美文网首页
kubernetes集群搭建三:安装及配置etcd

kubernetes集群搭建三:安装及配置etcd

作者: 开始懂了90 | 来源:发表于2018-12-18 16:58 被阅读0次
    创建etcd证书

    创建证书签名请求文件

    cat > etcd-csr.json <<EOF
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
    "10.39.7.51",
    "10.39.7.52",
    "10.39.7.57"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "Beijing",
      "L": "Beijing",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF
    • hosts 字段指定授权使用该证书的 etcd 节点 IP 或域名列表,这里将 etcd 集群的三个节点 IP 都列在其中

    生成etcd证书

    cd /opt/ssl &&
cfssl gencert -ca=/opt/ssl/ca.pem \
  -ca-key=/opt/ssl/ca-key.pem \
  -config=/opt/ssl/ca-config.json \
  -profile=kubernetes etcd-csr.json | cfssljson -bare etcd

    分发etcd证书

    scp /opt/ssl/* root@10.39.7.52:/etc/kubernetes/ssl/
scp /opt/ssl/* root@10.39.7.57:/etc/kubernetes/ssl/
    安装etcd

    下载 etcd

    export ETCD_URL="https://github.com/coreos/etcd/releases/download"
cd && wget -qO- --progress=bar:force "${ETCD_URL}/v3.2.9/etcd-v3.2.9-linux-amd64.tar.gz" | tar -zx
mv etcd-v3.2.9-linux-amd64/etcd* /usr/local/bin/ && rm -rf etcd-v3.2.9-linux-amd64

    分发

    scp /usr/local/bin/etcd* root@10.39.7.52:/usr/local/bin/
scp /usr/local/bin/etcd* root@10.39.7.57:/usr/local/bin/

    创建 etcd 的 systemd unit 模板文件

    • 主机 k8s-master-51
    cat > /etc/systemd/system/etcd.service << EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
User=root
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/local/bin/etcd \
  --data-dir=/var/lib/etcd \
  --name=k8s-master-51 \
  --cert-file=/etc/kubernetes/ssl/etcd.pem \
  --key-file=/etc/kubernetes/ssl/etcd-key.pem \
  --trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
  --peer-cert-file=/etc/kubernetes/ssl/etcd.pem \
  --peer-key-file=/etc/kubernetes/ssl/etcd-key.pem \
  --peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
  --listen-peer-urls=https://10.39.7.51:2380 \
  --initial-advertise-peer-urls=https://10.39.7.51:2380 \
  --listen-client-urls=https://10.39.7.51:2379,http://127.0.0.1:2379 \
  --advertise-client-urls=https://10.39.7.51:2379 \
  --initial-cluster-token=etcd-k8s-cluster \
  --initial-cluster=k8s-master-51=https://10.39.7.51:2380,k8s-master-52=https://10.39.7.52:2380,k8s-master-57=https://10.39.7.57:2380 \
  --initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF
    • 主机 k8s-master-52
    cat > /etc/systemd/system/etcd.service << EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
User=root
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/local/bin/etcd \
  --data-dir=/var/lib/etcd \
  --name=k8s-master-52 \
  --cert-file=/etc/kubernetes/ssl/etcd.pem \
  --key-file=/etc/kubernetes/ssl/etcd-key.pem \
  --trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
  --peer-cert-file=/etc/kubernetes/ssl/etcd.pem \
  --peer-key-file=/etc/kubernetes/ssl/etcd-key.pem \
  --peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
  --listen-peer-urls=https://10.39.7.52:2380 \
  --initial-advertise-peer-urls=https://10.39.7.52:2380 \
  --listen-client-urls=https://10.39.7.52:2379,http://127.0.0.1:2379 \
  --advertise-client-urls=https://10.39.7.52:2379 \
  --initial-cluster-token=etcd-k8s-cluster \
  --initial-cluster=k8s-master-51=https://10.39.7.51:2380,k8s-master-52=https://10.39.7.52:2380,k8s-master-57=https://10.39.7.57:2380 \
  --initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF
    • 主机 k8s-master-57
    cat > /etc/systemd/system/etcd.service << EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
User=root
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/local/bin/etcd \
  --data-dir=/var/lib/etcd \
  --name=k8s-master-57 \
  --cert-file=/etc/kubernetes/ssl/etcd.pem \
  --key-file=/etc/kubernetes/ssl/etcd-key.pem \
  --trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
  --peer-cert-file=/etc/kubernetes/ssl/etcd.pem \
  --peer-key-file=/etc/kubernetes/ssl/etcd-key.pem \
  --peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
  --listen-peer-urls=https://10.39.7.57:2380 \
  --initial-advertise-peer-urls=https://10.39.7.57:2380 \
  --listen-client-urls=https://10.39.7.57:2379,http://127.0.0.1:2379 \
  --advertise-client-urls=https://10.39.7.57:2379 \
  --initial-cluster-token=etcd-k8s-cluster \
  --initial-cluster=k8s-master-51=https://10.39.7.51:2380,k8s-master-52=https://10.39.7.52:2380,k8s-master-57=https://10.39.7.57:2380 \
  --initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

    创建 etcd 的 WorkingDirectory

    mkdir -pv /var/lib/etcd/

    启动etcd服务

    systemctl daemon-reload
systemctl start etcd
systemctl enable etcd

    查看etcd启动日志: journalctl -f -u etcd

    验证etcd集群

    • 输入
    export CA="/etc/kubernetes/ssl"
ETCDCTL_API=3 etcdctl \
    --cacert=${CA}/etcd.pem \
    --cert=${CA}/etcd.pem \
    --key=${CA}/etcd-key.pem \
    --endpoints="https://10.39.7.51:2379,https://10.39.7.52:2379,https://10.39.7.57:2379" \
    endpoint health
    • 结果
    https://10.39.7.51:2379 is healthy: successfully committed proposal: took = 3.206881ms
https://10.39.7.57:2379 is healthy: successfully committed proposal: took = 1.786664ms
https://10.39.7.52:2379 is healthy: successfully committed proposal: took = 1.953967ms
    • 方法2
    [root@k8s-master-51 ssl]# curl http://127.0.0.1:2379/v2/keys/bian -XPUT -d value="this is etcd test"
{"action":"set","node":{"key":"/bian","value":"this is etcd test","modifiedIndex":11,"createdIndex":11}}
[root@k8s-master-51 ssl]# curl -X GET http://127.0.0.1:2379/v2/keys/bian
{"action":"get","node":{"key":"/bian","value":"this is etcd test","modifiedIndex":11,"createdIndex":11}}
    • 查看etcd leader
    [root@k8s-master-6 tmp]# curl http://127.0.0.1:2379/v2/stats/leader
{"message":"not current leader"}
[root@k8s-master-8 ~]# curl http://127.0.0.1:2379/v2/stats/leader
{"message":"not current leader"}
[root@k8s-master-9 ~]# curl http://127.0.0.1:2379/v2/stats/leader
{"leader":"2e8494ff03b78b1c","followers":{"9d96727b10a9c6b1":{"latency":{"current":0.001582,"average":0.0030155161290322564,"standardDeviation":0.0023266274341806,"minimum":0.000623,"maximum":0.009272},"counts":{"fail":0,"success":31}},"ab59e250c56d7f5":{"latency":{"current":0.000829,"average":0.0027508387096774186,"standardDeviation":0.0016266853314436153,"minimum":0.000827,"maximum":0.005443},"counts":{"fail":0,"success":31}}}}
    • 查看etcd 集群成员
    etcdctl --endpoints=https://10.39.7.51:2379,https://10.39.7.52:2379,https://10.39.7.57:2379\
        --cert-file=/etc/kubernetes/ssl/etcd.pem \
        --ca-file=/etc/kubernetes/ssl/ca.pem \
        --key-file=/etc/kubernetes/ssl/etcd-key.pem \
        member list

    结果

    ab59e250c56d7f5: name=k8s-master-6 peerURLs=https://10.39.7.51:2380 clientURLs=https://10.39.7.51:2379 isLeader=false
2e8494ff03b78b1c: name=k8s-master-9 peerURLs=https://10.39.7.52:2380 clientURLs=https://10.39.7.52:2379 isLeader=true
9d96727b10a9c6b1: name=k8s-master-8 peerURLs=https://10.39.7.57:2380 clientURLs=https://10.39.7.57:2379 isLeader=false

    相关文章

      网友评论

          本文标题:kubernetes集群搭建三:安装及配置etcd

          本文链接:https://www.haomeiwen.com/subject/vumlkqtx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|kubernetes集群搭建三:安装及配置etcd|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!