/etcd/ssl/ca.pem' auto-tls: true EOF
仅在k8s-master02中执行
cat > /data/etcd/conf/etcd.conf << EOF name: 'k8s-master02' data-dir: /data/etcd/data listen-peer-urls: 'https://192.168.110.22:2380' listen-client-urls: 'https://192.168.110.22:2379,http://127.0.0.1:2379' initial-advertise-peer-urls: 'https://192.168.110.22:2380' advertise-client-urls: 'https://192.168.110.22:2379' initial-cluster: 'k8s-master01=https://192.168.110.21:2380,k8s-master02=https://192.168.110.22:2380,k8s-master03=https://192.168.110.23:2380' initial-cluster-token: 'k8s-etcd-cluster' initial-cluster-state: 'new' enable-v2: true client-transport-security: cert-file: '/data/etcd/ssl/etcd.pem' key-file: '/data/etcd/ssl/etcd-key.pem' client-cert-auth: true trusted-ca-file: '/data/etcd/ssl/ca.pem' auto-tls: true peer-transport-security: cert-file: '/data/etcd/ssl/etcd.pem' key-file: '/data/etcd/ssl/etcd-key.pem' peer-client-cert-auth: true trusted-ca-file: '/data/etcd/ssl/ca.pem' auto-tls: true EOF
仅在k8s-master03中执行
cat > /data/etcd/conf/etcd.conf << EOF name: 'k8s-master03' data-dir: /data/etcd/data listen-peer-urls: 'https://192.168.110.23:2380' listen-client-urls: 'https://192.168.110.23:2379,http://127.0.0.1:2379' initial-advertise-peer-urls: 'https://192.168.110.23:2380' advertise-client-urls: 'https://192.168.110.23:2379' initial-cluster: 'k8s-master01=https://192.168.110.21:2380,k8s-master02=https://192.168.110.22:2380,k8s-master03=https://192.168.110.23:2380' initial-cluster-token: 'k8s-etcd-cluster' initial-cluster-state: 'new' enable-v2: true client-transport-security: cert-file: '/data/etcd/ssl/etcd.pem' key-file: '/data/etcd/ssl/etcd-key.pem' client-cert-auth: true trusted-ca-file: '/data/etcd/ssl/ca.pem' auto-tls: true peer-transport-security: cert-file: '/data/etcd/ssl/etcd.pem' key-file: '/data/etcd/ssl/etcd-key.pem' peer-client-cert-auth: true trusted-ca-file: '/data/etcd/ssl/ca.pem' auto-tls: true EOF
4、创建etcd服务的systemd管理文件
cat > /usr/lib/systemd/system/etcd.service << EOF [Unit] Description=Etcd Service After=network.target [Service] Type=notify ExecStart=/data/etcd/bin/etcd --config-file=/data/etcd/conf/etcd.conf Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target Alias=etcd3.service EOF
5、启动etcd服务,设置开机启动
systemctl start etcd
systemctl enable etcd
6、验证
etcdctl \
--endpoints=https://192.168.110.21:2379,https://192.168.110.22:2379,https://192.168.110.23:2379 \
--cacert=/data/etcd/ssl/ca.pem \
--cert=/data/etcd/ssl/etcd.pem \
--key=/data/etcd/ssl/etcd-key.pem \
endpoint health
浙公网安备 33010602011771号