k8s(5):k8s安装(四)部署ETCD
1.下载etcd二进制安装文件(所有master)
[root@master-1 ~]# mkdir -p /soft && cd /soft [root@master-1 ~]# wget https://github.com/etcd-io/etcd/releases/download/v3.3.10/etcd-v3.3.10-linux-amd64.tar.gz [root@master-1 ~]# tar -xvf etcd-v3.3.10-linux-amd64.tar.gz [root@master-1 ~]# cd etcd-v3.3.10-linux-amd64/ [root@master-1 ~]# cp etcd etcdctl /usr/local/bin/
2. 编辑etcd配置文件(所有master)
#注意修改每个节点的ETCD_NAME #注意修改每个节点的监听地址 [root@master-1 ~]# mkdir -p /etc/etcd/{cfg,ssl} [root@master-1 ~]# for i in master-2 master-3;do ssh $i mkdir -p /etc/etcd/{cfg,ssl};done [root@master-1 ~]# cat >/etc/etcd/cfg/etcd.conf<<EOFL #[Member] ETCD_NAME="master-1" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://172.31.7.41:2380" ETCD_LISTEN_CLIENT_URLS="https://172.31.7.41:2379,http://172.31.7.41:2390" #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.31.7.41:2380" ETCD_ADVERTISE_CLIENT_URLS="https://172.31.7.41:2379" ETCD_INITIAL_CLUSTER="master-1=https://172.31.7.41:2380,master-2=https://172.31.7.42:2380,master-3=https://172.31.7.43:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new" EOFL
3. 创建ETCD的系统启动服务(所有master)
[root@master-1 ~]# cat > /usr/lib/systemd/system/etcd.service<<EOFL [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target [Service] Type=notify EnvironmentFile=/etc/etcd/cfg/etcd.conf ExecStart=/usr/local/bin/etcd \ --name=\${ETCD_NAME} \ --data-dir=\${ETCD_DATA_DIR} \ --listen-peer-urls=\${ETCD_LISTEN_PEER_URLS} \ --listen-client-urls=\${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \ --advertise-client-urls=\${ETCD_ADVERTISE_CLIENT_URLS} \ --initial-advertise-peer-urls=\${ETCD_INITIAL_ADVERTISE_PEER_URLS} \ --initial-cluster=\${ETCD_INITIAL_CLUSTER} \ --initial-cluster-token=\${ETCD_INITIAL_CLUSTER_TOKEN} \ --initial-cluster-state=new \ --cert-file=/etc/etcd/ssl/server.pem \ --key-file=/etc/etcd/ssl/server-key.pem \ --peer-cert-file=/etc/etcd/ssl/server.pem \ --peer-key-file=/etc/etcd/ssl/server-key.pem \ --trusted-ca-file=/etc/etcd/ssl/ca.pem \ --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target EOFL
4. 复制etcd证书到指定目录
[root@master-1 ~]# mkdir -p /etc/etcd/ssl/ [root@master-1 ~]# \cp /root/etcd/*pem /etc/etcd/ssl/ -rf #复制etcd证书到每个节点 [root@master-1 ~]# for i in master-2 master-3 node-1 node-2;do ssh $i mkdir -p /etc/etcd/{cfg,ssl};done [root@master-1 ~]# for i in master-2 master-3 node-1 node-2;do scp /etc/etcd/ssl/* $i:/etc/etcd/ssl/;done [root@master-1 ~]# for i in master-2 master-3 node-1 node-2;do echo $i "------>"; ssh $i ls /etc/etcd/ssl;done
5. 启动etcd (所有节点)
[root@master-1 ~]# chkconfig etcd on [root@master-1 ~]# service etcd start [root@master-1 ~]# service etcd status
6. 检查etcd 集群是否运行正常
[root@master-1 ~]# etcdctl --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/server.pem \ --key-file=/etc/etcd/ssl/server-key.pem --endpoints="https://172.31.7.41:2379" cluster-health member bcef4c3b581e1d2e is healthy: got healthy result from https://172.31.7.41:2379 member d99a26304cec5ace is healthy: got healthy result from https://172.31.7.42:2379 member fc4e801f28271758 is healthy: got healthy result from https://172.31.7.43:2379 cluster is healthy
7. 创建Docker所需分配POD 网段 (任意master节点)
[root@master-2 ~]# etcdctl --ca-file=/etc/etcd/ssl/ca.pem \ --cert-file=/etc/etcd/ssl/server.pem --key-file=/etc/etcd/ssl/server-key.pem \ --endpoints="https://172.31.7.41:2379,https://172.31.7.42:2379,https://172.31.7.43:2379" \ set /coreos.com/network/config \ '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}' #检查是否建立网段 [root@master-2 etcd-v3.3.10-linux-amd64]# etcdctl \ --endpoints=https://172.31.7.41:2379,https://172.31.7.42:2379,https://172.31.7.43:2379 \ --ca-file=/etc/etcd/ssl/ca.pem \ --cert-file=/etc/etcd/ssl/server.pem \ --key-file=/etc/etcd/ssl/server-key.pem \ get /coreos.com/network/config { "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}
posted on 2021-05-08 18:29 torotoise512 阅读(430) 评论(0) 收藏 举报
浙公网安备 33010602011771号